Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

10

Resubmissions

18-09-2024 06:39

240918-he326axgpj 10

18-09-2024 03:00

240918-dhc8pazdmm 10

Analysis

  • max time kernel
    279s
  • max time network
    360s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    18-09-2024 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
chimeraagilenetdefense_evasiondiscoveryevasionpersistenceprivilege_escalationransomwarespywarestealertrojanupx

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Renames multiple (3249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables Task Manager via registry modification
    evasion
  • Downloads MZ/PE file
  • Executes dropped EXE 5 IoCs
  • Obfuscated with Agile.Net obfuscator 1 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 29 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 26 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • AutoIT Executable 15 IoCs

    AutoIT scripts compiled to PE executables.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 9 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 2 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • NTFS ADS 20 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\spoolsv.exe
    1⤵
      PID:2172
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:3248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
          2⤵
          • Enumerates system info in registry
          • NTFS ADS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:1840
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffced0a3cb8,0x7ffced0a3cc8,0x7ffced0a3cd8
            3⤵
              PID:3852
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
              3⤵
                PID:2616
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
                3⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:3148
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
                3⤵
                  PID:4732
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                  3⤵
                    PID:4348
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                    3⤵
                      PID:4356
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3832
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4172
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                      3⤵
                        PID:4972
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                        3⤵
                          PID:2776
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                          3⤵
                            PID:928
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                            3⤵
                              PID:2064
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3832 /prefetch:1
                              3⤵
                                PID:4332
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 /prefetch:8
                                3⤵
                                  PID:1912
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:8
                                  3⤵
                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                  • NTFS ADS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4548
                                • C:\Users\Admin\Downloads\HawkEye.exe
                                  "C:\Users\Admin\Downloads\HawkEye.exe"
                                  3⤵
                                  • Chimera
                                  • Executes dropped EXE
                                  • Drops desktop.ini file(s)
                                  • Drops file in Program Files directory
                                  • System Location Discovery: System Language Discovery
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4352
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Downloads\YOUR_FILES_ARE_ENCRYPTED.HTML"
                                    4⤵
                                    • Modifies Internet Explorer settings
                                    PID:5052
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                  3⤵
                                    PID:4804
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 /prefetch:8
                                    3⤵
                                      PID:3664
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                                      3⤵
                                        PID:2040
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1264 /prefetch:8
                                        3⤵
                                          PID:3136
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
                                          3⤵
                                            PID:2820
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6712 /prefetch:8
                                            3⤵
                                              PID:1228
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
                                              3⤵
                                                PID:880
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6636 /prefetch:8
                                                3⤵
                                                  PID:5060
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 /prefetch:8
                                                  3⤵
                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2520
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
                                                  3⤵
                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1796
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5648 /prefetch:2
                                                  3⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4792
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1324 /prefetch:8
                                                  3⤵
                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1912
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8
                                                  3⤵
                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1296
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
                                                  3⤵
                                                    PID:1048
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 /prefetch:8
                                                    3⤵
                                                      PID:2040
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
                                                      3⤵
                                                        PID:2824
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6492 /prefetch:8
                                                        3⤵
                                                          PID:3656
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
                                                          3⤵
                                                            PID:1660
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6432 /prefetch:8
                                                            3⤵
                                                              PID:900
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                                              3⤵
                                                                PID:2700
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6744 /prefetch:8
                                                                3⤵
                                                                  PID:2552
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                                                                  3⤵
                                                                    PID:3944
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4636 /prefetch:8
                                                                    3⤵
                                                                      PID:3940
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
                                                                      3⤵
                                                                        PID:3324
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
                                                                        3⤵
                                                                          PID:3240
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1056 /prefetch:8
                                                                          3⤵
                                                                            PID:3828
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
                                                                            3⤵
                                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                            • NTFS ADS
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:1604
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:8
                                                                            3⤵
                                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                            • NTFS ADS
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:656
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
                                                                            3⤵
                                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                            • NTFS ADS
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:1916
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
                                                                            3⤵
                                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                            • NTFS ADS
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:1592
                                                                          • C:\Users\Admin\Downloads\$uckyLocker.exe
                                                                            "C:\Users\Admin\Downloads\$uckyLocker.exe"
                                                                            3⤵
                                                                            • Executes dropped EXE
                                                                            • Sets desktop wallpaper using registry
                                                                            • System Location Discovery: System Language Discovery
                                                                            PID:3532
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,3927015152342081761,851410944595569564,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                                                            3⤵
                                                                              PID:4736
                                                                            • C:\Users\Admin\Downloads\Lokibot.exe
                                                                              "C:\Users\Admin\Downloads\Lokibot.exe"
                                                                              3⤵
                                                                              • Executes dropped EXE
                                                                              • System Location Discovery: System Language Discovery
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              PID:2988
                                                                              • C:\Users\Admin\Downloads\Lokibot.exe
                                                                                "C:\Users\Admin\Downloads\Lokibot.exe"
                                                                                4⤵
                                                                                  PID:2396
                                                                                • C:\Users\Admin\Downloads\Lokibot.exe
                                                                                  "C:\Users\Admin\Downloads\Lokibot.exe"
                                                                                  4⤵
                                                                                    PID:3524
                                                                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                                                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                                                                    4⤵
                                                                                      PID:2528
                                                                                    • C:\Users\Admin\Downloads\Lokibot.exe
                                                                                      "C:\Users\Admin\Downloads\Lokibot.exe"
                                                                                      4⤵
                                                                                        PID:5056
                                                                                      • C:\Users\Admin\Downloads\Lokibot.exe
                                                                                        "C:\Users\Admin\Downloads\Lokibot.exe"
                                                                                        4⤵
                                                                                          PID:1228
                                                                                      • C:\Users\Admin\Downloads\VeryFun.exe
                                                                                        "C:\Users\Admin\Downloads\VeryFun.exe"
                                                                                        3⤵
                                                                                        • Executes dropped EXE
                                                                                        • Suspicious use of SetThreadContext
                                                                                        • Drops file in Windows directory
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:1312
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          "C:\Windows\system32\cmd.exe"
                                                                                          4⤵
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:1164
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          "C:\Windows\system32\cmd.exe"
                                                                                          4⤵
                                                                                          • Checks whether UAC is enabled
                                                                                          • Event Triggered Execution: Netsh Helper DLL
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          • Suspicious use of SendNotifyMessage
                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                          PID:1456
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          "C:\Windows\system32\cmd.exe"
                                                                                          4⤵
                                                                                            PID:2820
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            "C:\Windows\system32\cmd.exe"
                                                                                            4⤵
                                                                                              PID:4776
                                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                                              "C:\Windows\system32\cmd.exe"
                                                                                              4⤵
                                                                                                PID:4788
                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                "C:\Windows\system32\cmd.exe"
                                                                                                4⤵
                                                                                                  PID:4912
                                                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                                  4⤵
                                                                                                    PID:476
                                                                                                • C:\Users\Admin\Downloads\ChilledWindows.exe
                                                                                                  "C:\Users\Admin\Downloads\ChilledWindows.exe"
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  PID:4988
                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                              1⤵
                                                                                                PID:4196
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:4052
                                                                                                • C:\Windows\system32\AUDIODG.EXE
                                                                                                  C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
                                                                                                  1⤵
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:4160
                                                                                                • C:\Windows\explorer.exe
                                                                                                  explorer.exe
                                                                                                  1⤵
                                                                                                    PID:1392
                                                                                                    • C:\Windows\System32\ie4uinit.exe
                                                                                                      "C:\Windows\System32\ie4uinit.exe" -UserConfig
                                                                                                      2⤵
                                                                                                        PID:1980
                                                                                                        • C:\Windows\System32\ie4uinit.exe
                                                                                                          C:\Windows\System32\ie4uinit.exe -ClearIconCache
                                                                                                          3⤵
                                                                                                            PID:1044
                                                                                                        • C:\Windows\System32\unregmp2.exe
                                                                                                          "C:\Windows\System32\unregmp2.exe" /FirstLogon
                                                                                                          2⤵
                                                                                                            PID:3672
                                                                                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
                                                                                                            2⤵
                                                                                                              PID:4020
                                                                                                              • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77fdc4698,0x7ff77fdc46a4,0x7ff77fdc46b0
                                                                                                                3⤵
                                                                                                                  PID:1016
                                                                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --system-level --verbose-logging --installerdata="C:\Program Files\Google\Chrome\Application\initial_preferences" --create-shortcuts=2 --install-level=0
                                                                                                                  3⤵
                                                                                                                    PID:3288
                                                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff77fdc4698,0x7ff77fdc46a4,0x7ff77fdc46b0
                                                                                                                      4⤵
                                                                                                                        PID:796
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Installer\setup.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level
                                                                                                                    2⤵
                                                                                                                      PID:2404
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Installer\setup.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6f4b1eb10,0x7ff6f4b1eb20,0x7ff6f4b1eb30
                                                                                                                        3⤵
                                                                                                                          PID:2980
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --migrate-edgeuwp-taskbar-shortcut
                                                                                                                          3⤵
                                                                                                                            PID:3312
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffced0a3cb8,0x7ffced0a3cc8,0x7ffced0a3cd8
                                                                                                                              4⤵
                                                                                                                                PID:4548

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Program Files\Google\Chrome\Application\SetupMetrics\a741ed84-c775-4baf-9eb4-c418b3226d3b.tmp
                                                                                                                          Filesize

                                                                                                                          520B

                                                                                                                          MD5

                                                                                                                          d7bdecbddac6262e516e22a4d6f24f0b

                                                                                                                          SHA1

                                                                                                                          1a633ee43641fa78fbe959d13fa18654fd4a90be

                                                                                                                          SHA256

                                                                                                                          db3be7c6d81b2387c39b32d15c096173022cccee1015571dd3e09f2a69b508a9

                                                                                                                          SHA512

                                                                                                                          1e72db18de776fe264db3052ce9a842c9766a720a9119fc6605f795c36d4c7bf8f77680c5564f36e591368ccd354104a7412f267c4157f04c4926bce51aeeaa1

                                                                                                                          Download Submit

                                                                                                                        • C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML
                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          43a319f3bb90dbeee79db28dddd97806

                                                                                                                          SHA1

                                                                                                                          e3db346b0a5835f1b278cae29fdcc248b73bf045

                                                                                                                          SHA256

                                                                                                                          2b87d25d62797e020a8cabbf5d009559b76d6997588d576d187ff49f84e67432

                                                                                                                          SHA512

                                                                                                                          fe2d742570c55623a5ca251440048f7a4203c947d2293ec9248598551033b8ec3ee9726f29a07739b017a0fb7fc6385a8fb96e2b0d3f2450bec94b8c349d3015

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\24c60c93-539a-42a2-b285-87ebe83d79e5.dmp
                                                                                                                          Filesize

                                                                                                                          4.8MB

                                                                                                                          MD5

                                                                                                                          eb4ccf797d833068ab1b67f9edbdf75d

                                                                                                                          SHA1

                                                                                                                          0524ab4b0743f9cdf5f88ff57323b8ac5a8ed34c

                                                                                                                          SHA256

                                                                                                                          ec599f76bf51e7bd4fbfa9909273fc520aa91275ab631b91552d458382820313

                                                                                                                          SHA512

                                                                                                                          3f123fc1705b3cf501dd6d7be72415042fcf857900fedcf5933dcc0ecbbd02d72ac0894947e109f7ca51c3a011323fac26843ecbf57589868b265735a168ab9f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          2ee16858e751901224340cabb25e5704

                                                                                                                          SHA1

                                                                                                                          24e0d2d301f282fb8e492e9df0b36603b28477b2

                                                                                                                          SHA256

                                                                                                                          e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

                                                                                                                          SHA512

                                                                                                                          bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          ea667b2dedf919487c556b97119cf88a

                                                                                                                          SHA1

                                                                                                                          0ee7b1da90be47cc31406f4dba755fd083a29762

                                                                                                                          SHA256

                                                                                                                          9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

                                                                                                                          SHA512

                                                                                                                          832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          41b6bd7bf4e8a8f5bce3fb1bebeef9c1

                                                                                                                          SHA1

                                                                                                                          90c294c2e4ce4f4c1d376dbf3c57493ffdb5bc45

                                                                                                                          SHA256

                                                                                                                          335b687e291a465ca8f5c5dd06a018cb332f32cb9cdc6279e1f2cabc7777d088

                                                                                                                          SHA512

                                                                                                                          fc5a41890686d07bebe65d4cc32d80cedcd921e5c4447410ec66bccde773a319c566f1aa7f1c093d924bdf0fa03c689245d0d633ed3f888b06a18be4be7f9a8b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          99721a51f56ef2fc0ae075c8263d02cc

                                                                                                                          SHA1

                                                                                                                          6ccd6ebbec70f3da2d25ced1ba858d165a69ee18

                                                                                                                          SHA256

                                                                                                                          35c9fc50630ad1c0644f2bf13bae680427d45de26b7f339d2e8cca16bae2c8fb

                                                                                                                          SHA512

                                                                                                                          4f59a6ffb5dd889aeed21516b35dc61959cdfbb7dbba38c152c0445ae80471050f688cb0f910633e13956f641b82e59c5757610b7e40eea2646d59a085e40347

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                          Filesize

                                                                                                                          579B

                                                                                                                          MD5

                                                                                                                          063746392c478e1e6799cd20a728a0f6

                                                                                                                          SHA1

                                                                                                                          626b0dfec68db75de04c7dbfd20da933f892d009

                                                                                                                          SHA256

                                                                                                                          1a145cdfe59cd4879618a381ed243ed147b0f24d97db52bbc3d9d3bbe36e47fc

                                                                                                                          SHA512

                                                                                                                          5b934eb7d4f288fca458c33c24ed39d3f2816580f070f137e2a3e2dd38362af18020f52c49f21c154529705086e82468a16276d371fe00430533907764c2de63

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          38c6d2426274fa80176d58004c3493d4

                                                                                                                          SHA1

                                                                                                                          c0db24e48200ede1eeebf86b87170f8b62a333d7

                                                                                                                          SHA256

                                                                                                                          ec7b1fb8418b71c34501ca99fd8888fad76c611dde85ed47756b5a827c6ea95b

                                                                                                                          SHA512

                                                                                                                          18d85c1b353a538580b4d5620b801a7668c9d14641cc0f28ad02c6f71d3f0eb637b6596bd3a1b7e5ff508c979106f81b544438ddceb165d53c64bab41a94ade7

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          b1cb7f7378008e3704a1f678ca9ba0ed

                                                                                                                          SHA1

                                                                                                                          cfd73d2eaa4e488b393383efc0264162cbdbcf06

                                                                                                                          SHA256

                                                                                                                          b0bc000221b9b73a8eb3e9edde832df01f7e6990c723d0febd535026e12c52f3

                                                                                                                          SHA512

                                                                                                                          85eba91511226f8a0a0defb3a0af4c0d3b01de932d8f3bf6ec1d3439eba2741c0eb8e32232ef4fa47ee9a221f0de8204e6cc3e76c328e5c43dd77826b03aa5fb

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          8dddf166eb7c18f0efe6fc2145ac4340

                                                                                                                          SHA1

                                                                                                                          c340cc032f7908cd1f0c126a1870f0f328933378

                                                                                                                          SHA256

                                                                                                                          53d5ccbde7f6386827b5a95a5617d2e96429859de33ca12617e5be85e7655ba1

                                                                                                                          SHA512

                                                                                                                          be10a526d4791939246d21ac20bc113aea0a25f28be609584aaf70364731b7ef9150e2ac47cd1ca820f69c17c41d828b9d5bd37d22f6f0728abc2022d319004e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          e1584d1c64075b6b2d482f885499e8bb

                                                                                                                          SHA1

                                                                                                                          ad8237a352f7b96fbdee72457b8ebd27b7f0e50a

                                                                                                                          SHA256

                                                                                                                          14cd89d7719041274388e72977c733ae7fd2fb6a1235c07bfa4420bea5dd1f34

                                                                                                                          SHA512

                                                                                                                          31f8b37e3fbb3f30af58c27f83a967dd208dea9686414f8f16b71c25633bb431bf11eba574fdf9e48c62fbcad7bbeeee87254d1cd4e619bc0133e1383581fd56

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          04adb6ee1f6240d60e2bbc04631582ba

                                                                                                                          SHA1

                                                                                                                          e29589d7bd9a03c803dc8d697ee6d7c8f9cb1a6b

                                                                                                                          SHA256

                                                                                                                          44f93efe863a819d81692f7a1229f51466bf4897f1991aff5c301ffbb777a686

                                                                                                                          SHA512

                                                                                                                          0081597376b0d05808f0e3d502ae66325e4317cf8400fe51101029cc8bd6e0a7e265a39d0f9872fcb9c590c41433f1f69bcb82c7dbb9f8758b5f0c2ecb04cb74

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          874B

                                                                                                                          MD5

                                                                                                                          0b4c98aca3e21cb26cdbb356c43fc0ec

                                                                                                                          SHA1

                                                                                                                          d2220819a8b25d0384f0e2872bab018db0939079

                                                                                                                          SHA256

                                                                                                                          ed43882550b50208082cfe27a258b49dd70dc6b7c4d9182911a7e523667dca22

                                                                                                                          SHA512

                                                                                                                          47ac74c5b501ca7a7ca4e574e1a1ca3a58a8fa706ae5d876779e4b4e041b7d853155500c8cefaafb4a7bbb5ba7fcb1c47b8fb3099950058b84626aa611ab1536

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          67ce9ce3b332cd7071a8979286894fe4

                                                                                                                          SHA1

                                                                                                                          bac3b7f788e7cdbb4f618eda6863f59ca35c02db

                                                                                                                          SHA256

                                                                                                                          033c346c8e9bdbcff67a589ee4559962731388db8d7cfcfdc24a941b0518429e

                                                                                                                          SHA512

                                                                                                                          72ae3840549043a70a2c84d74ad3232ad8f84723fb684ea4cf235b5082ce5568e9268c345c3d73bb489b14425eba7d6a05c48082e2e2ce42c54536e027498409

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          1a03481f46684ab4226d05b28da6e265

                                                                                                                          SHA1

                                                                                                                          dd18b76c5602db35278b90c868719ab1fe9a6664

                                                                                                                          SHA256

                                                                                                                          6c453c444487aa49362d04fc7e7e47bf5ff6bfc8f85d3b2016ae8024b8412c93

                                                                                                                          SHA512

                                                                                                                          988c83d2cbe3889ea81c317c83cec408baddc2b32ebac54ce9498d6a8385b6489349cb4f0333ddf9dee826f6be2acf1c1a8570d61fc44afde4c01700ea509019

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          18698eac48b6dcad119c61d253f4a263

                                                                                                                          SHA1

                                                                                                                          27e46fedd17d990a6e8bad93c697606b6251ce2c

                                                                                                                          SHA256

                                                                                                                          61614df60a3b2e1886f91cf29c78d6d2d78412f3efd382b8a5fc737666e11273

                                                                                                                          SHA512

                                                                                                                          eea0de43cfb6c4378279bf3e9b7eddac281c88627a9febdb9965864f68ee2962773fd5b68350ba31e5cc40cf0f5887e5ccd38bca2157dbee940a954747f2e58f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          904f2a7c3140d529295c4c23292ea84f

                                                                                                                          SHA1

                                                                                                                          0cdb14d1e3d552a132a526d0dcc0ec36c0215c1a

                                                                                                                          SHA256

                                                                                                                          1475321b96c0ae62f64399f676269aaf041d01914e0654d6c690d3ebed2782f3

                                                                                                                          SHA512

                                                                                                                          680ddc71dc96eea6a8274a052e25800ae809f40a52b577598437da2a34a47ad97c39945209864a96ade45cd57d7632f999cfe2147c5bbc5c35ba65ee5ac31fff

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          6e156255a903d2d3a8608d83c28edef5

                                                                                                                          SHA1

                                                                                                                          8bb4a92f976c33549ff1890444a1654bd5dd3e71

                                                                                                                          SHA256

                                                                                                                          0e91f3efe8fc1a715b30216c5e4c78866151b670bdb966de434b97e68dce2700

                                                                                                                          SHA512

                                                                                                                          2ea741e4f0fd84cc6e947be4cc0465021ece18a32da3bba5e8e599daa1104fac3806cc50a5631a11e0e3a504ca9ee047fc8f6c3b7b6c5fa7f21cce875fb42510

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          1bf234ef97756e28bd8f3c70db0393d3

                                                                                                                          SHA1

                                                                                                                          eaf67288aff22ef65cc8bc43937bc944431e8986

                                                                                                                          SHA256

                                                                                                                          c0dacae4fa9792f27c0c997f1883297db388eeef729555bdc8926db1f8e7ed17

                                                                                                                          SHA512

                                                                                                                          8e0bc12714796be28c369d8f6d2553b1ee98e1b12f61307469b39be55f3fd05474a0023a918cdd1e0e919f90f9b5ca6a4962e62114da694e86d26081f84d2412

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          198bb9a4bcd4809bfaab742eb2239e89

                                                                                                                          SHA1

                                                                                                                          2079dfa07fa6b72a06cd914215f158f6830f3618

                                                                                                                          SHA256

                                                                                                                          7102f6cb292249ea0d021e818e6810487596e65b3819c56d11958cf31a10a307

                                                                                                                          SHA512

                                                                                                                          4bc92e1dd3168fc53c5ab78de842e905031868004ac1abd51c1d1ee0a60b643c25e9289dcea0a61b99dbcab0816ac61b7cc999ede1e800508858a6d8bc4769c9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          a9aa6b0afee369c33cbdce0c33b223c3

                                                                                                                          SHA1

                                                                                                                          d1f0f4942ab1daa2a9458c3a19ddc58fdd3c7898

                                                                                                                          SHA256

                                                                                                                          9405ced20e4a00cd350c649e5f2c7541d2c9200b2cc62ba37056c9f266d9dd2f

                                                                                                                          SHA512

                                                                                                                          7e2e117001786ce0e54b9299f28b211d358449bfc084a0b508399bc98480ced4f682aa20f84ddd3b32645ce40ffa83f358ab2f17867e3a156506784aa7fcf06a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          b3c6914e244177b0971531b4f757ef06

                                                                                                                          SHA1

                                                                                                                          9129f7d700ee257919b0f7f9421958fc2660106f

                                                                                                                          SHA256

                                                                                                                          d0e6d43ac66ba825920d457dca57437ee97eaa7d726cd2d354bc4d32c8b0e2c2

                                                                                                                          SHA512

                                                                                                                          3f74b76d8ebc3050bcb337c30032f82d28222f1049c633f45657f3773a85f20a100530bd15c8185a0a33820e3a77285271041c9c204752cea9b525c7eac502ba

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          2326376eedd18e592f73021780ffd395

                                                                                                                          SHA1

                                                                                                                          44d6848c5ec65c540f955a853c0acc00c0f0f28e

                                                                                                                          SHA256

                                                                                                                          2c7faa7e9e0bd366f6aa0b6f87824f6998cdb9c54d6652c0afb5c53f77e765a0

                                                                                                                          SHA512

                                                                                                                          267ee31111fc9103bec7ca507ddaa51c44471d9ce57553659215f322aa3e21a7c02c2a8ae881a044e20e23367f4ab2cd48d8be4639cf24f0caaf973e1edf328b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          3f898b143fc7001a442859f7c59086ac

                                                                                                                          SHA1

                                                                                                                          f26d327634a65e5070c41b308d9738dd2f0cb918

                                                                                                                          SHA256

                                                                                                                          bb03e3636b633cce1f1f689c098fb03dcb97704e0d872d3e70e3df6d9071f896

                                                                                                                          SHA512

                                                                                                                          89d3452399f3735a9c58934fe870981f394f70418abff109492a24d9aad4698d0acf3a8fc73eea8e81f2be3b7b6c1b6004287d9e5cb9149f34dcb8c248a6eddf

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          8b0b991db877a21068cae6eb61f14e0e

                                                                                                                          SHA1

                                                                                                                          9a1a912208ed4dd89099f0d49e1d8ea726f9d313

                                                                                                                          SHA256

                                                                                                                          3a6c2b03edf39928981633b20c9e1f411b25292233bda2acef184ba483b9d63f

                                                                                                                          SHA512

                                                                                                                          80c9be6499201f7623caff7ac0d81a5b63509afd5d7da21db454d9d550d36416444b301b0ca22d72c881b0017ac16ee20b7154d87668c6f268de815d41cdba25

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          df515e8c26702e787f127fa26a6d81ea

                                                                                                                          SHA1

                                                                                                                          6ea1cab02c0e72ec8a75217bcc1ce4a80779db3d

                                                                                                                          SHA256

                                                                                                                          fdb97b934a4131c4800ba0ff3c639257d67e7bd567082cd8b43e5b74f6c0baa1

                                                                                                                          SHA512

                                                                                                                          0f7dcf31e04cc9746446b5067ed2205986aaa701cbe1813d63144ae89075f6237ae04ab608f25b44f2289a0d65a3cd79b1254e65c7d0da7ffdad4109d5648a66

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d06f.TMP
                                                                                                                          Filesize

                                                                                                                          874B

                                                                                                                          MD5

                                                                                                                          da5002b1081dd30d580711c316eefcbc

                                                                                                                          SHA1

                                                                                                                          a126491cbd8ac03972e604c8793148a3c72e1dd5

                                                                                                                          SHA256

                                                                                                                          0bd6a6490eb247afdba0eb0ec14eed236927472f22841decbc4a8b7eb895dc4f

                                                                                                                          SHA512

                                                                                                                          d0ea8ec75ded1a9dcbc6309bd21195f77a745bac1d9047106eef9e431fc7093e18c1e9166a20f70a9e183c0e2b5edde464bd1efe28590005852efdea17621df5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                                          SHA1

                                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                          SHA256

                                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                          SHA512

                                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          206702161f94c5cd39fadd03f4014d98

                                                                                                                          SHA1

                                                                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                          SHA256

                                                                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                          SHA512

                                                                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          4af99aaf2009a855fa1c9bf678e642d6

                                                                                                                          SHA1

                                                                                                                          8e273af7013f07f646550240abc12023bbb4525e

                                                                                                                          SHA256

                                                                                                                          7499e91eb4bf069184d08d42a6f3e46c79befd6c51a244c7bfcadfca6e94355f

                                                                                                                          SHA512

                                                                                                                          c096dc89716eab2d0df52305bd17ecd91e9aac12514cd1fb76179592f796ad9964502e76b1a26dc8874136268e359ee670773b4690c1e78dc4afd9db6a877c23

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          11KB

                                                                                                                          MD5

                                                                                                                          b2352d9a78cd0d61ae93e18e4630c38a

                                                                                                                          SHA1

                                                                                                                          ffff245b2bed217406f623901ba93c97129bfaf0

                                                                                                                          SHA256

                                                                                                                          8eef7c9aee968aa0fdf741c29ec31d2822afe920bc25670e6da81ab8918a1141

                                                                                                                          SHA512

                                                                                                                          ba47f48a475411ad60c2f78a7efd3a6da5f395357eb8ef5bd00f30c77ad396dc726c5d3a575a9282f3caae73b619962e2f7cfc0da02e7679fbd3c8a8958ac9ca

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          11KB

                                                                                                                          MD5

                                                                                                                          d30c899637c93e6e5797b533058daa2c

                                                                                                                          SHA1

                                                                                                                          ab78234858d282b21020d005a508d6c8f0796960

                                                                                                                          SHA256

                                                                                                                          6f5402a5b690da89fb15746ea8c417a0b34698ad4bf34e70efa0cb26271e69e9

                                                                                                                          SHA512

                                                                                                                          348c603cc8fba80104d49992e1fd4723dbfb014cd93f37261a486195e8fd995a2520494ea3b4d039cfba357f1425499d285f531eb2cb2f904c7be277a2f7183e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          11KB

                                                                                                                          MD5

                                                                                                                          a05984723368f223a5d5e790bd457ccf

                                                                                                                          SHA1

                                                                                                                          9723dece079b266992a734af96317e29bdaaa7d2

                                                                                                                          SHA256

                                                                                                                          8044bbc0ee781da0766f5f5623f46146633e145e15af0aa7bddede54f9fcc54a

                                                                                                                          SHA512

                                                                                                                          3c3e319380c26649213c538f4c5753c5674f84f48699a5f6be3412a590dd6ac1fce556ef8046f44b534de43c40761df93f8ccb466f3604d50666084c37d88b93

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                          Filesize

                                                                                                                          11KB

                                                                                                                          MD5

                                                                                                                          7867b137feb46fd94b876fe79ca33e6d

                                                                                                                          SHA1

                                                                                                                          ff6c3ff6f8eb3a02d012a9d48833187373db1aff

                                                                                                                          SHA256

                                                                                                                          e6695a69d4c2a6f8e90bb05b2cd7b94194eda8c3adf65436d9ae59ecc8362df6

                                                                                                                          SHA512

                                                                                                                          f4fca3302c9f28819d299b48ebf44972908b8b5e99c0d306be61eebdd2d96a1580ac6544de4411fad290c913fadb6cab32ffdcc22df0a3e680840aa8699f0cce

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                                                          Filesize

                                                                                                                          704KB

                                                                                                                          MD5

                                                                                                                          86f9a87bc9f5ee8f463df9dd1cb76dd5

                                                                                                                          SHA1

                                                                                                                          1607ddf5af97bde8b45c4e6e72688061a89e1d6b

                                                                                                                          SHA256

                                                                                                                          3a0b7a1abe4c96d031b6c7e8b81a8b47587bb4a6905d605c40645909b758105d

                                                                                                                          SHA512

                                                                                                                          fdc862d64f7042becc0bb6e5438ad880c341e9b38aab6bc63d1caf76a7328e9eece92ae9805f9280a3f807fce2b425a44ba4f63090c64e4969f5b66db834dc0f

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak
                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          7050d5ae8acfbe560fa11073fef8185d

                                                                                                                          SHA1

                                                                                                                          5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                                                          SHA256

                                                                                                                          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                                                          SHA512

                                                                                                                          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RGI1D82.tmp
                                                                                                                          Filesize

                                                                                                                          24KB

                                                                                                                          MD5

                                                                                                                          dd4f5026aa316d4aec4a9d789e63e67b

                                                                                                                          SHA1

                                                                                                                          fe41b70acbcba7aa0b8a606fe82bcfde9a7bf153

                                                                                                                          SHA256

                                                                                                                          8d7e6cee70d6035c066b93143461d5f636e144373f5c46bc10a8935d306e0737

                                                                                                                          SHA512

                                                                                                                          3f18e86d8d5119df6df0d914ebf43c1a6dadb3fdeff8002940a02d0a3d763e779068a682ee6bafe650b6c371d4be2e51e01759ec5b950eef99db5499e3a6c568

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\RGI1DB5.tmp
                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          a828b8c496779bdb61fce06ba0d57c39

                                                                                                                          SHA1

                                                                                                                          2c0c1f9bc98e29bf7df8117be2acaf9fd6640eda

                                                                                                                          SHA256

                                                                                                                          c952f470a428d5d61ed52fb05c0143258687081e1ad13cfe6ff58037b375364d

                                                                                                                          SHA512

                                                                                                                          effc846e66548bd914ad530e9074afbd104fea885237e9b0f0f566bd535996041ec49fb97f4c326d12d9c896390b0e76c019b3ace5ffeb29d71d1b48e83cbaea

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\CryptoLocker.exe:Zone.Identifier
                                                                                                                          Filesize

                                                                                                                          26B

                                                                                                                          MD5

                                                                                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                          SHA1

                                                                                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                          SHA256

                                                                                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                          SHA512

                                                                                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\HawkEye.exe:Zone.Identifier
                                                                                                                          Filesize

                                                                                                                          55B

                                                                                                                          MD5

                                                                                                                          0f98a5550abe0fb880568b1480c96a1c

                                                                                                                          SHA1

                                                                                                                          d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                                          SHA256

                                                                                                                          2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                                          SHA512

                                                                                                                          dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 109466.crdownload
                                                                                                                          Filesize

                                                                                                                          68KB

                                                                                                                          MD5

                                                                                                                          bc1e7d033a999c4fd006109c24599f4d

                                                                                                                          SHA1

                                                                                                                          b927f0fc4a4232a023312198b33272e1a6d79cec

                                                                                                                          SHA256

                                                                                                                          13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

                                                                                                                          SHA512

                                                                                                                          f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 221895.crdownload
                                                                                                                          Filesize

                                                                                                                          300KB

                                                                                                                          MD5

                                                                                                                          f52fbb02ac0666cae74fc389b1844e98

                                                                                                                          SHA1

                                                                                                                          f7721d590770e2076e64f148a4ba1241404996b8

                                                                                                                          SHA256

                                                                                                                          a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683

                                                                                                                          SHA512

                                                                                                                          78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 221895.crdownload:SmartScreen
                                                                                                                          Filesize

                                                                                                                          7B

                                                                                                                          MD5

                                                                                                                          4047530ecbc0170039e76fe1657bdb01

                                                                                                                          SHA1

                                                                                                                          32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                                          SHA256

                                                                                                                          82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                                          SHA512

                                                                                                                          8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 249814.crdownload
                                                                                                                          Filesize

                                                                                                                          3.0MB

                                                                                                                          MD5

                                                                                                                          ef7b3c31bc127e64627edd8b89b2ae54

                                                                                                                          SHA1

                                                                                                                          310d606ec2f130013cc9d2f38a9cc13a2a34794a

                                                                                                                          SHA256

                                                                                                                          8b04fda4bee1806587657da6c6147d3e949aa7d11be1eefb8cd6ef0dba76d387

                                                                                                                          SHA512

                                                                                                                          a11eadf40024faeb2cc111b8feee1b855701b3b3f3c828d2da0ae93880897c70c15a0ee3aeb91874e5829b1100e0abafec020e0bf1e82f2b8235e9cc3d289be5

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 269610.crdownload
                                                                                                                          Filesize

                                                                                                                          411KB

                                                                                                                          MD5

                                                                                                                          04251a49a240dbf60975ac262fc6aeb7

                                                                                                                          SHA1

                                                                                                                          e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0

                                                                                                                          SHA256

                                                                                                                          85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3

                                                                                                                          SHA512

                                                                                                                          3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 413599.crdownload
                                                                                                                          Filesize

                                                                                                                          414KB

                                                                                                                          MD5

                                                                                                                          c850f942ccf6e45230169cc4bd9eb5c8

                                                                                                                          SHA1

                                                                                                                          51c647e2b150e781bd1910cac4061a2cee1daf89

                                                                                                                          SHA256

                                                                                                                          86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

                                                                                                                          SHA512

                                                                                                                          2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 477367.crdownload
                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          MD5

                                                                                                                          eb9324121994e5e41f1738b5af8944b1

                                                                                                                          SHA1

                                                                                                                          aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                                                          SHA256

                                                                                                                          2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                                                          SHA512

                                                                                                                          7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 530962.crdownload
                                                                                                                          Filesize

                                                                                                                          224KB

                                                                                                                          MD5

                                                                                                                          5c7fb0927db37372da25f270708103a2

                                                                                                                          SHA1

                                                                                                                          120ed9279d85cbfa56e5b7779ffa7162074f7a29

                                                                                                                          SHA256

                                                                                                                          be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

                                                                                                                          SHA512

                                                                                                                          a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 670820.crdownload
                                                                                                                          Filesize

                                                                                                                          232KB

                                                                                                                          MD5

                                                                                                                          60fabd1a2509b59831876d5e2aa71a6b

                                                                                                                          SHA1

                                                                                                                          8b91f3c4f721cb04cc4974fc91056f397ae78faa

                                                                                                                          SHA256

                                                                                                                          1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

                                                                                                                          SHA512

                                                                                                                          3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 73588.crdownload
                                                                                                                          Filesize

                                                                                                                          4.4MB

                                                                                                                          MD5

                                                                                                                          6a4853cd0584dc90067e15afb43c4962

                                                                                                                          SHA1

                                                                                                                          ae59bbb123e98dc8379d08887f83d7e52b1b47fc

                                                                                                                          SHA256

                                                                                                                          ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

                                                                                                                          SHA512

                                                                                                                          feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 966328.crdownload
                                                                                                                          Filesize

                                                                                                                          338KB

                                                                                                                          MD5

                                                                                                                          04fb36199787f2e3e2135611a38321eb

                                                                                                                          SHA1

                                                                                                                          65559245709fe98052eb284577f1fd61c01ad20d

                                                                                                                          SHA256

                                                                                                                          d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                                                                                                          SHA512

                                                                                                                          533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                                                                                                          Download Submit

                                                                                                                        • C:\Users\Admin\Downloads\chilledwindows.mp4
                                                                                                                          Filesize

                                                                                                                          3.6MB

                                                                                                                          MD5

                                                                                                                          698ddcaec1edcf1245807627884edf9c

                                                                                                                          SHA1

                                                                                                                          c7fcbeaa2aadffaf807c096c51fb14c47003ac20

                                                                                                                          SHA256

                                                                                                                          cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

                                                                                                                          SHA512

                                                                                                                          a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

                                                                                                                          Download Submit

                                                                                                                        • memory/476-8719-0x0000000000B00000-0x0000000000C0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/476-8720-0x0000000000B00000-0x0000000000C0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/476-8721-0x0000000000B00000-0x0000000000C0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/1164-8627-0x0000000001200000-0x000000000139C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                          Download

                                                                                                                        • memory/1164-8628-0x0000000001200000-0x000000000139C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                          Download

                                                                                                                        • memory/1164-8636-0x0000000010000000-0x0000000010013000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          76KB

                                                                                                                          Download

                                                                                                                        • memory/1164-8634-0x0000000010000000-0x0000000010013000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          76KB

                                                                                                                          Download

                                                                                                                        • memory/1164-8637-0x0000000010000000-0x0000000010013000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          76KB

                                                                                                                          Download

                                                                                                                        • memory/1164-8626-0x0000000001200000-0x000000000139C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8800-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8676-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8813-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8814-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8722-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8815-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8715-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8625-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8816-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1312-8677-0x0000000000360000-0x000000000099D000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          6.2MB

                                                                                                                          Download

                                                                                                                        • memory/1456-8633-0x0000000001200000-0x00000000012F4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          976KB

                                                                                                                          Download

                                                                                                                        • memory/1456-8629-0x0000000001200000-0x00000000012F4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          976KB

                                                                                                                          Download

                                                                                                                        • memory/1456-8632-0x0000000001200000-0x00000000012F4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          976KB

                                                                                                                          Download

                                                                                                                        • memory/2820-8673-0x0000000000F70000-0x000000000107C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/2820-8674-0x0000000000F70000-0x000000000107C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/2820-8675-0x0000000000F70000-0x000000000107C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/2988-8713-0x0000000006330000-0x0000000006352000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          136KB

                                                                                                                          Download

                                                                                                                        • memory/2988-8638-0x0000000005720000-0x0000000005728000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          Download

                                                                                                                        • memory/2988-8639-0x0000000005F90000-0x0000000005F98000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          Download

                                                                                                                        • memory/2988-8640-0x0000000006360000-0x00000000063A4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          272KB

                                                                                                                          Download

                                                                                                                        • memory/2988-8603-0x00000000007A0000-0x00000000007F2000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          328KB

                                                                                                                          Download

                                                                                                                        • memory/2988-8604-0x0000000001120000-0x0000000001134000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          80KB

                                                                                                                          Download

                                                                                                                        • memory/3532-8584-0x00000000052F0000-0x0000000005382000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          584KB

                                                                                                                          Download

                                                                                                                        • memory/3532-8583-0x0000000005800000-0x0000000005DA6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.6MB

                                                                                                                          Download

                                                                                                                        • memory/3532-8582-0x0000000000780000-0x00000000007EE000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          440KB

                                                                                                                          Download

                                                                                                                        • memory/3532-8585-0x00000000052B0000-0x00000000052BA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          40KB

                                                                                                                          Download

                                                                                                                        • memory/4352-300-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/4352-305-0x00000000056D0000-0x00000000056EA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          104KB

                                                                                                                          Download

                                                                                                                        • memory/4788-8711-0x0000000000900000-0x0000000000A0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/4788-8710-0x0000000000900000-0x0000000000A0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/4788-8712-0x0000000000900000-0x0000000000A0C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/4912-8718-0x0000000000500000-0x000000000060C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/4912-8717-0x0000000000500000-0x000000000060C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/4912-8716-0x0000000000500000-0x000000000060C000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.0MB

                                                                                                                          Download

                                                                                                                        • memory/4988-8657-0x000000001C470000-0x000000001C47E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          56KB

                                                                                                                          Download

                                                                                                                        • memory/4988-8655-0x000000001C3F0000-0x000000001C3F8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          32KB

                                                                                                                          Download

                                                                                                                        • memory/4988-8643-0x0000000000AE0000-0x0000000000F44000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4.4MB

                                                                                                                          Download

                                                                                                                        • memory/4988-8656-0x000000001C4A0000-0x000000001C4D8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          224KB

                                                                                                                          Download