troldesh | hxxps://pornhub[.]com | Triage

Analysis

max time kernel
723s
max time network
715s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 15:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://pornhub.com

Score

10^/10

troldesh discovery persistence ransomware trojan upx

Malware Config

Signatures

Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

Executes dropped EXE 2 IoCs

pid	Process
728	Free YouTube Downloader.exe
3676	Box.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2948-2235-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2948-2237-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2948-2238-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2948-2236-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2948-2251-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2948-2252-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

flow	ioc
276	camo.githubusercontent.com
276	raw.githubusercontent.com
277	raw.githubusercontent.com
282	raw.githubusercontent.com

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2488	1952	WerFault.exe	155

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Box.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{5A185470-116B-4BAF-85FF-415412694642}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{518779A4-3463-493C-BC57-FD31BFAD5B7C}	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\FakeActivation.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3484	msedge.exe
3484	msedge.exe
396	msedge.exe
396	msedge.exe
3524	identity_helper.exe
3524	identity_helper.exe
2656	msedge.exe
2656	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
1604	msedge.exe
1604	msedge.exe
3808	msedge.exe
3808	msedge.exe
3064	msedge.exe
3064	msedge.exe
1848	msedge.exe
1848	msedge.exe
4728	identity_helper.exe
4728	identity_helper.exe
3676	msedge.exe
3676	msedge.exe
2348	msedge.exe
2348	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
5008	msedge.exe
5008	msedge.exe
760	msedge.exe
760	msedge.exe
4784	msedge.exe
4784	msedge.exe
2948	[email protected]
2948	[email protected]
2948	[email protected]
2948	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
728	Free YouTube Downloader.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4428	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 2232	396	msedge.exe	81
PID 396 wrote to memory of 2232	396	msedge.exe	81
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 4016	396	msedge.exe	83
PID 396 wrote to memory of 3484	396	msedge.exe	84
PID 396 wrote to memory of 3484	396	msedge.exe	84
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85
PID 396 wrote to memory of 4480	396	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe56bc3cb8,0x7ffe56bc3cc8,0x7ffe56bc3cd8
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1872 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16070307390522899126,14981994544073496968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe56bc3cb8,0x7ffe56bc3cc8,0x7ffe56bc3cd8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6440 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,16499648918205694087,1074356616518825039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4944

C:\Users\Admin\Downloads\FakeActivation\[email protected]
"C:\Users\Admin\Downloads\FakeActivation\[email protected]"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4428
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SendNotifyMessage
  PID:728
- - C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
    "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3676

C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 1452
  2⤵
  - Program crash
  PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1952 -ip 1952
1⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1232f4b4dc7414d91026e2c8a405c03

SHA1
5448809daca9d798b4b13c072e6bccda9b0be9a3

SHA256
d6352b69eb19d8b636df9b593c07e128ea09e02072161f603af28cc82a46f6e1

SHA512
74d0a621d965b1203d8febc1b1e1bc02eef5099fe041d432f492e613942aa7d0a482795e3eeb0e9807dc9f89aa4a317e335a99fefd8731882c9786f7d1ddb334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70c3d53c2dc69f791cf8fbbebb89cf91

SHA1
07bc1318b1798b3e2a5b7c2c9439cc405b043a48

SHA256
ee9c426971b33c1fcdcac267f4707e3e71ed2cf5fda54017e5b5fb457f75202a

SHA512
cef5df5f0b6a71f557606ccbb81f913bdb6a9d2d9024514e551e420157e6b7ca0996922e4d55e732ab72daa3d740a3d0012796cc0e2cfa26717bd08ef38ecaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\482bd2ae-f005-48df-bdcd-4183c146b4c4.tmp

Filesize
5KB

MD5
55ff04632ff8927f0be8869e2693f59d

SHA1
3fe990620d48294137ca3ba8894c0f19e134dcb0

SHA256
15a390de6074cb90b504701095164fdd5acd7f315881d542dd1f64295b6299e5

SHA512
304ad733dc44b4992feb9f1983a19b1247f6a71748fc9899ff644d7d0998be0853a0e1abeef5e661f5bc7ba6223df96c11b6e55fb96a30f8a969a47d070bf77b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5154633c-0c98-438d-9272-4fa78fb897b7.tmp

Filesize
3KB

MD5
5fec7f2874622c178cb21d41cd63802a

SHA1
ad84792f8e2da3bcb3923eb92524f9f595992788

SHA256
85d2ca7c025c79d6e88cb1143ce65dc509559b74cf535b623ab5819cec3842b8

SHA512
bb544855b896a5735aa7cf636b06dd62b581b161c54156a6cc54a63c4fc4874121cda53ede85a0be7ef9ab9e560bfede3dc17aa8efa5bcde6ea4b90af60da643

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b982c169c31a547d739671f346212299

SHA1
061d40eabfd8da7f85ec822abe7e747622aca4af

SHA256
e927eda2a871a5ccec81528529a3910cf28596ee039abd0f31ff71e93be66459

SHA512
ff410ba0d573b53652220df025f8f06028c5e9601f4597e3cc0d1209b7fafd2648b493ec1969813c5903728afe03fcc68c45e13001983c03bd2af5ea4e5ef47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
cc260392f8072fa770576d496750cd0f

SHA1
1fb9d69af23e96e9cfc5375fa828c030e11d9e57

SHA256
1cebf1df4ebb9396e0d649a8977de98049ce90a1787de77eb708c8414ad4dd17

SHA512
379ba655112a7d1fe173ed421052048b62e39631268fd2161f6d6d8e35a68c060f703c81047b7e679b853114ad63720953d87bcda6343d15c7352b89f078ae6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
bd607697f8b811e565b66f46b8a088a5

SHA1
05e3753a281ad54d357a3612f8d0113ab3cd743c

SHA256
94eccc22bb6c5ab755276625420994d81946c4e0cec99193483939995a1672c3

SHA512
429c76dd8205747df9c1d44aab99887f667456d336f17516905ba799ef98c3c8964bfdce39590d1bbc82fc7ee612e31afe07be8d10fc4cd1738354436a8df504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a772bedece03bd51ed7996056753fcd7

SHA1
cde45e56eb9da322b260f2a5e41bc997a19a96d7

SHA256
2d574ffb167931b5d5f93561b5a771932f074b73b63796979afe4958d708ea97

SHA512
33aae20a4400d4dd29246a226cedf21097bef9e3ec27a40bca0ed5f6f7c65fe5842645b907734c6cae218818e1ef262f95708f6347b61c35ea64c9b61178f59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
d5d9d97fdcdc2c0e84401c3bfeb164b6

SHA1
d41d7053ce26640e917825d262b69c24231582d2

SHA256
7234d1a55d5eca54c8d45ce5b1ba18ef3f4408e63b57d4898230275dc07d72ef

SHA512
8e46a15a75b2db1e3f1a837784c2e86f6f0d1286f70691976e2c4aebba2cff78eba0c1db79e0edd3d5ad06f217c64fc80d875bb8fcc66846b85bbdca62ef2580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8a6982394730f604f47568f9012f4fb7

SHA1
05ae4ec8c8f0135fbb1b4b22342b77bbf006ec81

SHA256
f5ce3a54c6f4f0dde37243b3d726fcadc6d86d1f63ea51720593c0b3fc6a2cb3

SHA512
d7023a96be454f1effd0f469840ef773f6cef63c32ceb32b2e35e2aa0a9de4856f047134333bea1c60f52eb945c587bf686210507f3e0c8258547e59404f6afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
132KB

MD5
3e7ea80a6cecc43426bdf4892017db4f

SHA1
0666deac0dd3a33c96c2ff656dff56af3eba7c3e

SHA256
d24fd34d64408f683dd9062aa8157239958e1fee1dd9b00dbd756915f7a2a021

SHA512
0105b392afcf9ef9e75488a4fa4f6d6e8819d114b2707b2e7db62f3b05feea7db12199c365069219c9ada4ded8581b30ee09b763c3d1d52f9e26b3e9b61e3521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
13KB

MD5
9999618314dcec2be6a0ad4eccef3903

SHA1
be4c69d202f7cb2ee4c2558154db8ee0a83b4148

SHA256
760fa1ee4f7f0d1056b49788402d3c3c670049c0db7d1e2982cb796f74783d5b

SHA512
ebaea80b142eac4e21a5a844c1f08ec337147bc9e5614ed386c6cc8b948e3df2f2889085dd12d7e86ba4961bcebfb740c591eff8201e3ed47619d181b71458f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
777B

MD5
a61e49a0062f85ee2fbb86edc4ce54d6

SHA1
25e2f80a5e7bb30550dd1604abcac7c679294c76

SHA256
9198fcc845a2c7d083544419ede8b1babea854b92d00f7e4034293fbd28186bd

SHA512
5ef112356f7ecac3625bec1420c2606af1b4a4c1e7822c1e004d6dbbca94b2f9bffdd1b138a12f5e788789cd95f2b6f8c9830d53aeeb0f9e675872fce0cb1166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
249B

MD5
bc6cbde60a4e3282a66d968d4bd69357

SHA1
83b95b8b6da3a39214d4c919502792ce6466bf16

SHA256
37f9d610851f110ef91160bc6695d21f228209b048435e357e90b8ce894e47f9

SHA512
ada6dd6b9434194cf3bf22e092d86db249978c9a1b52d40f307b6285c05023670809cefa26451c9d7f2b943a850e55891cbac7b71fbd091a51626f764fb6defd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
45ecd3c492aead06942c81ec5cc6e30f

SHA1
1ee68344f8fd290cb3b89878a11999d490ef9ba5

SHA256
6bac6b0ba3580f0a98c1de34b1d50456d9a2309af97f48e0c42be97b4fab1291

SHA512
1d4c7d2319bb4b4575a60c0ba47e16ab8c7dd457bddbde93e000ba7e0b6e7d916883d19efa353677c932a34ccfc880c27ee78d7e615557fd3395db0617532d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9fcc9ec711e23eece346914fe9ad0f80

SHA1
11fce444099780b6a0457faf57eeef7f90d138b7

SHA256
326db2d421c5e7e3313eea0c24a8d4ba25b44625277809e38085701aea17b481

SHA512
0389688b79d4c254478dade9ce253cd7475215fb294c3e3fa195aea637f50b72b75f0e95530df032524826624b7606042e0164f026f271f4c094417fa74ca92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
3645b4f86fa8e1daa624709fa8dccbf8

SHA1
86449f8380a2918eef33ae314fb0d053bcffb670

SHA256
76631b95b63cefc1e80d0ff5cb22e83b8b33f2afcde8f2e2863981a7606ad52e

SHA512
0ee3bd577053a8d8ce42c624ce56ee4f280482b6ebdf0f37ccbcc9a2a013bfbee7b9d711919268e5ef4c5ffd84318efdf372119152ba5181f0990208f930bbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2267998086626d4ad0434e84ace56a72

SHA1
644135ae137702ce79b6590b442de096e6992621

SHA256
0ecf1ed5799cd7d0a820cc73bfcf3406435c9cb6aab0ce07ba21f58918eaf0fb

SHA512
34df6d75601385f29ab0590e95d65ac9de0100ecd616c305439965a262a0f63ed366fc4e4c53ee1f496a79632054e1823ded9952ec40eb5f8cac05f9459dd0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7f36001f80abcf209260f5170cf0756

SHA1
37f8db9d738a959b0b20976db64a44a07f01c95b

SHA256
e1eee32b74a0889e5b3e064e3d341b2de29883061c019d3fca0135ea36d14f39

SHA512
0aea485c4c70fecab1d6326e98f1c95b64905955da6de4bd6b5ffd516f88e2689be0b7388d2c3179665cf263bda77a9df79bff44ccf821145fc7f343fb26e19f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e3430b6fdbe6ebb623c2235e09d193c7

SHA1
9145182f7edb3a5f46e19a65cd5da14cc33fd867

SHA256
5170f775963eb24e633d04bc73f6e5f7aa1befad3bcb541d4769310a5563c979

SHA512
ba29338284957778ab6b018768ca8e34db03279e49b61788c8c6a082eb350b4d132da3d25f3ff3916b2995aba5d708256b2a29e90e452e66ba3c7bc874e650ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
01fa08a131d373c5ac589bb3faf02cb3

SHA1
81ef7bd51c86afe3adf48edf3675aec2a647bb19

SHA256
f30d908c9fe28388be6b79ac396b9e40946a7ca02a525aa3d98161685385df20

SHA512
9c5b526f4107d0c2a2660a42ea94ffd529ce9c0de107bc9beb830b0ff30347b65680ae136f4eb19ae0e0bcb12492d71cbc4f613c1a63800574786c5b61452785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3fb508720e83bf97a56b9553b5d4743d

SHA1
fcc43e5bcb801b14cf3db2ca494da32c3e6b5e72

SHA256
adf95b7bf8ed3f92dd68ad5d85afde8087d331b8ccc49d88fa0fa7e76137701e

SHA512
d97ac04062a8f5db283ea66776b30d95941eccf686c186301a08a5f4019cec3235e9819c4c3ed144801904c2549c16e27e2cf6857f5e61e9d13147ac3e43ddfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e253d9088e076d73d1947910ce454d03

SHA1
5322167e56c299123703532defdd838134224e4f

SHA256
d605c2ed8ab8d4648f8011d8a94bd1d83e932a5cf8aeed27d2b8dca06ed5c30d

SHA512
acce45c8ac217f7e600a35b5ec4c01d2f8c50d63c53b69167dca1b70e3c19f064a86226a77d04f2ded231a31128f403f4d9783f916984a6cc4283582b968ffea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
209ad7e78fa5d3bd3844bcef58a4b40c

SHA1
943b82caff26b8bb863283f62fc1b48f24c5d84e

SHA256
380ee483ddf22f1cf7e3faf438ae0b918336415c456f1910cf4f84509d66cb93

SHA512
2f3c1a66d8406f8d39a8956cc183ece3655659eb4f5eabbfca05445bd09aa6065352c1f901711007c01bd6ef02ea74875e49181839c02d04a245f03316343216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3641f537f5fe61285d669421967fdcac

SHA1
89d3c81522c681acc8591ec7a0551c34ec5e088d

SHA256
d94c93ad330174012c304bea7c53c65856060d2ccfb62c9bebdeb563f97b1f26

SHA512
827c9f5f5f940c8861fc51aefaae0545d27318a0ef3acf4481269ae269b5ce5c61dfade2a575be981eaf960885c65d3c2430266134d27cea319d36b6c1f28aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f975afb06229f522055d0d534a3945f2

SHA1
9752a54cf796d08ff5eaa8215e817a52cd913f47

SHA256
75f6f9c8ccd3f3c9c023207b6ab19c0382a99f90f5b9362ab97df248d045d36a

SHA512
79b69ba3d068c1289e2d65d7368bc1e9aae6649f8729edc1d387145b9ed69e1aa2c382d286b6a34162666bc5373da0822e6873cf2d269d75e89c7367947b4890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0f1dd1add2b3ed38079a5296f83c8b8e

SHA1
8ac4ff54607339781ff4e87502e5bb299c64d347

SHA256
92daad7eb97d1bd4595319539c319c8966f7d448e8d8236cd01aa944284e986e

SHA512
205a7dd313a6f829dd55d39a316899783a3e728889c5f572fd72ebdf48c372402657a1e5ba2fc3e042ef734a2b8ff59862f6d110329b450d0526e35e70d33228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e31e497d61bbbb9a9475a215fabf4c7

SHA1
222a796211b2fd274a815612d536f9530da9373d

SHA256
850073f3e3e18b1c09009c85c61a07e4d8a2f225fb8f332ebf3c374a61cc2227

SHA512
8102e466da34d9ca6a05d25dbdfc9dfe6611281eb31cf6e605494ab5cb6fcff7ca93fe93433b8b53a7d38d37c58cfbf1b7ae3f5f0f7e033f69dc45d4af4822e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3684651d70ac33ee3e4eaa6ec515c5c3

SHA1
f796704731f12f3685579d2416eb458247940184

SHA256
68e33951d425281f8f406445851101140270b06f54134525bc9381baecafe737

SHA512
eaff8b551b5378eadebefc3b1807ed4e1266795858ee76a2fc2fe58f2874f3141fe39f6e36cffe1e7ce7fe097591a52a671ae5bdec861c14342b599982673a81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
4KB

MD5
03fbef90ee5ed7dcd59b9ae2fc042670

SHA1
ccdd1a56bdf7771e10fc84ec731e582ef27a6e55

SHA256
0001c53fe6f300652b19f648ff1637008630e40c99e31eed0c6750ae7c92db0a

SHA512
348bb5f95fa2aed093b3d7a3d05fd8ecf77756d8a3324a1f77efccb225dae399b0958cafb9f73d5c0dff9a0350d7d4933932915589c912c42b15c74b03245526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
c302831a68e5c93f28332b3d818b456f

SHA1
1b612d4c7e4baf080ca6c364031e2aff1467a8c1

SHA256
dba5156a32f4b59d5f81b4e9084bb3989f313de2d7c254d7096a2c9e42717017

SHA512
5751a92dcd5072ca1ef0a8983457388a2344c21b66e4c47bc4790446d877b02e9f5ac44c1602c08e6fa8b825dd09d72caa0555ce2fbecac98a770d9e882610f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
a3c3c28ec3fcec2f3dfcd945241be4fd

SHA1
0930a64f344e40fec3b1b80e200efc60ab1175b9

SHA256
7ef8bd0da65a584a53e4b36749de837d972ec9805b742c7d22f771ac33fd8250

SHA512
1c3ba3e2ef8700fe3c0bca768d09679f86db653797ba04af2ccb16a58be34c42261fc07ee2da2de725d07263e1411318b434fe4476596f88f0198ec18dd78607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
bdeb0ce089730ada9fe2ef110d6c6f2d

SHA1
5397844f3fe2fe6ecb29792bd10124923b6696eb

SHA256
564cf36d549ca67a257af28012ef2dc87cb21980cab34828de827cc811f57d15

SHA512
96367b95a9325b926e39db03fec4c012dd5bc7a78e4e3a943151c02153c2405a5c92b740624e96815727001e61b746e25a433f28f9786c7728365c49601b8979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580a4c.TMP

Filesize
48B

MD5
30b61657b783150abaa61ed3f5f0e965

SHA1
e958d08e73ada643214b44db4a7a91a0ace7ae8a

SHA256
b7ce898b2eb29212762ef36ac9d745165bef4ce58607df959b903bcb4eadaa29

SHA512
644cc70cb005e2b9b0828fbd3757650967176ff5a214950c93f46dae250551e1fd5fff0c3f292928eac911cbc540db0d92eec24b5cce4da4d2781bb77089b343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
0dd0238a57fa8540188cc4d355fc87db

SHA1
e8d70f18ccd98487a1d4741edba28c351d0ac413

SHA256
8d26de60a26a033d2e141344259f6a8e819edeecde13357dc84cfb63afcb466a

SHA512
ac4869ea1cd862685015a4bb4c0797e9050bb4718e2b288b01511697ef3d07b32f1b672cb4ee81c9064f5f869a10fecc9291fd45e0d2055f6b01a6b766c4b9cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
aceda3f59899e90dbd8e6f978484f83e

SHA1
556a3ad5c18a3c5bed68d8cae3826a944638fed0

SHA256
04c42b1942863a36a9c8263812e94e334e330041accabf32afd8de62e740d504

SHA512
ad76ac893b20e0833049427b9b7119f5e130254ee045ebe8c630ef6708b23c1c18631d225b2dd82b9c477817910bfc70408008a36f1cc5ad6fbd1918e2b3c06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367345468162568

Filesize
40KB

MD5
507ad4036bf5c29a3ce9331a59c31a45

SHA1
4940c52084a51d9a715b23002a9df53066fb3364

SHA256
2c98c7d32e89a6d1dc20e458dde59a8f59ef7c4da371a8af2ce361efa0496f8e

SHA512
06352acee1697ca7d2e1285a906d415d3a33a1f729b9283c3e0dbf007bce4ce8dc79b51b46cc794097084454d0879d9e47fe4d975ee16970d7fb71d72e92ec11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
328B

MD5
a92f5c3994c03d1ff39c29f49a3d0b69

SHA1
d4a3998c929fd931495d5666dcfeb029272d8f9e

SHA256
cddcedbfd85754ed680264b5c5e1b291c74f0e1c74589191be131ddc0efa400e

SHA512
e292e588e1a04f4b39bd1135dedb2649e2f01082f752d49db3ec07725ccb1a4c3fcdcea6532a481527655f771e24a141218211d273b3fb310339609e23ba1454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
790a2c8ed27b4263108878495e209ee2

SHA1
3ada5a0300c1f918338b1f129bd59071cb47cbbe

SHA256
15a8b6b09ea17e02f2541aecc4e6399f5fa1c716a941d6fdcc0de55901b29a05

SHA512
3381c967b166e83ed7876619e0737ff3af5191b07e8840cd5ca22a84e72e8d4bf34315dbab46ed7cfd76bd2bdc8d16da594182e3076bb4764c48b24c34c79f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
3e9307ee540013f813f5bf44e0a2af28

SHA1
78e23363a321bb3ef098e6b52866a35b3dd75bcc

SHA256
52ae1dba6ebad201aaf3979da2c43c680d5a0cecf48754dfa85fb8637fb701e0

SHA512
a167660fd610887959e96ade4a3470c096c1a00685329c972b32112f51b7cbef837fb8062c0d0fd3c271321cee3dfda3085bbd908213242e8a39bbb3510526af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
f43bbb8cdb44d19b3455c83bd80df106

SHA1
f027bb4fceafda5948fc6cf3656774d0a5c9390a

SHA256
b367922829ca0ae9325b7fe34b0be145e170083cbad8b274ee4d033c82683103

SHA512
dbc0fba6edf8e1d5251fa03c4683282fef16ba67c7072df3eec0bc076a165949912d6f9273766476b41fbc544c3f188b7f1365402cb127d88bd78525ce0587c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87eea320e510431bed0648f2268c4627

SHA1
afb6f7539535d09ef1c0696c6ee89d7aa56026b0

SHA256
d2db6a2dcb54eee282d7513997801df871ec7d3e06ace3a3dcaa2fd2c2c8630e

SHA512
c868ccc0bff1d94b58c8b3f724c8e7aadd490250f63876f9fff0b4e080f03ac1f93e9931d03c36e315d9335c8486e719b1bbbf4c88b95811532793fb7a4175d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e488cd7afb83fb045a0b830354da399b

SHA1
d7df1e3eaef3b6c11fbf09e93e8fcecdf95698c1

SHA256
ac6f3f5869b766238c3cdec1c92de72da22bc572eea42bb75c7c44b1c7457f19

SHA512
80bea338e485ba3c7bcc6c25924dab59083bb49ea1746a50664676e2d9b573c624b95fec656e8f6c3e90e276fde2295d86d5deec0323c59ff97ee306ae825a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
305d15e50fd7d2fe2da3736451addd5e

SHA1
219e9271728687395ca8e2904015cf48fcd8a341

SHA256
561cbd3a9eea5cd0638801892a07dafb5bedf15342d40170215608e882e43f2d

SHA512
6e2a9da9459348188202ae09df0355ea76d612a95910b9a71b36d60364499638918b2232e4f0490ad9a0f0de3aa62ecaa267b277093144adeac6775dd28648bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2d34bf1448cf2059b7c2932211957390

SHA1
30e4ad6ce21201339fdc94c7b73cbdfadbb2cc90

SHA256
dfc356d33efe3357a21ffb52ecea8bbab75b6b7c852f9f43b5a2a1706dbdb4c8

SHA512
9a8eb996d6ed39c450eb0914eae3ac1b30d89d9701d1c436b1a2b2fe40d51c02374506d416a9f26a3228ca18f20c91a9ce33218c349ff3d3a7b73afc65e5e127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b537e909dc7ff653e5f364c47b5b61cf

SHA1
13dbbde55b3f55f74c26f638f0a2c675dfa73142

SHA256
0ce272cd5f5b734b1251a1dc73d2f9216c78d9b78d6953cdba779bf662bf9ddc

SHA512
fa959b4b23a6d7af2306bb7a24bcc7ec26185909f562cd44efd2ca7277f7b576f4594e113269393c8ae82d6fd5763fbf2c62c184a495d11b5865c32f8c6c22cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8fd676f32a42e699c40a103dbcc1e816

SHA1
c4ccf640af9ddc29268cd6224e4d7cbbbab209aa

SHA256
4e58e0fdc896b54a8a2e5612ec1e10c309d4ed14e383715d6bcff6e9d5f602c3

SHA512
0c9d7251a963f6862466b252ea54b3b41fcb7232a4b72d83a543bcc549e45555c3d012a984aa488a51dfce2d87e8edae2d91c83db9c96f5839261b5e6aa7da60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a3ea9e25e2878ebb1d03e6b34de87baa

SHA1
b0cffe79fbb489268e2d070181f8b0a1ec5c5706

SHA256
1a18ac5478ab73d658c80aae4002cb5e4fe095347b95e2f781af09ed3bc32d92

SHA512
9e2e693a1b9853fe7091a7276973048f5e12ddf846f465b54c26a647eabfa45a27bf9eb39acbd0022ed91f7bdb3df7e6d3a61dd992f8ca8bd935300666320cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
00b375c869347ba9145e95a102a21443

SHA1
cb2818eec980570638744869c0228eec1d7f60d4

SHA256
d83b536feb7df02751b4af64f9c72320c26a019b08d824a999044fd972d988a9

SHA512
68c60b87c6e0e62a3807e0b1666cfd05f585d1bbfa3a2faade54496712d7e41c07155df43ee60fff1cf9cd278386f5b98035771be42d3ff42abc4dd4c0fc84fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bccb0f4673d725766b33353120056c67

SHA1
2fc646e6e44b7f80c30120908ce972733b512fe5

SHA256
0212cbd68d4370352a6788885da55628df0fa9a9cf9dcfc08f5d8221b50674df

SHA512
839cfb1be0869e71fda662b236100e38f20b37ea5525c54190d9533a2f65f0c7d93816df2adb76bfd5cdc7f009bdcd210cbd3b34dca025171fa3ede48460a1c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5bf87e1e916d50c20a8de3cf6d5a2d52

SHA1
d93b67eee1b765f3f6c6361b35efc8836219e5eb

SHA256
1b999fcbcca447c73a98f9dc1493506a51f1f0008f52ca1b0a8bc59601e3da86

SHA512
033e21c0eaf136cda1d00f10c47d2470bb9f9a9075e817682ee95d4c98abe8e7659efc1d1e55d8ad3e5495c27157cca3d1844c17025967392e07b5203c59aeb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a96850f7504902e3b31e200f3e35aa80

SHA1
ec124980cb65f480a53da7d55c57247d79b88871

SHA256
32bec9a6d0cab9f0039412ef1a944dcc4d69630029d9d3150f230e494a8dac9b

SHA512
eb8eb2017c43d877065a56c711437f74f207275e0ddacbdc3815453f4433054e047c593643cb6894d25d5c1a972fd06d57a751f3d4571cce4dd9ae16029c82a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b110009340e3a458872b74088e1744bd

SHA1
ad0c7fc8a4a684fa5516c5c2bf7054f16e456038

SHA256
2ccb428009223cd7c514970e1d7007f5c19b82426be12ec500c5f43d9007db07

SHA512
50eb49d41af1b3f45d653301b4c637ad4eee005ecadf2a7c9533a5af9012cc2818e4459ea56406a96c47c30d80ab15a3c47928073cb611d90c607970304981f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a8084b64aa2856ccdebb8c562eda0968

SHA1
83364a0798216b9cb5a3aa90a09338aec5da07e5

SHA256
a05037859f852e0903b2048080226cf73a8be1a23764672e1ade3a4893bdaa72

SHA512
cef5284873ca55c912aa8b9261b976e19569e82b688281dbc5c025cee7f2606f9fc9ebe792ae5e656b4abb5834473a74b4592aaa9f79fb95d2c5af9a26870b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8636295d6cbd666c45e4d8668122b5b8

SHA1
8a1f537007bf3e1c20ec928e37c76b9843cf8f1e

SHA256
b805964c49b718b179b40f99930747df786843e9337984b1f1a97e30e62a2eb4

SHA512
f573b2ad48a0c049e46230c92d064d64a848a0513e20362f8bbf82002aab203da78e92e97cbea9d2fb5fefa1d196e478eb97d168924cb99875c2297a27dd4bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b844924bfac6bf541ca37395faf52ccc

SHA1
057031f83ddec1335e6adda10056a9db49274e53

SHA256
dbe1a146d15ae1e808ad78f724ab7427100f7ec470695c824097f3460f5663bd

SHA512
f3ae0ada1b8ae9ff06ce1039ad0912ffcbf3f1cf1962d43b1f1f9e69bc346df3ff9100ad7b4bc094097805c6c84900f16af090415da30ab5eae60dbb0c2e1df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7165fd0ad1e9b9daf5c5beccb9fc8589

SHA1
fced71df92dfc6416601d18b1a73e65e96ade5af

SHA256
720536e7c1011c10f9843336647ea9611dabad07d3c11158d491304982fa77a8

SHA512
835176343022307e4698479c13dd2962c71d332a1dd147f8f55d9dfd3ab51f45c60fd73213eb0ca46251c858fbf38aebdfd085e559c9f9184ec4692b079dda8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0b2435d0f1967796a93ee7ca332ab01d

SHA1
2953599e2d48042a8e3984d371defa60f1f0908e

SHA256
9e0eda1814178824af35ff6dffd948b77389dbb412a4e13e30680dc8f3219469

SHA512
16261e48c6907c2f5c123215295fbf638f319bb8125e453636bb46e8e2b6b1d0533b1c5f7211edbc0efbca0399577120ab489602fff48097de082c32efcaec7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804dd.TMP

Filesize
537B

MD5
c7d8dffe8de7ae35aa0853c24cbb35a2

SHA1
b93689c35c6f2936784d9c99260ce283e2039f6e

SHA256
418b48eb28f7b4d274fbe3b8a6f02d76022db9db8ac062a37e3a88a2c25c616c

SHA512
cc9be0e0d13878c64b4094f04f70742310718fc1b33b2cd7639fcff58a847ef3a0620b6c3c0bf31319d0a18ed7e3b503cab23bcf866fb090c92c7e4cfc62a1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d94fac86328edff523a99930a30131bf

SHA1
a40d694c528e809db6bf1ce099ebc41b7f97f8f6

SHA256
b0847b016a0ee169ccd601d4545f43b7589f1c6ada8b6ebf2f5624276f231098

SHA512
c18cd3c69eb677198f18b15ff4781e68bcad3d73bd288bc279ac05ae19a5bee6b93a94c9c4f6556c50da01b6af0eeeafe397671e2f44191a83882a4e0a2f61c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
46034b1798b3ec0d0a2828f2ca06d711

SHA1
8758ccd7b541886b05a486dbb817ba58e5c178dd

SHA256
8ba92930135c3b79d06555c36e8adab13aed8441f89ae3940f21ad0b37e8f37f

SHA512
97840d437db26cfa5f7fc49f5fab43beb1d690a400dad0d8b69e7896ac2a18adf14194ed96985e83538f0c2a5743b8ba71675ac9119469f8bc340ad572e3fa55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
140KB

MD5
9d79ac3ba5e2002f006a785a1489afca

SHA1
70c7a76260c04d3f67216ef4e313fde11e4a0cca

SHA256
376edb7fd90569d4452f78966f5af64c3fb3eb7fb991a4e60669d0a80b3a54f8

SHA512
71643ebb4327a409b23b0508d21a885573f7f92df82a104619a1fb6ee66922ab36f8ebf157381a7592e81061cb97c47fafd065f090248135b998f8a34ca69045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
bf1a52bcb872ef58d959b6b20790b20b

SHA1
8d127393d43c76be02d5cef283b415cf8d689261

SHA256
3c2c6f0174a4b9b8225b41bfe09b1f1d202ba5018c0bef658af320d0197b0af6

SHA512
fd2b595944d76c1c46f5658eb96bcee64568a088067795b4b9202c114221e63f8f8c7c79c2b5b43152614d5f7cec041fcc0a3e1767d8fd7ddc65f7dba9e9773e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
182B

MD5
0dd18fccfced6a328349c370b5da2a31

SHA1
c114e5cfd55230702c518bdd98b6c393d3bd17a1

SHA256
e8fc75e7736728713f1f02e7c7453e06881a1f5257bf76dbd09e44463ec32fbd

SHA512
f83c141353bfb8202fded3d5afcd81253dc01f54045598655bdda4db6d35d4053e5eecbd7cc86740c10c586b40e2883f921d1ed500484901add6a4d58bd3f890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
d374bdf6872dcfab277cc2a8abffb8d1

SHA1
ae0ab174f4297afc0915fab1d388e7f46f08949c

SHA256
617a0dd3df12a730ef590d4b08c53eea9fd73126b2afe3a9eaf6f858c99b218c

SHA512
3875d5f11c4801792452c2a759704cc14cbc6fb307532b145a6bcbbb30a3063d7f45f4a147d6f23488dea8029acc087cd71c88ab0bc5c7bb2204e16daf7ea07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
376B

MD5
d531add7917630552ad37f9b6c638504

SHA1
81f415f4b4f9fc0b59f70e52fa2f741ccfce3b68

SHA256
52760aa7caa1184382b895cc67e85fdabe21303c5987888eddea23a48046f5f5

SHA512
183defbc0a04c77b642209b50bf3226bd7c80de665aad8f48b85638961975ba52b8346b96ee52eec1ba60afc881be7f3da543497a6e8e6c8b8d27a066d73f706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
99436640c0e2c1c289eaebe67e409c1a

SHA1
1353c351ee236bd1e7cfd7c1086ef5cb0bbdee76

SHA256
4b6b0ee4013273c3c333413826871ca721aa8fb06cb8c963abf3d7c02b91db3c

SHA512
9664b71992577b88564ed00ea3aec64e09c6f1e61646244dc28a5dc71a12753d8061065c1654bc9b9922b3eb521b2f418bdea1ff393429cde4befc2fa6077772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b3ca4491f031ec0981efc1ad44836ac

SHA1
605cfba70ae929519174a35ae74b788100d5da31

SHA256
9e4ceb57f0946b4d04fb07e66110c8732bff35c5772553e5dfb8cdebdccee34f

SHA512
5d972db04b7731e1dad474d3e2a950d86e78cc818f46cc2893cc3e22fd771e3b8bef7333ee0fc663cecf898ba30322fad63caf9b27522650b3f31304f2329a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f486ae96269c079ef9f76e16f78c7b12

SHA1
5ba188de49145d09e3d924550ef36b08823dfc15

SHA256
27be6d3c464d9d7a15a7dbf8fcd108fd3567faca8f7050b3a1623ca39bd1b9a3

SHA512
437d6542840a78367c71fa3cb301c31f9a01ed93fd26e93800df8e77e27a1ed2d9c9e42833da79216b292292bb1cf6a1a5aea172d2313b067f33826edb4fe211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16ed068c1b4807347c67dab330b61e81

SHA1
e545261ae1f4bed3aedacb1e941c05a1a6494515

SHA256
9a12bff0eec5f73755ad0fe7cab07f4e680c2f33b5e834b5e48e1809601db113

SHA512
1afc9222dfbd0717f5601853ca6eb028f0450bb2f8b6b45e269d4b1ac8d55568246e23394b6710fdc56fe427f1ea8447c15246416b48a1f7559b1eac3ff0ca88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
882d9dab7edb35864689697ebacb4ba4

SHA1
7d9377a31ae9c9d1fb1c2c00ba1f558033938ba4

SHA256
9c5c8ae01b9003cb165415a88e43c7d8bb931dc8745155e5b295dd48ba4cdfd1

SHA512
6494044d287e7526bb5305752400ab7a654199e058dd718b14841d8f61360f89ba990a00ce37ba9c636268ea409b0d1f6c18a32975b419f3fe93b9c2470f87ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7757ce16d1e6e87216b615d69c407470

SHA1
707c36cbf97e1ddf65f7709935d0f6e2a82018e9

SHA256
0399062d064a0076c1a026691f2c38df5291bcf070359a08068ee4dd7a026de2

SHA512
9fa5cba68d79ce739ab5d41f8c1ac48730a671da2b351b2d1557e0d8122194c668ca805ec6aefa8429eb1946d8620d0a2ed2948fbd3e98cfbbc7719c1d7c90cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2f17e8a657d06d2f931b6b0aeba39460

SHA1
7b5c719fe89838d6250843335defc761071e469f

SHA256
48d854a549fccb98aad4686fe98fed9ab5e34d5f05115d2a5c2d7326bf3aa9f8

SHA512
8be77ec974a87be85606d503be21dec0400babba91220f9e30e81256cae2fb9ed7de1ae443dac9f1e3368f456d4975c8cc8410fe7af5be1791a7a598ac49bbc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ed2f7830f01ac83a3905e6ba9ae6d59

SHA1
c69e76c45e5983de57678bf0dffbce892a184bfd

SHA256
be14e5bb599354dddb866427c1392736357464329317c073580480d5e5f0854e

SHA512
765971ffc00ad10692ac854aaba50e24126bb5bba742adc25d0beac36cc203c1b7dc4cb6494d2c1b6824031332cecad5f184bb60f37f5d1bed284528066dac98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a21d7e9e4f5b2ed801ba55208fbe2ee

SHA1
07bf915487c0d22cbd6e87924161e8e3d7338659

SHA256
bb004c898ac66c5b5c578d15946ac01ec5f0859775c335b366cfaae1768dae54

SHA512
a135656c675912af61669c94e644023ba724da2690784e31dd18816f973aac8d8fad3e33ffc03f95f4f1d59548bed202974245f70562a1f6074cc254ebaa7079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
27aed5aa952ac53d629efc7f159c7668

SHA1
1a98e6a82d7a17f53d867b48e355bc23bec35333

SHA256
d5d002a4b394a82e49c5e47a5a3992c4bba3dc5ca1ed9359519525c067389efc

SHA512
52a206fa85f5272bba55dff877db56d71ec0c02634e13e499e14e89dcb2bd87510be53ef4afcdcc7cf5b5c670d7500f1ae5b3e83e9fddea64ab8b8ce20af40ce

Download Submit
C:\Users\Admin\Downloads\FakeActivation.zip

Filesize
275KB

MD5
6db8a7da4e8dc527d445b7a37d02d5d6

SHA1
4fcc7cff8b49a834858d8c6016c3c6f109c9c794

SHA256
7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

SHA512
b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.zip

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\f8dc41fc-05bc-48ea-a08e-bcc71913bf98.tmp

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
memory/728-2083-0x000001E9FB980000-0x000001E9FB9AE000-memory.dmp

Filesize
184KB

Download
memory/1952-2085-0x0000000005780000-0x000000000581C000-memory.dmp

Filesize
624KB

Download
memory/1952-2088-0x0000000005870000-0x000000000587A000-memory.dmp

Filesize
40KB

Download
memory/1952-2087-0x00000000058F0000-0x0000000005982000-memory.dmp

Filesize
584KB

Download
memory/1952-2086-0x0000000005E00000-0x00000000063A6000-memory.dmp

Filesize
5.6MB

Download
memory/1952-2090-0x0000000005AC0000-0x0000000005ACA000-memory.dmp

Filesize
40KB

Download
memory/1952-2089-0x0000000005AE0000-0x0000000005B36000-memory.dmp

Filesize
344KB

Download
memory/1952-2084-0x0000000000CB0000-0x0000000000D22000-memory.dmp

Filesize
456KB

Download
memory/2948-2235-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2948-2237-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2948-2238-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2948-2236-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2948-2251-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2948-2252-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3676-2142-0x0000000000420000-0x0000000000494000-memory.dmp

Filesize
464KB

Download
memory/4428-2082-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download