06269114123934561ec1114ac8fa953e1b8cd1378969a45389d5483523b6b5be

Analysis

max time kernel
267s
max time network
271s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12-08-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vanish-flooder-main.zip
Size

4KB
MD5

e8dbc6796dfc37a19dabb60472ba73d7
SHA1

2db2601fcf54bd8ec1983db66b0b187d93de247a
SHA256

06269114123934561ec1114ac8fa953e1b8cd1378969a45389d5483523b6b5be
SHA512

9a0148b3969db1299652678fded760e44be8ea0fc94fd4cdcba58a9d9e2947652433ec346d0af2c15f47d0a137cf53966cd2b65de5d2c512b1eac9fa93d4df09
SSDEEP

96:vyB+jvO+WHjp1G9V1w6A3BHBjwQRINU5mW2jUkX:c+7WHjp0q6A3BHiQm9WkX

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
77	camo.githubusercontent.com
78	camo.githubusercontent.com
79	camo.githubusercontent.com
58	camo.githubusercontent.com
74	camo.githubusercontent.com
75	camo.githubusercontent.com
76	camo.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679448213026591"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-6179872-1886041298-1573312864-1000\{4EE07211-29C0-48D0-9ACD-B5B72A0B66AD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-6179872-1886041298-1573312864-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\vanish-flooder-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe
2408	msedge.exe
2408	msedge.exe
2992	msedge.exe
2992	msedge.exe
3936	msedge.exe
3936	msedge.exe
456	msedge.exe
456	msedge.exe
1708	identity_helper.exe
1708	identity_helper.exe
3684	msedge.exe
3684	msedge.exe
796	msedge.exe
796	msedge.exe
796	msedge.exe
796	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe
Token: SeShutdownPrivilege	4368	chrome.exe
Token: SeCreatePagefilePrivilege	4368	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
4368	chrome.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4080	MiniSearchHost.exe
4228	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 3588	4368	chrome.exe	91
PID 4368 wrote to memory of 3588	4368	chrome.exe	91
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 1236	4368	chrome.exe	92
PID 4368 wrote to memory of 3560	4368	chrome.exe	93
PID 4368 wrote to memory of 3560	4368	chrome.exe	93
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94
PID 4368 wrote to memory of 1064	4368	chrome.exe	94

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\vanish-flooder-main.zip
1⤵
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb4760cc40,0x7ffb4760cc4c,0x7ffb4760cc58
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4584 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4736,i,8418584578720016833,6603619314678179607,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb47a33cb8,0x7ffb47a33cc8,0x7ffb47a33cd8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17282108831689778902,8571738324573380608,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\vanish-flooder-main\vanish-flooder-main\start.bat" "
1⤵
PID:4620
- C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exe
  python main.py
  2⤵
  PID:5028

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3d9e67056d3fa848da03d385b8471315

SHA1
4effc028553b7cfeec04e121a91a2d73e4f6997f

SHA256
aaa017027f5990804f259feb39c87e21164afeb6498973ccec375fa9c210b7d4

SHA512
b5a3534a2f0f8393fe103d11a2a3fd31e69dbafd2e206fdd2e212a88ed719f40f35508eee96421f49d5deb72bb479011b4564b5745f79ad6517d2f4b86c85b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
681a0fc5d1fa7f480b3178592779e121

SHA1
99cd58621a2564fd3580858e61c0f0b3c9904722

SHA256
5a31f0c00281f2b4122263788dcaadabc4abe2dbc7dd65762b2ecb796a75b24f

SHA512
5c5aee1705ae3cd460d1bcf41a5592a96a8f28f589b8c16a79921330d138f0d1332c60ee744e01d43c7e65185f0a4452de3f2072940d44d34d7e03cc80cc509e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7e06218ed852b4a80b3ec7ad42a65cb7

SHA1
fbeff5a7ffb118445a7c2cc5e33e76ae4ef65490

SHA256
f1c6d9418003589e8f5e283da71a19d2f5f48a096d8d48853a4205d2d37d6302

SHA512
56c0e6a8513679dde2a1c87228d291718cfc5b17a30c19f6e14cbc32704bd20f7f5a48b4e81ec65dc8f6682d1491d5f15ad4a07c30e7e5786f2cae1dcbf89bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8e765c52a95d05233598e6abecf2dc1a

SHA1
a0e23a4c1d7bc84e7b179ae11fa0b488f13b1af1

SHA256
2b5f7a9e92ab14275f0b532008b6cf113b0b359628aa8f57644c642953da0595

SHA512
2bb9c4ade78227d309c58109760a41a4b849d8f0b28fc0e38e53a4895cd615a9dd8402ebd2de020f5a752e6d8c35fc4fb66c5a0052b8fc3c1b7912229a8d88c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9f1f92d06c1c2e3a7f622de50c4020d8

SHA1
20beaa85ebcf103a069d1f0c9171b9221eda5a01

SHA256
d8c9abfdca087755867fe133d70a9a4e944e19d8bb24b7ec2b11d94f153e68f3

SHA512
12db9dd8fb846466e21a3927c196b38eb430fc7449d52eed2cc40f6f0052dd1bd2e6d77d4853de1c490d2b8810909eb2a9bfa010a2856c5ac8b60b2b17ae8e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c30942061218995c1f9866f14941f9be

SHA1
5bfa09def48ed67df64900706ce645077269c3a0

SHA256
cb8e9c0feb4d3edb01c4f41c949afce6a11697976086fa7b1f33246107c4d103

SHA512
b117f3f65d763209bd244dfce95061030b714fdf9a352d108b2402678b437cddd88f4a85ca28666569cd3e130a2a3dc44ad83a75f41cdf58ca904222007bba82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
19bff16c53cd72502b2fee832665e22f

SHA1
5796476986a00842ac5de6358b44243205b3e0f8

SHA256
8e4e656d6dda662e0330bba579557f9020da21d878bae79f40555bdaf19fcea5

SHA512
886b630360be5f18cbfb2fc118c6ffdacbc07e846963cb1f5da976567cfb0d56e0b80c46c31d40b65a377dabb804a43854e145244964e7ff2349f84405daed33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
582d1cab5206019e0cf502505a7d0b9e

SHA1
0a8397e7fa8ee21f1212a51ffd11c96ac12d4143

SHA256
d82f9b58fc2bfabbf5d2dc3cbde68b712abe03c31b779cd8e2759f19ae1ed963

SHA512
392b2c412d25698b5e31d4150a4565d5b29a9ea89384303f6c01c20f1555beaf3ea771f73096dd191ab7e98f772a592567c908bd0bed6101f86e26513f4981f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
ecc8c1806743a071aef5440fa38c3f51

SHA1
5e930fae00d9b840d9a5db4c4626c382598b2c5f

SHA256
3cd0688c1915509e04b34727c54a8c50e0c9706b891b99932011d2e76d13dd5b

SHA512
ae004e288aea3db64e5a6b28d2251581fe6072df2146c79cab822507963e6976e940297175345a22716ca0e1a3280130c9150834b25a7ef75f23b581f2543fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
193KB

MD5
3c2f93a191b30af61e799d6a04d47ba4

SHA1
028084f27f63603940e4e528530de988ed086f40

SHA256
96cd9cbd7c58fbc24d811d08bf7edcde8b15b5d9c151cb453d1a4449f8ad839b

SHA512
b6a46603b13812350d99832af5a2f921abc3cc5b0df9c0df8b98d1fe5d4c4ca604ca031bb4a02cf48081b1cb8d54e12fb5bc70b80042ddd95d45e421ccd19dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9efc5ba989271670c86d3d3dd581b39

SHA1
3ad714bcf6bac85e368b8ba379540698d038084f

SHA256
c2e16990b0f6f23efdcecd99044993a4c2b8ba87bd542dd8f6256d69e24b93b3

SHA512
c1bc0dc70ab827b54feb64ad069d21e1c3c28d57d126b08314a9670437881d77dba02b5cca57ef0f2aa7f8e7d4d163fbd2c6f246ea2d51ce201d61a89015e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
302c3de891ef3a75b81a269db4e1cf22

SHA1
5401eb5166da78256771e8e0281ca2d1f471c76f

SHA256
1d1640e5755779c90676290853d2e3ca948f57cf5fb1df4b786e277a97757f58

SHA512
da18e7d40376fd13255f3f67a004c3a7f408466bd7ce92e36a4d0c20441279fe4b1b6e0874ab74c494663fb97bd7992b5e7c264b3fc434c1e981326595263d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
15157be10a614d1fa4a0631f42247e46

SHA1
2f40fd07facc752984970dffeead72d5ac6b0185

SHA256
9aebd0e644fe801ee51d001a6b647f9a1223d3cdcc7ed6d1eeb053370494be80

SHA512
79a71acd6af6f3ddb19fbaf42d967ce7e4a5c0544c6b7548b844242534148c83ca9e5b63ab71c60b2e1ce516d8fcb4878981f9661670293381f089859359d5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
535f760515c6acd9064d2fc6de1ab871

SHA1
bddc8a3e82ff938d248ba5891ef80f7c030f40ca

SHA256
65b240705deec0dd38f2c4bfc89fc796d87a9c919bbeec9c597507c6b033e917

SHA512
43e0b36f02c2a13e1fe77aeac2ffc6d845665703c8dde9654b19ec1fccd91a5a915cb176b7652a9f1e6760c9a49935cf32fafbcf694228862a6bc32ba6d891c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d6cc97ed9cef1d702c85680d7eacce74

SHA1
66820d5fc983bd0672b5f518f68a4c5cb138e6b4

SHA256
9da7075321eb71c85aae1ae49f732544d032b2f819c4edb4688b05cf4421d671

SHA512
73e17fcd47751dc13fff93dcb35819a011a943d0e5cdbeb56e76f3b7fa1461eac509483f5ed17bd5e64ec083662dead27a487fe37bb8273dd56e3717dd214381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
499e2ae7c9d16558bb7c545339896c8e

SHA1
8ea6e098c56d17c4111b32d9e9c9aa2932d6298b

SHA256
cd302a633a910e8a9ffa15a6ad94d7de17fcd42f76eb1faecc73b6eee1223ec3

SHA512
6d1cfb9e20708955e3b296530b6b060ef0cc791e6590d19c344cb658c7941cf9e8f248c1e93df3bd703aca4a5929d0fd4f82b4c15f268586d5243c65156a606e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
29e296b6d4b7e1ae0a85d5a1e16eccac

SHA1
3a2217c811683662bd09f65d16ba3338dc22a1fc

SHA256
4bfe33b7bbbf64b1a490bebabd2fab95a19da120c3489146fdb472a72b205fba

SHA512
1f30e43b5ae19b34d8eeabfabb5c47245b11580363f6440f0eec9bee8f61878704a0e1ee1c5aa2faa054a58f544a5ef3b516b6a2e409df51278c9b85350830ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92505952c6a9409fd78ad41646f3f56b

SHA1
f0e7e983f87ae7764f0bbdc35173f75eb279d535

SHA256
6178d2f0cf1d5136ff8bd3efa032a6930cd1fe225b5e2c04984de85e13072b4d

SHA512
d599c3bb422983641a6d65f9b8eed95ad3d428ee6cc83693c60804f5f73f4c92983153fbc63f9a8b127e918a8fef4c3aa3329d939ff2382cef6768fcf6af91de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef6ce7bbfdbc66d9acfabb8c35f1132d

SHA1
10e77682f8daa5b76bf4d0c66cf90e98fbbdd6b0

SHA256
7b3ba5e3d8aae10462367d11f259a246895f2bc7474e63410d7412f524406a97

SHA512
50ffa0cc3128244a52efa80743ad46994cf2e868062137987ca0b0a7ea5270f2eebfbe6ce21b5d540f5cc24b75870c4142359d4b30f7aebe586384ae189c7a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67dbfeb1b34078418d4ade95bb63d61d

SHA1
295f0ed5b845c9fa82048f7bee59a476248cfb1b

SHA256
03e512f25f46dfa924858be1fdd6f57382cf4add661d6702ac14375a4fa625e3

SHA512
3866ad5031d0609482db23bd2e57daf3824345b2463a0e683360bef4fc65ff32dfd5b5ccf65ece4afeeab7083bfe98e4bf857be65495e9daaf30d7026844956c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d30ffb236beb3c66466f1c3a73479ce

SHA1
49e2e27cc5ae8cddb52c3eb290a5fd78c141187f

SHA256
963e5485f2103e0c21b2a3ee53da493dca9cd31f8cf61a5f36dcb84b1cdbc5b0

SHA512
8db263b17322b7d3d133a71a8a889868e9633b68a375385048b9de31d40c403ffa9238692b55f069b8ef9927974e28f71d3e9077ca0ca4935726a89ecbe1bfed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00537f6dba89efb4c60a9700a624cfcf

SHA1
014b5e95e3cf6806770ebb6fcc44d8acc3bc0c39

SHA256
f697053b54ad68761b4012d62f2d0ad18449e986579e747f72d207d1ff84e5be

SHA512
84041aaad8deb84144b66ddb7d60af736adbc24e5f3b93fa6288c770ace8afc5d69469b7485b5cc38548b2956f7f0e593c6846479ddb0fdfd195175245e9eb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
edb43190b19cd9bd69c8778e57de2fad

SHA1
feaa68104411f7749c21b500012806b32adc3797

SHA256
9539e5f878c54d993c2f3899f6583e6a0f8ba85322b8aa5c8ff32f71404ab275

SHA512
8eb92f9ef5bec467025088369f889b87ee44af05ff1f3c977907e3ff05524eb0508965db52bad82489b48ced9487f0d64bfa9a563b978fd2bf9dd3fa28a2558b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5887f8.TMP

Filesize
538B

MD5
52bdf1e60d6dd623bf50944d1751a6c3

SHA1
25cfb0be5e4e2ddf9c92cb36354a43cf0c1e6f61

SHA256
30ee29d21af67a589ad17c9a8f1b6a1090282cf2b5940d0113d657613810bf70

SHA512
0ce2874c98a01bacccecc85216c9a9d1160276c12240a3ae4e9669c61e0e8e64e17006a3756b43e882f126a586b6b7c7ab2b3236bb2e33ae1f88a52315951730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a63b5d307cb4646d0a90d9dcfd9654ad

SHA1
8dfe1274ede0de53f9c33c399983061fd3f85b7e

SHA256
15c6f35bb399d1e92617cae27e00ad46ff2d1a91f7ee051d3cfa9bdc0ac3cb86

SHA512
006e5dbe212f2dbd1987094892036878dbc2d69b03b8bbda55ab6e26313c873a279d96d5be095c03cefd8c3e029527c74680fec569f68336bd7f1e6a089aa9bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28ff466a897f61293e027f17cc7928d3

SHA1
095618ce35ea9e57e7cac819998018343dd068ee

SHA256
4285efe1a2dd80f547099f76d302a55341c2c722d23b54e6a5ac2b487f404b67

SHA512
650b07e3aee13bb5e3fe7306b0ea94e818dff904450bade8f33ea96b1bd7a9ce82694c4318d6088c2b52d65cf0ac40e16960931d81cb9da4bb84d189a58e4a10

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
487B

MD5
7947aa0b28eae1db70a73bc0bcb842fa

SHA1
3177528a2277d12697c8c5ef3f1907e1765fbcec

SHA256
942b645e3724a6b33b8040103f0422776413ae24958993dbb2f0da4da926e0fb

SHA512
7a2a511c9af70b709f6cd5e3c928e40cd46fe07e0818a08514dfe05147701c38e574ee17f2bb630bfc598964f077c023729f5bfca0f2142a6a41099c1187abf3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed1599235b9dd933e13cbd5751d7eec

SHA1
d461f7edc8bdb31b672f97b18d34e38bb7c96c4b

SHA256
13ee96f0fd8b45de1603cea7aa86ddaa749ea580989d6cb806d944f3547fbf43

SHA512
9679690676ef1ede8030e26359381a092eaec7cb671d51e91d8cd446006301bcb98518b977fd5d475e777baa11dd28e69135c517e3b3d74475134bfed4e8da9e

Download Submit
C:\Users\Admin\Downloads\vanish-flooder-main.zip:Zone.Identifier

Filesize
163B

MD5
1170dccb8c8171dfeab10a27e29636c1

SHA1
729e2ed9f43dc96eda0c6cc5a547d7dec6a265ea

SHA256
eea1a862daf8f07bbc80186be0dddf1201d23bf22bdf69b402241cd992624ba2

SHA512
b347928c9123bdcf0fecc0e1c167e7c2672ecc8b35c407b77e22d320a2b3618bd2ea3a270644d0b17561f355564a289073cf3980149cce402eb4064c691b649c

Download Submit