danabot | 777516469e953cb8ef945f558388aa27a4bb0e4849d35295a54fa9b104916c73

Resubmissions

04-08-2024 01:11

240804-bkcntswdkh 10

04-08-2024 01:08

240804-bhmq1swcqa 5

Analysis

max time kernel
433s
max time network
436s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04-08-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Muse_Hub.exe
Size

42.8MB
MD5

f6a5eeafe3927f8b60edd4710f472526
SHA1

90990dc31a9ce75456d68653309e4b37291bf54e
SHA256

777516469e953cb8ef945f558388aa27a4bb0e4849d35295a54fa9b104916c73
SHA512

03efbe3004b1434fa13e230b1c8f8526cfafeb94ee6d9a4e1b65ab316d183e86c39d1af0def4a48d3d65d186d5f7b3c76352b57ae40288e9171893ca58c9f4e4
SSDEEP

786432:WxfDPC5XlW/BIWj9Tp+V9w/PHyNmG3i+QpNT0Oxwkyh2YvLYpv1A8AmZ4HEleUau:WxfD6yaeYV9EKNmG3iYOGke2+0nA8AmR

Score

10^/10

danabot banker discovery evasion ransomware trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow	pid	Process
301	5820	rundll32.exe

Disables Task Manager via registry modification
evasion

Drops file in Drivers directory 2 IoCs

Processes:

Gnil.exe

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

Processes:

flow	ioc
262	raw.githubusercontent.com
263	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 3 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

$uckyLocker.exe$uckyLocker.exe$uckyLocker.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

Suspicious use of NtCreateThreadExHideFromDebugger 3 IoCs

Processes:

Muse.exe

pid	Process
536	Muse.exe
536	Muse.exe
536	Muse.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

Muse.exe

pid	Process
536	Muse.exe
536	Muse.exe
536	Muse.exe
536	Muse.exe
536	Muse.exe

Executes dropped EXE 5 IoCs

Processes:

EXE_NETCORECHECK.EXE$uckyLocker.exe$uckyLocker.exe$uckyLocker.exespoclsv.exe

pid	Process
3364	EXE_NETCORECHECK.EXE
4776	$uckyLocker.exe
3684	$uckyLocker.exe
2888	$uckyLocker.exe
5752	spoclsv.exe

Loads dropped DLL 4 IoCs

Processes:

regsvr32.exerundll32.exe

pid	Process
5564	regsvr32.exe
5564	regsvr32.exe
5820	rundll32.exe
5820	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
3704	724	WerFault.exe	223
2952	2704	WerFault.exe	228
5940	5108	WerFault.exe	231

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

WinNuke.98.exeAvoid.exeRdrCEF.exeRdrCEF.exeDanaBot.exe$uckyLocker.exeWinNuke.98.exeFlasher.exeRdrCEF.exeRdrCEF.exeregsvr32.exe$uckyLocker.exeAvoid.exeAcroRd32.exeYouAreAnIdiot.exerundll32.exeAvoid.exeGnil.exeRdrCEF.exeRdrCEF.exeYouAreAnIdiot.exe$uckyLocker.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flasher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEAcroRd32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exeWINWORD.EXEchrome.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133672075654072912"	chrome.exe

Modifies registry class 4 IoCs

Processes:

Muse.exemsedge.exemsedge.exeOpenWith.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\muse.musehub_rb9pth70m6nz6\ResourcesConfig\OverrideLanguagesList = "en-US"	Muse.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{62EB0A4D-E2E2-4009-81C5-EC5EA920299E}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{0A72E68E-7201-4E82-A14E-D312903CB945}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 257086.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

vlc.exeWINWORD.EXE

pid	Process
4572	vlc.exe
3240	WINWORD.EXE
3240	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 53 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeGnil.exespoclsv.exeAcroRd32.exe

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
3300	msedge.exe
3300	msedge.exe
3576	msedge.exe
3576	msedge.exe
6096	msedge.exe
6096	msedge.exe
5360	msedge.exe
5360	msedge.exe
3612	msedge.exe
3612	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
3348	msedge.exe
3348	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
2912	msedge.exe
2912	msedge.exe
4900	msedge.exe
4900	msedge.exe
1536	Gnil.exe
1536	Gnil.exe
1536	Gnil.exe
1536	Gnil.exe
1536	Gnil.exe
1536	Gnil.exe
5752	spoclsv.exe
5752	spoclsv.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

vlc.exeDesktopBoom.exeOpenWith.exe

pid	Process
4572	vlc.exe
5920	DesktopBoom.exe
5536	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
1192	chrome.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of AdjustPrivilegeToken 57 IoCs

Processes:

Muse.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	536	Muse.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SetWindowsHookEx 31 IoCs

Processes:

vlc.exeWINWORD.EXEOpenWith.exeAcroRd32.exe

pid	Process
4572	vlc.exe
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
3240	WINWORD.EXE
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
5536	OpenWith.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe
2632	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Muse_Hub.exechrome.exe

description	pid	Process	procid_target
PID 3656 wrote to memory of 3364	3656	Muse_Hub.exe	86
PID 3656 wrote to memory of 3364	3656	Muse_Hub.exe	86
PID 1192 wrote to memory of 3212	1192	chrome.exe	98
PID 1192 wrote to memory of 3212	1192	chrome.exe	98
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 1516	1192	chrome.exe	99
PID 1192 wrote to memory of 4640	1192	chrome.exe	100
PID 1192 wrote to memory of 4640	1192	chrome.exe	100
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101
PID 1192 wrote to memory of 2608	1192	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe
"C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3656
- C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE
  -N Microsoft.WindowsDesktop.App -v 8.0.0
  2⤵
  - Executes dropped EXE
  PID:3364

C:\Program Files\WindowsApps\Muse.MuseHub_2.0.15.1305_x64__rb9pth70m6nz6\Muse.exe
"C:\Program Files\WindowsApps\Muse.MuseHub_2.0.15.1305_x64__rb9pth70m6nz6\Muse.exe"
1⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa0952cc40,0x7ffa0952cc4c,0x7ffa0952cc58
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3324,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4040,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5088,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4516,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,7746828482241509780,5395948096486602490,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa061d46f8,0x7ffa061d4708,0x7ffa061d4718
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5745764937783283060,15896786278658589886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5252

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa061d46f8,0x7ffa061d4708,0x7ffa061d4718
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Sets desktop wallpaper using registry
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4776
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Sets desktop wallpaper using registry
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,16025900844842914912,12486079490998834849,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3508 /prefetch:8
  2⤵
  PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x300
1⤵
PID:4392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3624

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\UseLock.asf"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4572

C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
1⤵
- Sets desktop wallpaper using registry
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2888

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4836

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5096

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3240

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1536
- C:\Windows\SysWOW64\drivers\spoclsv.exe
  C:\Windows\system32\drivers\spoclsv.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5752

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5580

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Flasher.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Flasher.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3268

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\DesktopBoom.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5920

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5596

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:6092

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\Avoid.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5536
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\AxInterop.ShockwaveFlashObjects.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2632
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1288
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=108380CFE6619932FCD00399059F18FF --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2532
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F1EDDB6FC1C66546D75A48F932D4F8D2 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F1EDDB6FC1C66546D75A48F932D4F8D2 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:3364
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6608779A256FE038872B2EA3C49F14B3 --mojo-platform-channel-handle=2144 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2796
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=267D6F90C7D6AF46B26D2BEC88819537 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5924
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4565607B8008878A8DB4B2A131249E2 --mojo-platform-channel-handle=2388 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 1500
  2⤵
  - Program crash
  PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 724 -ip 724
1⤵
PID:4364

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 1540
  2⤵
  - Program crash
  PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 2704 -ip 2704
1⤵
PID:4920

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\DanaBot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5108
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.exe@5108
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:5564
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\THE-MA~1\THE-MA~1\BANKIN~1\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5820
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 456
  2⤵
  - Program crash
  PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 5108 -ip 5108
1⤵
PID:5804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b6fcf28b512535c9b0e7a01b49ce11f8

SHA1
3e9febf3a70d695e353265a1e4fa9a2cbc2bfdc1

SHA256
6354163971bbfcd1cf2a96aff721e9e477584c27ad31d2105caa019969196fe8

SHA512
2e527dbca64972b0a4cf19fbd4bf5db00602c936ec7f277dc595d042d339b5be400369da39001a0a73c963738ea25c7daa6e58974b9ee1a22eafd7c0683aa1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
046e55ae8963f6da66b75004cfcc0c0b

SHA1
7366da999fefa6b35229be24d8ff9f7bd5624ab3

SHA256
fa60a6d56959e450928cf3a148a510a0a947bf5550fde8826da5dede999721c1

SHA512
00e828370ee8a127e8e8249b7bbf4cb569d492bc47045877233a56716e732749e83f84800be04d74ae6886d7287a9cfe8b4091492189d9daecb8c05f1996ffce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b2259cdbc32726897ece0bb97a36e1b5

SHA1
5137c99fe3c7f87348abb4ecb2b77f9490b2ef91

SHA256
4f812d136ec885315c6d8b41487971437a8f0df38f0c7496e73ba77446565d48

SHA512
98f4b381fccb11397b92ff66c5f8fb8fe8a4e85ec1702bc0706b8a768c98567a2332e7da177acb8292eb759114f1bd54d3d7eb554f285da75776795640d9fc64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9ac857dcd0cef0d8fcfd11a3c6d2cf76

SHA1
ee5a5315f248a47f50250948f4efd22398924921

SHA256
df0796ff4e82a4da6e539d842899c62e94a4bcf8f722fe6b723dd21a08f9e2e4

SHA512
f9e010e9f710149724cc6aacc0ae3271a5d930f49ccc22a9747afa80564bdb89a0c650e8e1fff2461813af417f49977927d20aee96a52adfb774043e3bb2a38b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
2d320a16462853e8982c9b02d6689aac

SHA1
6806850a30c37b6b942a287f516f4eb852d2b2c7

SHA256
32491e99e8ee12a1c61b531dbad78f35da25921fab9f694bab45c18268c626f9

SHA512
ed6c153491484f09d4b1ef1f8b68887ed2323e7bfebd5c51ac881545490b3b542c1679ac3a16df3e56756791be4a5cf4382967a289f04f38048428a06b7ad70b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1996d175c1838e977a8d0fba440add7a

SHA1
c4290167d248bd408621dbaf5db4739c21a336ec

SHA256
2b8e7e027bdcb7d6044e9cd9e83574b90280c5fc72f7586c99a47cebc0593010

SHA512
97c9bc673ba87d46bc380cf96aaa69dc4ad16ca180c463d65390a32cff68be4627c41c7d58c3929d9215042ee4cead3622a9a7a0b4dc3128ac7f75b4d085dca9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
573e1a830d21188fed6c6f7dae30871d

SHA1
753dc180605cadd7e13974de6444693214392a59

SHA256
0baf3583f010a354ee66b7911e35fe4b2ce428fde127ff6e68a6d2d731c082f4

SHA512
65cc212fdacdc893044e4c479d8f8bef7663b47cad1d02307776b38c9afc96f2c8a0e7c950df2cd4f153402d8b5ca864273bc33c033eaeb91084d52910ac5108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d4b1ba7c9a915dacc3ea8d569cfe4aca

SHA1
1da6e1eef2c7472049df224c6e369a006e23d52a

SHA256
778b27573668dae0a9e20733a253aae079982d5cb51affa2f3729b33e4ae1451

SHA512
250d95edfbd80ffeb154a1fd9ea7dfa5cbd2157953466bb7cb9f0a87eacbb309dfceaccbcb8cf4f8f1dd428ebca663810e443c8670255a40a26376abce17a57b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
100KB

MD5
21c68e0f9504eee85385866c28c2cb05

SHA1
1c5dbf54ce8e0a841d5acda312e2f060e90c915e

SHA256
2129cca7143c9502658e52af2fc0f61559e0c763ee19c3bea2a1652e9351d64f

SHA512
3f5b481f94bb669639a01e8a36e65762fc1e928fbc16f708edacb7981e362d1fcaebf239b0ab745236342aa464b3fca49238dee22c372aaba74ee1580328e66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
90795ec034ba0583bbe7cab4b72a4c04

SHA1
78e6f5e2f12cbf71091522dfb3899303f7430212

SHA256
7b55ff99ab01f2ac608a4a10c0759f0712734a1f07da5f8eabe20ee59b912ae8

SHA512
1e100b70b3ab52cb9671a70dd317ba5f024a5cb460a423126d2846e58a599d86ae0f2c4b70735c04ec759beaff8a932cb9a0d0d511bdf73d1179676e7a0ad574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc9fa19b1a9107796b09054828755461

SHA1
1f5b4b626dcdd4c7772c76ae34bfe2f3a296444e

SHA256
c0336458ad469ec8d9c2ef0dfc5a0aa3b4a50976cbe3e1e77989c24e3510df9b

SHA512
44b215fbcd11d16c8711704a97c7283b0d10102b020868dbf71cadf8dd9a3bef6b9bb674624d77a5ff80f5d74941aba382d9f1496e44da4600e8d1ad80cf967e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0bba87b6749d1e02b04f4d0f4afb85b

SHA1
c9bdb939b89f7c4dd0f1b24ac1ce5981f1d3f6c9

SHA256
1021264df35e45cfbf03740d6b1cd53f1b896fa17a7887dab8b5b0e2c34f5916

SHA512
342581aa160c807208797fcfe1b263cae01845d48d7b3ecb4ac2e463af200c6ba61d8a98a61413d4b66aef29f2d30ab88e59bae3ed91eff8cc32e40c1b6cc404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\36b2dca3-edcf-4b84-a17b-23ab0f6bff0c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f5fcb4cf0636245a2ed5058a26fbe7c5

SHA1
959ecffa379ef91f91d509d0ae89ccafb89a29fc

SHA256
1c232da6158923400565e6261e69c11c8e2b265be838bf18db88f4d49d559429

SHA512
a7d8e850c1f74132c67e1f1241a554151baf117f0d866c89014ed075cb2e9f29a48fe8f2cc8804b6adbc89e254cb8740afd4e5c6496de852b6c89c7f6c972ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
27KB

MD5
903acff81aec95fb624ad47960f14af1

SHA1
de8d7f3ae08621987d76e176118e1da6a7c2475f

SHA256
05d439f7aa4807ebfe90919429e6c6d352ea3816ce6a9592f4df42c2b22871d8

SHA512
c25bcf91200f1ddd174f17f2f95e3292cc8702884c3c0d79803a55effbddf66f43b7c243644c12e788cc1367d2f335ca67e07ec0053b066820719301693db767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
18KB

MD5
8bf5ee62ed0f7ac8367d1beca5945fd1

SHA1
0b2437b690e926cb0f987e7e183c26a54469c691

SHA256
b06b70c03ac2cb3fc2789f28448b23f13c5eeccc9296515c1088f503925ae262

SHA512
a9ce6d328e24fa62b339daaef3ad0bf7db788bf330b2e9974d5ab316640b2c73c9df0f42a53e93a4a53e36425f810d0f3c9edaf85e602dd3909c3433320b092d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
17KB

MD5
d9292609f628b534eab0f808a7f55fff

SHA1
1b7504fff17fd0b256b6a6af5c43362912e916eb

SHA256
7a1bf173c42e53b4061ccb2df872dddb90e9cc68fcda08914b73a3909e911a0e

SHA512
a57d4f1d80d8450508b9b901bce4892e4675e9808ae4e61ef75646c284f300cc0c23bef7956f0b52a79b5df99e1925cd5a5324854d72b35d9e380f87f9fcd5a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
37KB

MD5
14c460a1feda08e672355847ea03d569

SHA1
f1e46ac6abd71ebbcdd798455483c560a1980091

SHA256
d1161f067875a5f686c1732a442f340142c6a03244f4dd0bc0f967596f6cbe3f

SHA512
cfd6e743986ae5074e73264ee1f311fc00a987bdabeeafbf55f5dd6ef0794ccc393507be9dc7e38181f2f10897c300edc297976acd3fb72da2bf560ec260af91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
37KB

MD5
6e13703b4b9b3fee9c9679caa6444f08

SHA1
eebd698908234ddf27a333105f645667e2eb7bf4

SHA256
e9c1c07f5fb1e96dc3bad0cbdaeb5503e38382e8e9c838120bb2652940d6baa6

SHA512
873bc00f546d9811befa014c4dd9ccaea032caa559c72674429ace2c1abfd292e2556de69e2db1bcf0641625bdefcf28955905a1d5b65c620fece0df82827179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
21KB

MD5
017975d305729c957b42440bb7cec4be

SHA1
4ecd64ae942d7994b18210b09e72b9a12c6ad7e3

SHA256
6c9f3f5cc1dfabd4377baced6215ed916ebeca530d76f5afebc7b18f3a6a8668

SHA512
216fb759fd6b7c18e738bf2eda55d316713d54a61fe7c925ef7d1dd82381d214a37bee7f3fdc9ca65c74585decf1a23441eddd6278decc9f4a178ae5252473ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
24KB

MD5
3f78316b5485dea877ff986c00eb6b0d

SHA1
0ce8623b7e34098655883d3674b4265bd73bbb64

SHA256
0ef4b35cafab7842d4aa4eab3e9fb270d8d89011125c08d49c5260c3cc246929

SHA512
1056a68735f58a8b6795f28407fd03e645d2fa09bf6fc73d47f6db09e4ea57704a70094a6b70daeaee4b2c747e648958a1b569bdb489636c7cdd2ce01b2eac12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
17KB

MD5
7d10a6106e8f9e85ae68e310ca2b8433

SHA1
32046f676521ae8b100c0ef88e5e19e1cc49cfe9

SHA256
0c00f8f0acc2ac3079edbb2fcef864743e5ad79da49241f6f28cca83984f7204

SHA512
78bac570118c28fad9bbe3ab261668743ceb81a0229c9bb2267db4228bd9eab1bac1bb07185347cd3fb80a6af62e15e587278a577f215020368399be897864b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
57KB

MD5
1d9313f850dc7f90dbc817920e650fbe

SHA1
cf05a1ca3e477a5295c6b82cddb21364ef9a8c93

SHA256
bc1c1dc9729b72ca481ca91597830682b83fc30c2637f9c73c762e748583dea7

SHA512
d0033fea8fe30ecba6d09580b20cbeaa0f927c7014ab2b788f6e75580ce58e07eec3e53a74228d22f7f95ab6ced8cfcf63633aa1fb1e969569d8a9708e7474c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
19KB

MD5
6cde00d4c70f65945125b46ffb494046

SHA1
d86ea8b9520beaa539c88febbaa73c14783106b0

SHA256
ff91dfca2f1749052b460ebc05256cc222dc8ef7408aa515661bffcf65b20f88

SHA512
9a423e5f783c1f08085577fccd454b9be7952636710c95b98b99795b4fd790c3bf1d8bb22fc39288521890d0038ba5e157f57bb7d9ea0e745544c2db5ef6b2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
23KB

MD5
ce3cc830b1e038999dd41be7ae9e1718

SHA1
ebed20a6d1e3b98b2293a90880d6e9bd5a503bf3

SHA256
5bfb0304c3a1d1128796a32c3da1b1d773dbdebecd7947364553b201300b2445

SHA512
74e649b2ebc3c5443feaa548e5f55e403bf99f27a8c5709e0247e89090c53b0d084903d57ac2e69135325ba7d97f9b7d8284df49fb42b28d53dd51b41bd21578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
137KB

MD5
e947e95a0fd8df1e8c8eb7cae1f96f09

SHA1
22f36705b4a47f05fae77201e936a5c65cb05bfa

SHA256
14fd0b00467eea3d8b863e4aceb343135fa64e8a3b4098d58765199a9d2062a1

SHA512
24b9a4b0b5ffd6ae11ea6cc76d88da96cd0579254dcd463e1bc5ddd99d9850773ae861594ad053d4d07882d4970267aa3789940a4eba63c0543588cd9b293dd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
22KB

MD5
9ec8ba204f6c45d71c998a0ce1dd714e

SHA1
e6790bc2fc03148c9d9cc1b3a91f4c5df3d8295c

SHA256
a4daad6848500cbb261729ecded45a13e2f102d666cff8a0e2bf5991ea5e5c9a

SHA512
d30fe0c1f7589354e7b228a5ca4e522e198c6e7ed30186c54025e991c7dc9a324e1cfd243ed2009aed863c01c3b341ec88bd74aca019e13ad52f8dc2ff3c6ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
73KB

MD5
326a8c0e809a89dbd35256311da8a22d

SHA1
7e095fdddc00d8108d3423b8f12e7f2e3e911ffc

SHA256
6e01627196171cf351d5809b955558fbc2b80ce9bd0043f58c19cf422e30b70c

SHA512
08ef3fc1781ade49135643cc2111caf4ffa14756f4b08623a7e25719849293cd811a70360920d996a7b88b9a62711b49e5956acd433cce677d52ca744af46472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
bc715de21f0932779dfe5e785f443b11

SHA1
86ee51f6663ad49863903e267b83e25ae539f59a

SHA256
2159a1fcc24ae83d8378d52ca94651f2aa1079038ddb4a218e8736ab7400281e

SHA512
756d17cb6e4dc1491050d76a87512381dfb783506ba9e7600807255eefdf29941023acc5a0cf000953155b0ea656b50a71c8c20831f21a167536e1182a105a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ce673a60505ee78ccdeb7dff6f15b434

SHA1
8576f7f3b292758c3fdd91d05831c423014f1c47

SHA256
91fa826eeb70f5779ae06969b8d1cd96f452dd35e1772e2f2ce6a35a4e00c3cb

SHA512
1db14ca254cfdae8ea616fb9b8817902a9752cbd1c261b0bca68648ad43fd2e9cc67601fc4a4fa7ed489b1295264bda7240781c03a727552a38a765158bfc46f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
0edec27db5aaaf4c9125ded09499558f

SHA1
86105b02f1500463c328eff3df55ce700998d12a

SHA256
fcf045901f0e3066b7ab7a14a98531c898337720945343bcfbb0b73b5560a4dc

SHA512
dbfd3fc99b145e019f195402f2647956aab330293ecfe8953295abaa557f40f8791afd53988376eecd750e1aa2595bcfc62ae33291f14eeff4c5052074f7f18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c998dd0bfb90f0b5ae94e5dec501baa6

SHA1
b6d11e77a239756c5f7b858d2d761b1be3bff757

SHA256
b4b0b3aef55bb9c1f019a590b094dfd91a01207117d9c33bb7af7b9840be1af8

SHA512
35622a3fc49d8b0d58b21ebcc43e7c3d105cc0b98543e079f010de37632854cda98754336052d863e434253b37cfac31216cfe0c10868bd2e05a79122307e3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
575c05a8a83d92c81bbcf5d0948c1f26

SHA1
c5915339d0b362ef007ddcfe79724ef55ba2b914

SHA256
5ceb67a20bade0b6fddec4c0b759f3a80d3de92aefed5d4b43e9fe1e45075ed1

SHA512
6d034c1283210c36bd9786bd517458f9b3903cc6e9e104ffda17b889ba4a0136c9d907f4429bb517ea2cad209cfc58ca07f9eb98c8a0ec6b7b23478c468004c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
b47e064b9c19ec73c20b5f274fc005e5

SHA1
672b93e1bba96fa53c2a69dbd0857433c1bd5f7d

SHA256
c33f50e1a72e734cbd71d3484ad3c5b3e12d3008e6e73340e8e11f68009129b8

SHA512
a44a2e8276c8f808f6c7970e3d5c67cb05a5f0162335e9e0f4017ec0f025179915a2287fd004f87b2398a5eca01a5640dbeb4e40a5cd7f9933374add90e941d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
55df1e9c0cb0cf2a9733956d73e79dee

SHA1
74d4b1cedd834c8b9681978d7e923066621ff533

SHA256
fab06a2c72d6463bab6e40fb9b8d59659d9c046060070abcf8b694225eeb3a73

SHA512
f5c26c269ed5eb147872ca256a91a4720dfe59d9febc89df5789399e5cc03f1f4ef2570b84a3b4fb178226d919e03ab951590dcb25effd6ef09c2cf1c7116954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
1b8ec7716f74417be304b2b0c6319b71

SHA1
85a68d8dcec1c9ab826f675c492aca4711a65100

SHA256
a3dad1766412e648d1da80bc69b558c07740473809dafb749dd8804101138730

SHA512
a086fd45dbe84353e9205073560f8ceb117514874055503970d70c551fbb1e6207309a372ca6ec445de468702e064e3c57ac571ba9626d9143f426f9d0a24d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
13e2212d8b83e8ad3bc043534aa2e10a

SHA1
f3dd6dac93a24a47de1ac7557f31bc3ce3eae7b1

SHA256
7ca20fa435b39426b9e24b79e5c742d00d5922a641bdebb6479517eb48eb73f0

SHA512
d71e98f21d68ea5d466cfe0bf22584908b4bcafba86ea6d5bc44a2025b2f5f28a7c624a03922495b25c00e9ba50661aeaea9e603e4943951e95dd04841f51522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
45966047fed0ad158948ee7cb8e20a13

SHA1
9c564ab8e09ce8813009589378a6cba930e8ef56

SHA256
29d2a2c6449b14c5cfe50343d5ba249e2dffd6e7f0d1bb4cbdf87b92e1565151

SHA512
8f8de604d7a2c458520e0d6f9a0a3de2039e0bf6faf2fad89353d5b1c6c609f135e700d0b73115c145a323b5149dc3028fadbca0e919c88141ea3858385ae374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
2f0d2c9536a11a27ae31122d84f1b4ef

SHA1
eab366f93415184bcac397eeb143f54088cc24c7

SHA256
b9820aabcbf6367a648acadb20df58296ff4dfb00ebbbe16c919210e101774d6

SHA512
23fc74dacc1a32f5ea1be07b2b26e77b7bfe0a8d1cba2d702ec37371417802ed393c14462e94c54c414df9c98c441094d2b9a743f67dec466f391145393114ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
c90c20ea0aa0a16321c1f9b060322d57

SHA1
8332da49fd63cd2d7c87d86b46dbce08f574e6f1

SHA256
bf369a8fac598b933ad09d5c89dec29901601c4a5316bcbd137515b11b38069f

SHA512
8aff000d4b116762b2f9dd8687da1b2795b7d4df5bcc3b8fa45a5007b79e8b7a53b5ede6be22a315351c4a33a0c93c3c171f07c6da32424dc1aa61f24b6cdab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a79558c2fc96bb25c63c48e9a565bafb

SHA1
e30bfa5e0068c963e811601e362b1fc41d48ce16

SHA256
7887340fad31ca3ef3f0ecb7fec672b5f7fbb42924be561cdb2388567b646280

SHA512
72ed027ef56cff7f540bbdc828fd5b95d93b5a5b939b34d841f004ed3ffd0acd353c1b3240cd64024deb034549a98c2a63600b37ee85d723d4698e62467c3233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5fa2197f63ae3c15fed791d1f3b36900

SHA1
02a77bd15eb9462e541e7a7e47e777556061cac6

SHA256
64bb0181f14ea363f92af09e1b08bace08fc1a0da9d6d11d6afffdc2cfb83f2e

SHA512
16138d76909e2d06b5d75cd2619e7cfd05635a958f7354118161628ad17fc217464f5799bfdbab0b9d7d20b4382c1fd88a37faf406d8885e60cd1207433bf2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8ca1358888d296f112701dbdb1166167

SHA1
ddafbff89ef45bc50169b4b0014d073a7c6ee149

SHA256
d3d413881476abf40d4744262daf046d79878a334838d8de0d4ef6121ffeede8

SHA512
518cbfa81362f6fc955b6863f9d77695f52c45e4a20def06b1771ec438aee9c1c4f5b5b1d484a39f46f9a5bdf1395aee389f5f13321a292bbdb842ecaabca741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ef7ba05be50cff52c312a74c03219200

SHA1
695e4631537753ba8dc2405a95767f04e5fa9c1a

SHA256
85c1f4aea2e6800bd90c9985bbb7edce8511a411434edfa972b506afc39ab6cc

SHA512
63745df92bfb8d52699e1b0e06f9246696fcceb509a843b59156673b99ca68c052703a39bef2176b57f9fa258edc5dc5fd7d44770a1cace2217d8a8af3ec9385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
55700db06cf1bb9de47349d349a9ea60

SHA1
4d1724fe18e2dca7d3cc9be733051b0beec31f48

SHA256
70e9d510ad912926154a62a23000c3821d42a6714e788112be93f7f65395e4d9

SHA512
2e9488778fadec831711d1622e19b16727c2810e8bf2bfdf7403b96868d054be41bfb44bed5813a972bdf1fb641d96b501ad3ac03f6df8fc29f59b4df1dcea1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d4d2b9d057cbdbced16f7ceb96ae162e

SHA1
b139169a84b17f26525dafdd61f5a1034caef645

SHA256
0ace3196ecbd8640e43d53001980eb49bb8192b740075b7ba51232a62eeadfc2

SHA512
512b9f864317d8704bb305606a8c67f356180097bcee6b15780229f4ad256614f6b1ec1475f7f148d0f6054722ab7e3b5b343547d5939c2aea7ecbc8e60e5c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49229983c20278e8941b8be19ab42e99

SHA1
6c1a64322b139edef4816578d64905377abad5d6

SHA256
2c1c2df817932e96d2cbac22f336476775c0d622bb660f8173efc1fd2c8032c9

SHA512
8f142ab68a73ed6f310f664316d12a2de96a9b7679d2139abf885f6a271d3b9da899f204acdbca4ba4617388a4e1f6c3b778b19f56d8e99e0630701a8b52efd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1f1c7fb1d6f25c6b0e07249c670e8e6

SHA1
a312cd8ba9afa470422eea5b104373f8ed6f8550

SHA256
1301f3095bb364159351513806882e7049a5f9b7b456043f6f9cf3bd57938f40

SHA512
51b838176b42acf071ce7e9ee4cf2e8135230c61ed632424a9065c0ef6fe71aa2dd368829f747e9d1955815e17731cb194d3649de87883906d2e753a75bb966a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f9f6ceb69f6e006ea154f9786c860fb

SHA1
dbe1152d13e9e425a0ae0b6e7fa3aa0be632720e

SHA256
dd521c92b5e463c34d52f3ce52907f0c24cbfa27ab3f7b125e760c49c4fae85b

SHA512
28174bc43cd1688be4344bf326b242fe9be1d2c56ce266643e5e36072df1840a439b2f869198300c37946407cf7e37320598e13f9a00c9e69380e99569c045b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
465edca8b104aaa24d049c59aa94810e

SHA1
9ab99f894ffd64f6cce7abfe3758655fbc0f6a84

SHA256
f09093b0bea439ede425e7e8495fd3da15fe63680e48cf76fda9bebd6d12338e

SHA512
7a91de1ee8debd541be91330ae94228533244f0982e8dc9ed3c11abacf504cf72224a2671d4d914be5c70c4ad0ba65313adb851a80a0e8586b02003cacf5bd1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ede8cbb5ab3d8f946731eb0514b13c6d

SHA1
f3d107a1cc89dbd2b6a62d94f22d686451b75021

SHA256
dfa5891368c7bfd6bb85bf054cd4ad6c9dee518acdadb941314d4d4824b8558f

SHA512
1cbd0dee778cec26602969199c21b366ff22ff913222add34f6f4aa8da323cbeaaa6aa837412b11051548b88bc87faece4519e160819a67552ce57d7baecdfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed982b102d2dd80115133470b5018a12

SHA1
b5d413bd111e9da7c2d610fc458b348035b7ae8a

SHA256
fc634f370f31bea2b5430f4c05ea35fb15f22c076eaa69d53d5e10367651c486

SHA512
edba66d1b1830589e5975469279d5261a1497346da79d7072aec8dbebb5bed90b0c0947a214ec073c974e09530c43f93abb414dce06df8223432989931f867d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ab46f1c08700edfa3d01e1af3852715

SHA1
55f2e973cfc68b616ced4bf593a669843e91c3f5

SHA256
0bb74b72cec0ad432a4e1a94fe8b7d546ca2f53c1df5b38ae1fa6371b5d2d853

SHA512
7f5a24a5b73ffb16286e7df63416acec53afff0e9ca92423e07ea1d73e4d9071d165cf20ec5a9daa687e8c859742a76d08b7a1ba696e694fafc97715796f13f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bcb9b68f9b3d96fccd92e7f35f314b0a

SHA1
30bd7c2d12f2194ad73249c9f101ab8535522456

SHA256
19a1ef9a099d54c414e05fb1ccc26b5ee70862604ada4f0c252f893253e1d3dd

SHA512
a8da5819d3c2544f320ceede842c5ecf660c7b58db9f62bcff880edf911e908b936f8800516b89382e735c8f292dca3b468d576a3478d07bb56dcb38d2e5a27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2dde8fde772b92357e51ebfa53758fc1

SHA1
ec355815d16fc7fac5ae2467681dec640de510e0

SHA256
3759ad1ea1c301e5d237ee4ba33ccd800968fcbac416201cecafc1bf240855f1

SHA512
e1cb0bc1b03c4b5a55bf30ad6a36d0595bb9a3f896344fdd6d1cb340564df9ccfd2b7768672e4b044de3b24f8f4d29bce604a65f3fea601c607b316d13413f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7246145bb63949fb43b03090394be755

SHA1
26c4c8c250404520eb76157e9259780587beb4a1

SHA256
f731cc9bda23e28d39c2e7e6eba9bd380be274695e536c0b2ce9ea4dfb737561

SHA512
58b9c5066830aa796f5d91025ef6ec18183e19075676c11eb63caf3263a0815d4ed35078043dc206b5c7a898dd296b5820c8c4dcf6e6052e71935b03cbf5f8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
822B

MD5
cbf8410ccfe009c51b66c46c3c6c5a5c

SHA1
d83e0baa16e5461857265c2b2db566c0d7054f4a

SHA256
4f8d972f8e8c6c5b7fd654b6d563fadc948b1a74af84e36adc8eaa22d1644a62

SHA512
324413f3102611d4ecc1ba1c31d90e8bb092750013c9a35038ed0c7a74c55eee5c48b2c0e0c0c9529c48bcb51476ccaa5d09b212ef1257b81290258e13d280f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b340bacfee8c1ea7e53faf6c43949027

SHA1
2463517162a4f1155c95628d74ef99dc32f3d880

SHA256
d8788691e21a82644d0c5a5cc8a6202e59b35118ee77af528da1bf6701a1436f

SHA512
9e8ca69bde1049319d40fcb81d9811f1b9bc9b9beaf85c24b9ecb64a88510d047c7dbaebf1132d4dcd0d2ff1ad20dc3c632f28f13359bdcd283c800b82eda4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367207543021821

Filesize
18KB

MD5
cff41c49ed841993dcbed68c68453254

SHA1
1eb514d5ef386eb4f362d3e1e56db81c523106fa

SHA256
542320e6fca4f605a6b8aa4829f6374687b453b00e2ef6527815081e1dc7f208

SHA512
0ddd7d91bdeb96cf2be239834e0ec8d883143a735478b5373446d0624126d341633f8510a2ade6dbbe034ffa909fbf2e42ef84a3ade495aae49256e5a81e1768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
830e8f1ef089683989a7df6907a53a55

SHA1
d7d42081680af92a885afab2a61e1716b97188d3

SHA256
ae3afff90038cfb81bf3dcd694b4054205b3e87f5c8322ae6088a4e25424c09c

SHA512
f0f057206078a943f8b5198cf9b294d7cf7f7042f37ad025825556df12ab3a7ec313e7f0b744b7853c0dc4a84e00f0b8c8ece3d92b86b35299d12fe73477e4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
37bce7a0a04a0cba20e9f39461b769b7

SHA1
aae82d79c770e745c785e0387054f3316558daf4

SHA256
93cd3ba863d9af92af3d6b775ce3e48a9c71835b15286f2c204cb37c1dd9b0a2

SHA512
146cfe256e39f153f69db09515e74ccce062ab30e5bc7eeaaf951e5fb5bda66b88195b0ef141ca267c6b0bab2c41f308e9987697a54cf7bfb9eee452f97e80dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
3fc1d943095f76b89f615a2f24c4c436

SHA1
b53e28d7e0544c5f15e325795804f5e415379530

SHA256
bd7d6b533fc48d6e4dda1a9da8eba809de1693c6951a5e2136f50f3d8812cba8

SHA512
952c15e13aa7c0bebeb400fe76634103ff576dd8649138a8ac73c0a4a4c4696fd292b9285de3fcf3ffbc0b8f7bfe5806fb54efbb1212487cf13efbff24ad25d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8099163efdfa88a353b6622a2bb8cd91

SHA1
3921c58d2fea780be92eab2bc79c4aaf36d5f03a

SHA256
710b71704bc735d014218284c2a4d7082624b6c47f87c15c8372ecb75c07ab91

SHA512
69b47a8e4f9bfb3864758cdecdd63691b6a5367fcf551df83bab1e6e284c062ddd90efb40218d4490f86e7e85b1d1e866471dc122e1a08f60e51277ebead7973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7c59c68b7239ef93d3cf5da189a2c655

SHA1
d948b301fa37793d95783ebf4dfe4d144a6be330

SHA256
ac18206c7753bf59a563260b19c8139d5cc2e088d54718a4c6d6c2c6f251b6e8

SHA512
c805695a47a05617a80e135ce708714579a32f62fc9e2225b9703054f76115cd05bbab57e948dd68ffc0815b9d97464b4546079f7f83b59a41dd833a14403c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13c7d9b5d0c684f6d0b6b2c144eda48f

SHA1
2154f727712043f4dca56325ae2ea7a4ad55065b

SHA256
3cdfab0f3a10ca29650c8d70ec860122c7b06338678d8d69f8ed557a9fb4c588

SHA512
a83f2e95558aea98a4c62e89a95142befaa552724adf156f84443dbbb448349101ad9bb01ce5885bd2dbab3b680f3de0faddfd916b9cbdac23d9e8225dd9d645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dce75a5ec0f1dfe0dcd38a275854205f

SHA1
fd36d5df3a806a4975a60fa83b0fababfc53540f

SHA256
3c438568f1235c5c82eb13c7d098fef96e76c12484ee300f7a679a269a32e886

SHA512
2eae732725e7d4b1cd4008e811cea0e6169173aae3669bd2da3e9e239bc473682b1104a021fea167cd5e358f3fa628fc80641f9770a1ce2708f3f7f574db74e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8be21e77421575a76decd021e7e38e76

SHA1
305a958e91086aecbedede3b1e9bc2afb6ecacc7

SHA256
f133ac72078e6806e868bd065cd4cd609220e7318647994d1144f3186a833a34

SHA512
bc1eef2c38e4cdaf775196f7f6659ceb7a5ba11383df103bd76b658dd0fddb3c0a07ffe2866fb1c91eef3623edbede0587306a936a77de5b937f07de2d2e082f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f59dc1d65578d4b1d08aa46bfc2fd8fa

SHA1
65e8174fc93b84a0281b8bc2656df0b89455952d

SHA256
985fa3895bcd7f247c7d80865792e613be660cce40b1834848b1283c548ff19f

SHA512
010d6e36e7b2335c0cf89ac202175cc3c077a201d047d510488201fc4a70b785ed4c6e22d37333fc4f87d67afbf569ac29a67ac5ce6ca3dde3c370fde3c1162c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d07e4d5b08bd64a4140b301a0d2d992c

SHA1
882e154acbd0fdef4eca8e2ed10f0dfa13825a80

SHA256
9a90ac3bc1d0dcedcfe5f79929be46c3574d625e6ad3c2b6bc164b9e0916b3b5

SHA512
dec88e28328464095c7f94f4439fdbefedb6e992d5cfa906ba84cdea47357de802a54775c1cb8e5f3499fcc63615d90ac54a3d0bc16d1c733310e4f278df6712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a188afddd2a66a414529a3829f5c2a0e

SHA1
25925d44450cd6adda99bc95e0dd732b7421a331

SHA256
98468a6a86790bf58835e51992f1de5579812328d3a7931f96c933fe9cdd9e0a

SHA512
966ff6cfd220a0cc976adbefaf4d4cd41bbca340cdd7f83cc65bd81176f92daa6fc3af61a5251359133b6435056f4323d02c45ac92427a75d20b21ac73c94cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
762443b9ecc8e8fb0d403765cad21713

SHA1
729c38316a09fc0e3f3ea2b4c1540263e4fcb862

SHA256
69efdae1c212317ff51c719ac00d0d3410f373613995d3c9eddf365270c1a3a7

SHA512
430c1710388a2cd6fee29042dd445f2d1d4d4109a5e44c495d9656bff8778cedcc47bab945cf1b964a4d3b3c6b00feaa0319b142f04d24c0be6cfa7e8cb4da1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8b2b9fa6312610e9c51fd4375b036c8f

SHA1
6c85004cc584fd004ca9ef16e41ca8453d0cf50f

SHA256
a74181211c3e82185709caf2986af57ce60f9f4743ee7cb384e50c60143cc0a8

SHA512
08be5ad53e51d72722beb5cbfa3d26b1cf5a841d94717f681bef4cc6830b1e114809c21b82151a4119e739cc317c0ee6560c03d17732964ce2e748675e39be20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f278b178159ca555cadc3f5e36fb4c09

SHA1
5c3cdec667c019d1ad1ab45eca5b49d0bdc07dfc

SHA256
9732400ad21ddb4db4a2ebf6212e40d16feaac4cb19085dca348e0012e37f1f8

SHA512
4d3926f6aa130f1643c3cbe047ca1f1658dbd7618209b5f84667878c3c484d3fbf62fce74418f0e2afcecaa206171d340ef0eaa51fad3cd107823de490861062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9c1762f97b655e6283eec510886d2808

SHA1
9dfa1f3fbbfc3d6f201a99a8c235b865f4b26965

SHA256
110508b1735a835588cd8e42b9b0b30aa0beba9de19edbd79716eb07d8048776

SHA512
f85e95bc601b05485e8ef65df158fcb22898fe5313e79318ffa6d8995cee02a16bf6bad1c2e27fb80a51a3016830e77998dc8d14c1e7bb7bfa47df995ad03ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
33baec68f16320117d3ead70b4fdb74b

SHA1
4fa33ebb5b2fb022f8035398f9bd01459c5fab5d

SHA256
2cbc429cd6646c235232fe9965c3a3215a85cd0461aaf0acf289fa70cb2a2b6d

SHA512
73e01881ea120b88110d67f9787a14827a6da3bfa11764eaefd6712d821fd353e4432fffc46cdbc5dfec242ec5762d4735928b9f297930a6cbb9f5d056c4ed7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2f4b1d693f2d3d62874e473454706682

SHA1
5d27c7e57010dbc236921ea1752bc7ee97f17821

SHA256
53274069ae55053a2f91ef2d37d9fef63445550d2bcfda73a9c8caf585ff2c23

SHA512
6f101a0d00a1ee94e9ecf9b995e3a4370da5d4c5b35360616ebc20c393a27a801464f9878641d90516f70b02786f40196f45b6d76633c478a7ff55c6dcbd693c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
987c346371ca56318858a05471db5e91

SHA1
a040775c3050b851aab923daf90d8e5d39e21211

SHA256
305e483257d6be51948544ea72ac9caa1711f5d63f2f5e5225e336a08cbff02f

SHA512
0995cfec4ffc5103c27b6ca5a8c346c65c67a59c49d8f8cce4155033e6b7f0825b4fa11028c70e1457c05ff258f0dbaa7c2daa21e94f0c7121e2c0a5b0ff6723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801b1.TMP

Filesize
536B

MD5
e8791421832f134b55df47331830c35c

SHA1
2528c9097d64c28f7e8f2d1b315c6ee3f3f5a1d1

SHA256
46571681e885ca7e1e99468d9da4493bb121d76cc911dec7e9444161db81b52e

SHA512
a750e9bda0bc97ee4b52c8bdb9614578b61652b6987a052055a961eea5ddb65b9b8e7d553b5d14f76b0a837663e1a12f80a10b401b7337da1574397f26d0b36a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3f9b79a65c438f7fa756af24dfe1b2ae

SHA1
ae0e28d68887b606f6b64927f13c48daae525766

SHA256
8bfed4abb6f2777a7971c295c6294ba689f046262c59cd055d390881c142b656

SHA512
936150ca663134bc748fec72942bd0621e079516832d7ddc45854404d44af00ed430e2d92555646ec8d525dec2df55bb13978479b611c93c3b469ddfa7a72bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
0d0a15445e4c062ec79a9067206e7b2d

SHA1
e9b52e1a11469e9b46341e7eda7144e501ffb709

SHA256
7be8c050c1e36ca45d33951915346725f244e7ac0532298f8f0251b24a104595

SHA512
579d6330830133dde36180e50541347d4ef6b00c5cc898325f01139b9e7933f212d658fc51918941c096540e92b6b6da8530d1e2e9f75d507ff8887c7c97d37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d96c6214-5034-426c-ac63-7579fbb23ffd.tmp

Filesize
3KB

MD5
52e12fe7a28e23ab46d6ba9cd710f78c

SHA1
0f3a4c37cb2ad4f190c5c883761d693a5664c22b

SHA256
2bd4681e7d0381fa16b1f64c7046f5de84239f4fbb2b024de8509a399ede4373

SHA512
2056a40087ddcbc6547d5dfe7715e70d62ea6f9304dff2352e76581a1fc0414804c52d259d2ff94a2561bc97e9f7ec7a74227dc5485bdb66ee2a867bd429c9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
804KB

MD5
328b6d2781b7ab0850a5939a3057c38a

SHA1
4c1766bde07360ee0a72bf68f7bc805edb372730

SHA256
db620b5bcf0f643c4085f9ab55bf8e38f8a119e10186f02359cd0da34c9ddbec

SHA512
788070732ae8307f087b6a657f293583b5b6f2e721f2c013703a701fed6f5feccf55c9964f69f526d5598362fc5bdf788b7dfdd9535e98479bc655d369f916bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
43988d8d9ba4701e94cf0f59d17647b0

SHA1
36dab14cbf29f24264af2319efd4c5a194fc9ae8

SHA256
e2caaea6523ae0ac07ceb9e68f45a02e07a8f30d23b21b058eb405626b5c868d

SHA512
006a146b77c55c3be72e5977b843e745ccdb71c41c410c85f3e5a778cf95c98d27c56919fb1ce65a96e56ba47f75c116e8f2001fba9bba8ca15172e3a2464ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
d2f1eba144eca908e81ad32eebc3569d

SHA1
045076e8d02e29f7baa6f96e5ad5683db8cf4114

SHA256
22e0bba907327ce2aa2286cd1c39869cb701de99c10389f58a5e8c436bff7c0e

SHA512
2d2533a3859c53e4a8d2dcc0e624ca0df7bbf6502d93c4937b0291e1f63b97f99d9cf0259a90c8858b8cadfd968bd1ce466f3fef7f47e7fad9abd51df1fc00c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c962e9b43873046367283118178520a1

SHA1
389c8a5d051de259899aeec7c56c388ecbc169fb

SHA256
8539f929cd53e43b0634f85227309d6e92c689b9cc7b264b8ad0a0024c383bbc

SHA512
1e7c2c44694eda56f40051cf350cc9e080967587c34a1a6f0142709769a41cdc7df03122e7f45d16a716a60c67801b578c02293b512b6b27d677bfcfa97cb89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d1d8a625e88183fdf5464d4f39934c2a

SHA1
edeacd0ece0f738bafa6512c4a67aa857db7ae1d

SHA256
d94ab9fa2d54efc2fb6534a0863665529ab874bd3ae342852c4cb7883f039860

SHA512
baf76f3ff439a5a2e5bc569587898bc6ea4f94aa4d888485168b9508e8e51625506167ef165bb3654f5220154e943207b56d35166870c2631ac71bdf84c1380d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c91057dea5cf7b8afca13e0dc59fd4cd

SHA1
eb8556988cc9f5e6d08b652995588b6d3ffba6e2

SHA256
2dd97b6d4ddc35b571e7d266c042e14edde53b038df4ed7680201408e5fb242b

SHA512
c2dec4efb89c5abfe3c5eec3f306f70433c064c2152c6e3d71803e2e671986f07b53f04018f956ca881ce88742df67e724035ad310b089ec7f459893f41f73d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c63b8ba0b21481667f266a0de866b94

SHA1
ce6c481cd979239876ca393b9ba83d1193918ebe

SHA256
fbe68673152144f17248ade04b3c6d7002a4a143585c781857ae54bedc663fe6

SHA512
5eff8eace99be8d8f8a10e7a59f4a742ede346464e449642c66abacf83dde0c4b331fb46b390994e61da384f8499831dab5b43c2c90858be462e442994f977f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
162c13b89bcdca1a5260c67e40d70070

SHA1
171a6b99a3a44dd8c0c56f97f66b61dfed62ad50

SHA256
ff4fa2067932b9e3c52fa53bb0bd085787bb5f4b667aca82aa6caf3a4cd69485

SHA512
b3a3b86f47b66cf90e79f8da9e0e9d57c3004d3f2b7d210915958c12a0052cfd2d982299c8b9e9ee553853b38cf600bae585980f70c1fca1142e33ea92aac824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc8ad0d36191a9e548e174a0dfc31d01

SHA1
e2e04d450610663307d6d9973b0b26d8bc7235d4

SHA256
8dd8ee8f4cb8cb9919cf0c8601e7ab1b75005391a3c2e3bedb48615fcd432fcb

SHA512
d212377616d12888f1236f948f0131d37bf771255e662a3eed13dcc49cd531ae6d1fe6639d8e512b424eae8bc91efefe7738606e320052b4c91c06239f7c9a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f04a3a5677c0c5a1e8371dbe3646f0c

SHA1
3506acd22346992b5dae83ddf8e9334def008e4c

SHA256
1f85a517bea2010aa2c06954782d7a79b7e037711e00b9e2ecfb34e3208f11d0

SHA512
08e5e1ba37f820cbd2e644949007b3bd8dccb8f50f97737f6dee099f933f72a38b0a3593319c0bab72e60601f1f3cf5536699dad95b87845ac8d9be8f7363cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94ca86c7d0107cc954ca472cf819746a

SHA1
5aa135b257e500dc29812f8d14fff758c6c8948e

SHA256
1ae8e6b43917059bddbca198d89f347b5786c530360bf920cb1fe1ced97719fd

SHA512
9f7db4ee114160e2edc6490f57bdd80d5c41abd60f5e0b3399f13d845c50f27ee0419463e740124628c35dd17fb547c70bb3304ffd7bf6aa598530d1b38b9202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6859093fba0aec165e757bae271f47e8

SHA1
7e0271ae459997ec1a8dc2e2952d2edb8d8c31df

SHA256
13ee10fe715cc828cd349cf7d47167b5111406feb5364ca2af76705f94791921

SHA512
c607bd9e619d26df308db3257f022e433485632e77130b1353417ee62d7f65bc1fcedec9229ed6349f0cbabb786181d05aaf6f3c39a406b0adba2b68452a7aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Muse Hub\.bdconfig

Filesize
32B

MD5
04b8bb68bb65c08df7f29fd5fd44624b

SHA1
fb99ea26017a688e5d7910d33ed8f1281fcb7ac3

SHA256
b654441e16dbee85f7af0499fb7ae0d3908d4615f265a1d3da809984408b2190

SHA512
f8a504e4122bb1efcb755def6cfd081a411bd825943ecb111bb6f67c9dd3b1ef3a39738ddcc0c10985b8cf54cdf1e6248afd8cf389043e2ddd19a6ff78616174

Download Submit
C:\Users\Admin\AppData\Local\Muse Hub\.bdconfig~RFe57a354.TMP

Filesize
32B

MD5
5612391da03a3051fda08c5823422dd0

SHA1
1cd7ecbaf91567510c02b67885638a8314660418

SHA256
69b4277cc320406dba2708ce88ab61b9a4930da927e99d444e57198031b22c2d

SHA512
259b42206bb7184a300324cc1a1f00158d30d5c3e037f6b92918159ee529400da0af7caa703d42b6aab1b2c1fac17dd8426d1af4315b7e13a994eb1a04869967

Download Submit
C:\Users\Admin\AppData\Local\Temp\Muse Installer Temp\EXE_NETCORECHECK.EXE

Filesize
142KB

MD5
5f6469960e0016d44be090160b889077

SHA1
114b94c1401d039903e5e8b11cacbb737230365a

SHA256
cb5714eb1f8b3938233823f465173c45ccef73e5b0ee122391853a3f2a305294

SHA512
a3cacbab7a8a2b0a914b2eb6043f20e60761dbedfefa12fa5353d326370c087845a9eed2024675284449bbcbb8510da72b8832114f003dd2473b45357cf5c670

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
373B

MD5
015b080135c38684a877fb78747a84ac

SHA1
06d395969aa0382639a2ef9a32417bee4bfd64fa

SHA256
d4b738abd85158ac18f9e0b982f0683be0dd7e86a23b79b813b8874ea3d0ec2d

SHA512
da7a3ef104ff6235b1fbb414b4eab00d53a5bd77da1bafb0464d98ab773ae6e08153d7b669a151b40a84675f87f31219498304774fd02fe1aafcbef92899fd39

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
7df3107a6842f28a85fb34bd7b3b8301

SHA1
6f7fcf76d0fd436614a2b4144c67310bacf7b7e1

SHA256
d7865119bb763ba7d92ef002823064c18fea63a3c2407d78ec0c1973b679d487

SHA512
e79848e89eb25e4bb1cb9c4efd1cb381cae57d5b11bd18198d14c32b6ddec98debe3decf6322bfbc36d026e9bee1476cffde60cb31c07ecfd4b3e21fb0e18da3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 257086.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
\??\pipe\crashpad_1192_TJJIQMWSOEBXSZYE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/536-61-0x000002108A920000-0x000002108AC63000-memory.dmp

Filesize
3.3MB

Download
memory/724-2594-0x0000000005850000-0x00000000058EC000-memory.dmp

Filesize
624KB

Download
memory/724-2596-0x0000000005AE0000-0x0000000005AEA000-memory.dmp

Filesize
40KB

Download
memory/724-2595-0x0000000005A40000-0x0000000005A96000-memory.dmp

Filesize
344KB

Download
memory/724-2593-0x0000000000E60000-0x0000000000ED2000-memory.dmp

Filesize
456KB

Download
memory/1536-2295-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1536-2300-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3240-2294-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2292-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2291-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2185-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2293-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2182-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2181-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2183-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2184-0x00007FF9E77D0000-0x00007FF9E77E0000-memory.dmp

Filesize
64KB

Download
memory/3240-2187-0x00007FF9E5340000-0x00007FF9E5350000-memory.dmp

Filesize
64KB

Download
memory/3240-2186-0x00007FF9E5340000-0x00007FF9E5350000-memory.dmp

Filesize
64KB

Download
memory/3268-2470-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3268-2302-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/4572-2134-0x00007FFA082B0000-0x00007FFA08566000-memory.dmp

Filesize
2.7MB

Download
memory/4572-2135-0x00007FF9FE790000-0x00007FF9FF840000-memory.dmp

Filesize
16.7MB

Download
memory/4572-2133-0x00007FFA19230000-0x00007FFA19264000-memory.dmp

Filesize
208KB

Download
memory/4572-2132-0x00007FF66A990000-0x00007FF66AA88000-memory.dmp

Filesize
992KB

Download
memory/4776-2048-0x00000000059A0000-0x0000000005A32000-memory.dmp

Filesize
584KB

Download
memory/4776-2049-0x0000000005A70000-0x0000000005A7A000-memory.dmp

Filesize
40KB

Download
memory/4776-2047-0x0000000005EB0000-0x0000000006454000-memory.dmp

Filesize
5.6MB

Download
memory/4776-2046-0x0000000000F50000-0x0000000000FBE000-memory.dmp

Filesize
440KB

Download
memory/5108-2613-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/5564-2611-0x00000000023C0000-0x000000000262B000-memory.dmp

Filesize
2.4MB

Download
memory/5580-2301-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5596-2323-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5752-2298-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5752-2299-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5820-2612-0x00000000020C0000-0x000000000232B000-memory.dmp

Filesize
2.4MB

Download
memory/5928-2473-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download