badrabbit | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
308s
max time network
309s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2024 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

badrabbit fantom discovery evasion motw phishing ransomware

Malware Config

Extracted

Path

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Ransom Note

<html> <head> <style> body{ background-color: #3366CC; } h1 { background-color: RGB(249, 201, 16); } p { background-color: maroon; color: white; } </style> </head> <body> <center> <h1><b> Attention ! All your files </b> have been encrypted. </h1></br> <p> Due encrypting was used algoritm RSA-4096 and AES-256, used for protection military secrets.</br> That means > RESTORE YOU DATA POSIBLE ONLY BUYING decryption passwords from us.</br> Getting a decryption of your files is - SIMPLY task.</br></br> That all what you need:</br> 1. Sent Your ID_KEY on mailbox [email protected] or [email protected] </br> 2. For test, decrypt 2 small files, to be sure that we can decrypt you files.</br> 3. Pay our services. </br> 4. GET software with passwords for decrypt you files.</br> 5. Make measures to prevent this type situations again.</br></br> IMPORTANT(1)</br> Do not try restore files without our help, this is useless, and can destroy you data permanetly.</br></br> IMPORTANT(2) </br> We Cant hold you decryption passwords forever. </br>ALL DECRYPTION PASSWORDS, for what wasn`t we receive reward, will destroy after week of moment of encryption. </p> <p> Your ID_KEY: <br> </p> <table width="1024" border="0"> <tbody> <tr> <td><p>YC0p23bMoUn8xSSLIeoeCdWmDAzsv7oiQ8U7ePQ2Bi6V/dBxB9BLkL3qgVf+vMN/wz9yb3buQK1N4L0Pob18UQIgvWVIUAqRaPp9IzzynI8/+aN+0SX8yKmcIf2lrWD8Q6HTzwJR8pX+itMx9NEztbIGF2uHgWFBRJVXO+rYliC21bRM6tUVFJaGu65l6FG7woiLStAPyb0/3NHGTol2Qq9OKc3iYCXam1yD/i5cC8I63qYAQuTdkQjs0ESbuwU0p1qPUp7ZOoI3311FvAD5ttJ/TYnIFF51fRfCU6upwOoqyl406izKsbVPN4msfc3YHLpvmKGbrglLP/5viKVWJg==ZW4tVVM=</p></td> </tr> </tbody> </table> </center></html></body>

Emails

[email protected]

Signatures

BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
ransomware badrabbit
Fantom
Ransomware which hides encryption process behind fake Windows Update screen.
ransomware fantom
Renames multiple (481) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	Fantom.exe

Executes dropped EXE 6 IoCs

pid	Process
3340	Fantom.exe
5012	BadRabbit.exe
3964	4ED8.tmp
448	Satana.exe
4888	Satana.exe
2896	WindowsUpdate.exe

Loads dropped DLL 1 IoCs

pid	Process
992	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
61	raw.githubusercontent.com
62	raw.githubusercontent.com
109	raw.githubusercontent.com
110	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
506	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 448 set thread context of 4888	448	Satana.exe	161

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\lib\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\System\msadc\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	Fantom.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\TextConv\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jmc.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\et.pak	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\bg.pak	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\README.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.123\WidevineCdm\_platform_specific\win_x64\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\thaidict.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar	Fantom.exe
File created	C:\Program Files\Crashpad\attachments\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar	Fantom.exe
File created	C:\Program Files\Java\jre-1.8\legal\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\ThirdPartyNotices.txt	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\da.pak	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\Logo.png	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md	Fantom.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml	Fantom.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\Internet Explorer\uk-UA\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar	Fantom.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-BR.pak	Fantom.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	Fantom.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\DECRYPT_YOUR_FILES.HTML	Fantom.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\README.txt	Fantom.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\unicode.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md	Fantom.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif	Fantom.exe
File created	C:\Program Files\Common Files\DESIGNER\DECRYPT_YOUR_FILES.HTML	Fantom.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe
File created	C:\Windows\cscc.dat	rundll32.exe
File created	C:\Windows\dispci.exe	rundll32.exe
File opened for modification	C:\Windows\4ED8.tmp	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3804	4888	WerFault.exe	161

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Satana.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Satana.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133723909478878971"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 16438.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 639972.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 854253.crdownload:SmartScreen	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
532	schtasks.exe
3376	schtasks.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
4808	msedge.exe
4808	msedge.exe
1360	identity_helper.exe
1360	identity_helper.exe
4920	msedge.exe
4920	msedge.exe
528	msedge.exe
528	msedge.exe
808	msedge.exe
808	msedge.exe
3216	identity_helper.exe
3216	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
3800	msedge.exe
3800	msedge.exe
992	rundll32.exe
992	rundll32.exe
992	rundll32.exe
992	rundll32.exe
3964	4ED8.tmp
3964	4ED8.tmp
3964	4ED8.tmp
3964	4ED8.tmp
3964	4ED8.tmp
3964	4ED8.tmp
1020	chrome.exe
1020	chrome.exe
3340	Fantom.exe
3340	Fantom.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3340	Fantom.exe
Token: SeShutdownPrivilege	992	rundll32.exe
Token: SeDebugPrivilege	992	rundll32.exe
Token: SeTcbPrivilege	992	rundll32.exe
Token: SeDebugPrivilege	3964	4ED8.tmp
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe
Token: SeCreatePagefilePrivilege	1020	chrome.exe
Token: SeShutdownPrivilege	1020	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
808	msedge.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe
1020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 2000	4808	msedge.exe	83
PID 4808 wrote to memory of 2000	4808	msedge.exe	83
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 2780	4808	msedge.exe	84
PID 4808 wrote to memory of 3216	4808	msedge.exe	85
PID 4808 wrote to memory of 3216	4808	msedge.exe	85
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86
PID 4808 wrote to memory of 224	4808	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8b22a46f8,0x7ff8b22a4708,0x7ff8b22a4718
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,1738107083795876477,500821970023477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8b22a46f8,0x7ff8b22a4708,0x7ff8b22a4718
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,2456326923051562698,10546258692707051440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Users\Admin\Downloads\Fantom.exe
"C:\Users\Admin\Downloads\Fantom.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3340
- C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  PID:2896

C:\Users\Admin\Downloads\BadRabbit.exe
"C:\Users\Admin\Downloads\BadRabbit.exe"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:5012
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:992
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Delete /F /TN rhaegal
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4908
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /Delete /F /TN rhaegal
      4⤵
      System Location Discovery: System Language Discovery
      PID:2384
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2638643742 && exit"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2432
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2638643742 && exit"
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:532
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 01:20:00
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4192
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 01:20:00
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:3376
- - C:\Windows\4ED8.tmp
    "C:\Windows\4ED8.tmp" \\.\pipe\{4DACF683-1FED-46F7-BADD-2705E774C354}
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3964

C:\Users\Admin\Documents\Virus ransome EXE More Dont Use Dealy\Satana.exe
"C:\Users\Admin\Documents\Virus ransome EXE More Dont Use Dealy\Satana.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:448
- C:\Users\Admin\Documents\Virus ransome EXE More Dont Use Dealy\Satana.exe
  "C:\Users\Admin\Documents\Virus ransome EXE More Dont Use Dealy\Satana.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 376
    3⤵
    - Program crash
    PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4888 -ip 4888
1⤵
PID:528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8a2e8cc40,0x7ff8a2e8cc4c,0x7ff8a2e8cc58
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2000,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3368,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3168,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4492,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5000,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5196,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4696,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4400,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3432,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5436,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5588,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5624,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5732,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6004,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6132,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6272,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6416,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6560,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6836,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7008,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7100,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7324,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7080,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6700,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7256,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5524,i,1803712560691454383,15282095267606207461,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5220

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4064

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\DECRYPT_YOUR_FILES.HTML

Filesize
1KB

MD5
be647f01c06c079725a04725ac93302f

SHA1
14c9b145419c0c855442e184a9b0304c2b6d6323

SHA256
c3237889d92e75c54bf68c73cf6e902773763bafd6fe2b1d0fc25ac5b3793289

SHA512
d58f28984b668d140e63e086a7aa2a75b612f564f56e0dcc42ba611627ce8d32652ab55943e77b505f7f673a5e447502c41f645b19b5f578345cf7e3ff53f051

Download Submit
C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
160B

MD5
474741365e1423a028ee71aa0487194f

SHA1
71fd0e70f5f51f54e2b28003bdbfe5a08a7d5363

SHA256
7b0cd1245cae296b73c271e0bbce024eaff7e341eb311f6d9f6c2e84a7a5a498

SHA512
6ebee11d261a89e9d4bf2322ca8042263ac733a8c755e1bd346c076080a6e04c884f5a8601dc1705344f9d74312a1395c1a6d41ca2092361dda6f78803d3c75c

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
192B

MD5
31251c7ebfe87e5cc7246eaef6262879

SHA1
0b379f37dee0b0c3886316d9c8032db4707642ea

SHA256
5fa08eba2a9be6ae1f080f3761ed5406088d0ac3ec728483db68ca2a8200ffcf

SHA512
4de156003943727304897e7b138e5e504114c4051da3a9dcb447a063ed79fb65e67c228dd84bfe1a1a4d710cc786357dd6d9f02cc8ae7f91d718176b2979a71b

Download Submit
C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt

Filesize
192B

MD5
11badd92487b94d4c54bc9ce7856a23e

SHA1
990616b482c6548f6731edb90c5bbe751b4f2b90

SHA256
e9d03050b1582a0bb34d817b1b30525881f34f4e246e294830ae0e5b2c53b230

SHA512
57e3f457edb1681a89c28ae6532e3e3e152b19486bf2cc024d35146a55b5296e5fc0a66d37521b34d9ac744a89926820ae15c15d6b973e39a8d84aa41d15fe1c

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\directshow.md

Filesize
1KB

MD5
b9d5468d28487ba66508dc2fdef48357

SHA1
3dc69d209242ee748fcb5737a1fdac1c36dc2e1e

SHA256
a0c6f1c5a2d1f80adf052fc8245b6b1a6c54e993ec8a84f6245b927bede2a67d

SHA512
11ab8ede03a763b2c6867c0d594ff00686d3413bf9f458cbb09a3375892a0afb43bf93a2df54af3d66312b584481c82963ed1d98601506bc87c90ebe5ab5a275

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\glib.md

Filesize
31KB

MD5
b329ccdaf5169cbc0e7fe4026f447e36

SHA1
9b488bb43aefb898c901fa0c45fc12d7a6b1a608

SHA256
93b038a8070d56679694ce2e9f08164136c2c28af776398915776dc7a62f8329

SHA512
562f5cd91e82677d9eefcc4804c252e61386b830476cf31d0fc70bf2b765e6cd353fca4da2a39241f4928be4624a7bc8fee2874bffb0645e45b1d5acdf1673e5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md

Filesize
34KB

MD5
7ed978adf6a49d8db7a40025340ef27a

SHA1
7d58a160016fa096ded4c11c98446338fe876b7b

SHA256
e83eeed257c08e20af110267fe47b7a2a4cd8ec7c1e18655f856f3bf2f1944e6

SHA512
7e0cb4bdc5b9c23da962641155b85b4a223433393ec7b49c4ac457e556c5ee99c11748282ddd895006c996525e8e3694191e639f0f65fa2c01bf075f4874bffe

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md

Filesize
23KB

MD5
8aaf71a657a4adf0ed28fb11e90dd8c6

SHA1
73b807b09904a55ee7e358d6c425a2d98187a444

SHA256
ea4555e7c0bc0df653cbae8f85fb6ef777fa8c816691a3a82e3f54b649c31a72

SHA512
bda28fce688d65dbd46dd6ee3b9227823590e9de39e539f0f2dbb53bd3b3abb50176200064dc9760b7d6d07fa13d79b759651c7fbc027c89aa2f4aa87227569f

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md

Filesize
2KB

MD5
a918cf81ba1aefab67bc03c6bf27e95c

SHA1
082a7c3c7fb7491e7f58b22c28e5340d10025275

SHA256
978d35e1ebf9d7624451185616b75093a4bed417f30f5b88694fd05dcddd0f5e

SHA512
75aa5250fc075f1f346c60295207b96fa6237dde2b274a146b81025b36d1d92cd9085fa954de16b1241185d904a573d49dd7be4655e78cbc84e70c86973d155b

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md

Filesize
1KB

MD5
66a799241a4945a6781ab253568e7525

SHA1
ec360eaca0cfccceabb919d3df35de03dc0cb967

SHA256
c6e4bd6c49493adc385520e17d4c9ffc4ebf2ce6232a2f587b363079188dc837

SHA512
4ccc84f8f1efc96f712d0352d84abb66bff1450813890f6aacb95d84a8b24bb12c9b087ed1a364221b77aaf235f6a64587c88138594528353731d6223324d33e

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxml2.md

Filesize
3KB

MD5
5e10ed653a7601c148e731de3d6cb97c

SHA1
856e33b105af5d5f9093acdcf2208fea27db7e07

SHA256
54c8c232eaa5fae3d273d47235fac940b93ac02b6e44e70928b665041d858350

SHA512
9ac8682a61f01a417d9a8e62b8ebad3179fe524cedcd50c36b5ceb02e04f23e4a876db8cbda1100d034467df5d7f0f388ca17f7a6a14420b7c5d4eaee0aa2c8d

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md

Filesize
2KB

MD5
54201cbb68f54ef8a6ccbb4ac5711f5c

SHA1
8e67585597d21fe796f81f3a295cc128d50e74f5

SHA256
6be5a6d5d6bd5c01128723ce9068d8ea4f9c992e2f58f8e391368709613cf74e

SHA512
05133f457c386271b07e852cf8eb6b2fd8d0e2e29922bd419d7e6e4acab7b1dec9bd899bfc246dc8de3ec5e05bd349d9611e9b691c767a3e2ea8c018ec027920

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md

Filesize
5KB

MD5
8972ad706ede41bee0eb7cee15864dad

SHA1
5de3b55aafe1b3e18fa808f25b3525d712e4b5ca

SHA256
6165fb5d22e10c5f143509562381f6a746c9c5974965030a92a32414c8d12308

SHA512
cae728d97f90f778b5489ffefa532b656a69d786b5ff1639fe0eec8c614a8e74262b52f02b1fa150a8983d719a10485ab97bf80fb52b5c7459268544267a76c5

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md

Filesize
17KB

MD5
3e4c72bba6084960f27d120cd9df0ddc

SHA1
ae15510976a54db42b4c83653f79a0f340bec2ed

SHA256
990d77a0cb1c8498dbc4d245864a99bf20312c40272ec7a606ac55ad428f1e93

SHA512
294ac7722c922fba109488d7f7c657f0107b596415de3299176f1ac0e5e7e78b0ac47508d01fae7c78ab191cc642027c6d30f269932376974c22af71f40e1dae

Download Submit
C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md

Filesize
320KB

MD5
69997ebc7e43ce981bc94c2010388e80

SHA1
4db40819360bd2307a0cd69e25ffc1b8bdb857f4

SHA256
908003d7186a2ba0734b5d4217dae085e97d98dbc797b0463daa02834fb80090

SHA512
d41174ec0063ba43b7894e5e9544d9b2c83ae1d958bdb91f2b8c0e820a99ba3d2f3d7c549cd6ae13f4ca2999ce5f07343a8d398f66dbd75d7ccc6a49df5d874f

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\asm.md

Filesize
1KB

MD5
50e2cd568c5e70c3696f313553d5b9d0

SHA1
aad536dd411a842b4271fd85d41410cb8ba5d2e5

SHA256
83053c4a373ecd0179427978b75544d1a09ac0127c55ee6af536503ec92446d5

SHA512
4ed98ec8831b85abf8d900543ea22ce085f22f8006a8c1a7744997aaf0dc530a939188deca85c074f90279199604070ee1bf6e2f0568fd5eed6b38efedd68323

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md

Filesize
10KB

MD5
a210c9b5a5e58633498ae0f663c8574c

SHA1
ff94a1870b678d90f2dd88f7bf1545882907f71a

SHA256
3759e01276272e3bb394a998b1922de65292d3a6b642b705f5fd41a7c359603f

SHA512
d92c28df630395b14c3a41577983e37ace777b3434b70f97459cdb30b68331f6bcc8317924b5742c7d7846b89962285150b87a6f9de79ffc940fac9b16e9baf8

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cldr.md

Filesize
3KB

MD5
3c39c56e348ba3d041df787992d37dc9

SHA1
987845a0dabc867cf5b3dc685c4a2c590141ab5c

SHA256
cc93ce158641b2085c832dfe7565693132f63e94a7f129f8bb3a0b7f0922ad8b

SHA512
8f9ecec859e07d68b9e228bb07159f9224c00daff584de40d14dc49b0a63dde2eee303d92f49ac7124bc5d46f8ef18ce90f05355f86d8a8aa25db25a1dc81c02

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md

Filesize
176B

MD5
c2626e8f39c7907d16532ede1521348e

SHA1
269e20715efe86f64a9ab835360c02296b5dd964

SHA256
ddc40fa85da23f419b2e07a05a6d5d765a60a365b5d113e5eae3fac7b0530b16

SHA512
303c9db87605c64b71518874c5551d8d00c3e78df75efae76c29df058673ee35cc5445e558c9c558c26f88ee273249ff87d28d099e81b134c8b39f288e16b488

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md

Filesize
1KB

MD5
30301252ee46cc315a282ab135a2a71d

SHA1
01404c452f39226cfaea128bbf599d14278f3ee5

SHA256
91265410864e8e4b012472705c149d91c80563c3f5230b8f66833441a5359217

SHA512
50f8e25cd7834121210343aee1e7b93c8603ede60e95112df89f1eca31e8e96bbf27f3c0e70c9002c78c65f12c36ff246ce5792549f79196bab5bdd8697799df

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dom.md

Filesize
3KB

MD5
2b8ee6b9b36e50181db3f13f9d93b5d0

SHA1
1da95d955269c0af77ced8ac32bf80acf8b26b8d

SHA256
efae25190a819fb3826085b45bdd5829f44804369877a3a7e767c1fb0193dc93

SHA512
d2d25ed210e064d85c8c2a1046d9388c9abc676ea02b1a0c70380c996d53221f6cbbb5549f588f2e8869119ed2a755252c89cce8d5d0ab938fec763e4042ae95

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md

Filesize
1KB

MD5
b0c6ea673b63ea245c7ab89c4ef9696d

SHA1
58fc8928918cb182e5bcaeb283818a8f74df081a

SHA256
90d915a59f275c9d6fe6d4fded25da8df0d372ec78c0e2a203cc5001b3aac1d7

SHA512
281c1e45798c016bb72b5304d81268329ccd00df36490a865c77dee9d90909efda0173714c404652869bd3c00e843c9823eaadb6b5f4fed24f72e25361ff0e37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md

Filesize
28KB

MD5
f5cffff286a6790d5f985d0eee07f503

SHA1
afdc0c129f7a589065d9c7a7d475b394a46f008d

SHA256
de5f9ffed566377c48d3cfdecc91036d8f102df5664d825b33c3dfa546dde7e4

SHA512
f4d1a643537ae37888aa9165217f82f4efe86f1de4f18afb87bb214fcfe944d207de9a7f093b1ce7059bd31d43be762e1616e66b9ee174c420faf3d234df12c7

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md

Filesize
2KB

MD5
1b687d1c25fbf04513dfa4b2137f9462

SHA1
8a19771845155abcbc7631428868e3a81a57a840

SHA256
0e34bd10395eea1a1d5f0e204acb73033245f292918886622b39e06cf2e10adc

SHA512
46439497992b86edf7e7db9347b028008dc891f37cccfcc24242a1c5c730949f8f16b581b5586f9394f13a0373193bb9caeba2a95c66e439ecca878c442aadf5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md

Filesize
1KB

MD5
25ce59c7bfe98125ddaa592cd430eb80

SHA1
f42235bfbdfaa364cfe3422fdc69550637f91e01

SHA256
ac51b543cac224cb4d5ecb0df4287744801a514a980da316d25cebb1bd3928c1

SHA512
a595ef5a0329bdf601e0350cd8304aeee6d0abda4bf08ec10852dde06cb46c2591af2865adeeb7838f976b0010d19d6dde613e737164f183dd6eb7625e47365e

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\icu.md

Filesize
2KB

MD5
0439de500f8089423ecf74b8d739d5da

SHA1
09070cc2e34cfeaafdececd2ef9dd90760b270a8

SHA256
0a13b45d3505f7eece27a8afd776eebd686037fdea8da0c805c6d302a78d31d3

SHA512
c5109b694630eac118177937e7d6e5fbc9277ae2a9295c75b9ccdc679fed42b7ffc0af14df6755d43f85c9791dd1a904c76d2b27d7513eee3de37b72d7401c0a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md

Filesize
1KB

MD5
93211bb821fbb6c5e99b24b4ec92be58

SHA1
0d59e368f44ef00bd9116806fd2f9eee2b7e4950

SHA256
64976ae0e8776dac82026b7991c6bfca4ac1547dcf1befb9d296fbb31d99151d

SHA512
b11f0a974042f54154a434cbc18c9af2b4c8cacdbdfe0d6ee449da17c8d429a94af22f9cfc2f7e91c13514969e801795ae770eebce7709a94af44a978302f58c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\joni.md

Filesize
1KB

MD5
b30e1f9b7a9fa47e71de146099266e63

SHA1
aa84c29fb74816b5ab1c75b3ea6776f02b7de3a5

SHA256
02c2ed67207c69334acd6fe413424ca8ba9ace04773c7ed4e0924348a2509b7c

SHA512
647a24ed9265d60cebf240871ed21249014bed5fa559eba773008b835da4b3e26a16cd225d87093c77cf149ea8a79fd264a7cf6a280a9fa6e91cf624f8e18d74

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md

Filesize
1KB

MD5
6ac55028d83fbf8ffe44327f0232016b

SHA1
57b1ff2539150ec88095b788b8c7abeea92af387

SHA256
c2a929bc06fe981f1b4936acd15a6e5def59c30d781db125c1e14103ac9ef63b

SHA512
cd25c93a3cdebdcc7482a269a9df8299bacc479559f1020258ac2c49e4deea01c78600e7934a09ec98ac1d5e1b86354ecea3a58c03319cda05ac4e76ec067d2a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md

Filesize
3KB

MD5
3b4445a29add90bf2ad9db73aed1c0a9

SHA1
8d02a291551bbea38b632ffcbd04653a89184468

SHA256
859a44f18f3509e4c608a5947972c7426a453859608f21d66260b1a34770d2e7

SHA512
f2c10a71c64d31a1e76d7fc152ee07f8c6fc79286f8197985953559961e36c9df4a1ed490d23f7a7e425066e200403b749e8fe065ccafbebbc48a8fdffe2512c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md

Filesize
2KB

MD5
59b8029a99322abbfb95088e357633a5

SHA1
561367b26e22513813361687fe17f774e7802e34

SHA256
cf4d042d862683705d5275fc4f09e1d16e2fa2cea4a4cc00154b18c15ab37e3e

SHA512
8bfaeefaba2643fb8688bcc4bf3e4a8f64a23f3e1022f3450cd8d274df3de46d1971352c3a821a83aa9820a40cfbb5e667767a7404bee2943d22e2e96b969f13

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md

Filesize
6KB

MD5
2406d3db8714f5b6d37db44cb6dc473c

SHA1
3a38362ed24dc412091fa45766ff5222d278c349

SHA256
0e74cd9bff0acefe827ad73c69436ef496844668a9c7b4f418c49d1c3593094c

SHA512
13a5699d83e5de82467128f02f8f61e1459111e100f98b7eef39a9e85de790c70640a032d0af55b306f57c7b7933e5fd3012ab9ede2118d3e8b1ef165e9ecb77

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md

Filesize
5KB

MD5
770c8f8f013a7d17833d6c53e984def3

SHA1
58b70c3b31ad949f23ec7d161c3e13a6f49a1d71

SHA256
f297eea71249e4eab5dfd9fb839e29dde0147262f38e4d53856fbf605eb69ae2

SHA512
ba0b4b6560525673d1515b5ad337aca7f75fc37d4c7d9e416f834946818579ebdeb29bb0cab3f54f71d6f49b5db623e51b056e7ecd83416ce4d66b8710a36e86

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md

Filesize
3KB

MD5
47336bbc7e700be0525f5815577f5e60

SHA1
573d6a313d98fdd5372f5cf041211ee023355c1d

SHA256
25937e2d5118d813cc9a3f2b2d99972e589cd67e30fdcedaf5fc6d8ba49bf2d7

SHA512
5667852d367873205aa843c7b0ecf52a0bd281497f0ce3622c92a36bc32f34dd3b45b6a645522816f5527ce70531919431c53baa97fb28aaf12cbb37342004a2

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md

Filesize
2KB

MD5
2cbdfa7b4dbef1625fd12222313e1be9

SHA1
552c8a2ccff36dae6dd379e3103ff2b2619f1389

SHA256
466e5ef7bc432056414180db1151bfb56fe2373d430c637b9f68fcb340b654d2

SHA512
a3ba75af20e64b1495660b1bc1fab5d8d2f7758304857139d17e2b16895eccd26f70700b8f92708ca37ab0be2a052b286bb71fb145193769c2d8ac51e5f8daf3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md

Filesize
2KB

MD5
1461e18334e3ad5c51750a105e1500a8

SHA1
6370478b8c2d533359c015e3202e1ee117312428

SHA256
83341da1efbbddf75d0b4631f0fe4e7051f2bec66233ad7382a5c916982524ba

SHA512
c5091e5363727b930608bef9fbbc8204ab48657eecf58d0b3095402bea2560d0b22cc456887f7dc94c6f3499f4d0d04b81e4c319b5695dbf034583d0657bee37

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md

Filesize
1KB

MD5
020a6f26adb1cbd92fdb66c92e16132e

SHA1
41c526dfa0a7069e8a5a40a30f6a4029888f2646

SHA256
64ee1bfb978ea8e19da3a01fafd87013d88c383697b1c9e855a7d19143fc142d

SHA512
19b9d087852a283b7752bf0609bae01456a4d5824dc69b7f54777d888f75ba30126a5fdb099066730ba401cfc0443788e81f7a6783bf962565bce1e1c7a82948

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md

Filesize
1KB

MD5
34d968e3ff110f5016c75652e80f1f5b

SHA1
af4b1ea9c85e8f1fcced10609cac7a080c72555c

SHA256
f8a395481989d54f010ddf54b9e4c595543f8f195dd2c8c59f5f8fdc9b7b7be5

SHA512
9e66a24c3fe987c45c1587daa43e350f1a36010d48f9353ad9b87bad49fb355f59ac47e9464f047f84a81d38013882d604bc3556990b6dec1c839408744f2934

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\santuario.md

Filesize
11KB

MD5
022c58c3d03fb08770fa5fbb5b383e86

SHA1
32d64f9e21396ad4d99c1538dbb0bff357c5dad7

SHA256
f8a53664397af0328744f6a04073a815e65f471fe680638450482289a5d82ba8

SHA512
22e2ba7f5654a8a985f4dc8bbb6398891c06c22afa9ec4791b63eee8a2c05d316b600b5e7219497622d28440618f2c211ba13611f6dd05471fd8a94c80994af3

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md

Filesize
1KB

MD5
c1c4f81d5a87136da4c5f8218c4ddcb4

SHA1
0a7ceb8261219e64f3364e87762724b4f37b97bb

SHA256
7a60de2719ce45089ccc4487471063a2bb435360789daf5404c7e149eefb9124

SHA512
c27160c2d338b9a8ba89825a59e4621ed484bc19bcba61dce5371f014f89c4065e544571ec10b51078198134f91b228fe94644c953461450a97d9ece54111f9a

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\unicode.md

Filesize
2KB

MD5
23105f1ba87ac5f9c41de7fa1f904adb

SHA1
93ccdd65b0d8d20e1052dc5477e7f73d9508985d

SHA256
02b8c45bbd83232e8a5a0925b53de4bb697a442f4afdd8ff43ccd1ab672aca9d

SHA512
f5f3459e0f912c9d08393a71e792ef3696b6dcd462b68a283c5312a1c8eab0d3aa86e5c117aebc3f0e57713b96c41d685efd96ee71d31722a3efaaea908e497c

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xalan.md

Filesize
11KB

MD5
021cb4857a8db524b33b9dfe848c3ba9

SHA1
8a33a84b9b0c688bb65bcb5e83191b4d81913c0a

SHA256
ecfd4cb5d13200567173356b440efa0bafb1f1b2fe48fb41e308afca2495e5d5

SHA512
5d1c5cfce38c4cff5479efd76e43114cb2df7cf6bd009a6a7021663a8c730ced4d65ce0951d8d6d140b9e2d13e21e69dde77e4bb1ef18f069577e74892693a57

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md

Filesize
11KB

MD5
00ba452fd9fe5c92e10033334d7cf7b5

SHA1
b8b9490c0a0a04d1b8a21fd96560ef28431d74c8

SHA256
6e927d8f1e7a204e17b3f678897edefbf04a7019e98e8707e941dcf8c3826d71

SHA512
fd198a41bcc06c5c43e7df84a9aa7f336ccca163115bda27cd3fbdab997e7042afb971dc81bd859dd162551239e0472458cdb951cd16222cee037ec6f81a8797

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\xmlresolver.md

Filesize
11KB

MD5
cbc5c9c1ec84c3ee4dfa1837ad6c698f

SHA1
81ade6adfe79b77f8c8330ffe2fc5958289715dd

SHA256
e12da459118dc2bd04d2eb9da0cacea2b020a0591de2b96666f802dcf05e615c

SHA512
9a373a7e0d3788b75cdedf419d491a92378a7fbd58abd096abb43be99f6e799c002904b26a47b5deca876ebc9c4dd09c8211bdda0e43cac5c7bcd4fe43aab0f5

Download Submit
C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md

Filesize
1024B

MD5
d5bf94c1f0edb747cfe4756baf42d4c5

SHA1
3bf3aa3e37011bb3c7f002d02d2753896c9745d1

SHA256
a789f76dbf4762eae0b1298a687c92944d6583a13040501242987a4c1b595344

SHA512
e1ee80f0943f403e3e9cc3589e9cc6ba9ba9432f8255fdad25b1e56d244af808adf35b79f9a721847038e39d6b78e2cd2a50714284f38c81596126254995ead6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1401C7EC8E96BC79CBFD92F9DF762D_5398732881722BDE3E78D6CA6BB2B78B

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3bf66c16-3ee4-4fc3-880c-7901f31df6c4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9791801e18776ec3b1dff5c17de6538b

SHA1
6ba7e6054449c33be81fbed26d898b9338e244da

SHA256
ed219b57a64ce94b26760fb5137f82b55ea1e81a0e6c2c9b1bda95c08293209c

SHA512
07201afce16bd72107250ddc22011b1091e315b764ade97d63f06a3c41331bd53736eca2baacbc23d00d2a58336060d80e8ebcab8899e29488f27c5f050419f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
63KB

MD5
a5cc79fbd666432c461daec09604f082

SHA1
9a3df93d85aca657c5c8b60f9b4063128319647e

SHA256
9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279

SHA512
f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
46589ff6519852138482920468275461

SHA1
a36add7f7694989f58670a9f1bbdd4a6d6bac254

SHA256
0898493333ee4e2813b4c8d87be0bce1ad12cc5f3d18497ae2e5154740a653e5

SHA512
c31ea0a51ac3a0962ae415f6582b5f2d5efa70e5c7a8c9abbaf1364ad1f744d8716149eee3048b2e5f7e918f7ed961ae24a4367da2bd4a7c7e09df7efc77f732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d0d6def8ddbfeeceda052aa73542824f

SHA1
adbe627af2954cdaf7db2c1826eccf3606bc7894

SHA256
64c3f8d0a7994756d45c6a26f560830bf95d9c089dc4a793e651f9ca42833bb8

SHA512
a922cec17a3925383489255d721094a6d99984c3c6cc023e40f57fec47d8c4fef03c13c80dfa099b488fe5c59b04a9424c9fa805a3e224c7b4223a3b14fe6d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4ed0402d8b234f561331baec45790463

SHA1
ae902039148abd82bb72b00d4705cd41b74ed708

SHA256
a2474b7d7ccdafa0ce92406009a44bd2229f93be74fd183dc818beef88cebd78

SHA512
e48096bd4c5228712d679c63e5cffc00523e42d63484ec658d2a73afe9cc6449f8eda2783d4df85f4568f09f47749901a606fbd74ddd203302f181ca7073c4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3fb4d9f198eca2d39c0da8e5d4c66b5

SHA1
e9259ac4ae68b17428ade822567f100a27b755f0

SHA256
29d3a4aad024875b43bc041141607a7ea345db11c3efd90f6b9ed59ee9bc0f1a

SHA512
0b0d198e41a0254c6bc5b1c4d2f0ef182d922b30b00b6cd865bef856a356962962d06bd42d67782746a7e653ea56f5e2d17eea7ff1aaafd3e1851b8ec0004bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c66111988100ff6a67cdbd1663af72f

SHA1
e797d725f23a8fd11bb8192a9c6c67903de8991f

SHA256
f72a44ed105b66309d4bcc7050bcb34b8744f22edfa9c309d6bd8cf6114df9e7

SHA512
f14f8a161b96927d0ae295ed8bd2d4895eb791102d5611e405d747d340297cdf049fb3124c03e6c21dab516711d1386fa39c9bbcc35bac16cce3fafe51766a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
46667eb2859c6652d4ef4ce9fabc1e8f

SHA1
543496441287c46c407898e4fc6d9738cf8fd0ad

SHA256
7a51dc1b29d75248e4ba6cd0bbf8c04aa5963a582ddc655edd326138fd23ad1d

SHA512
411cce17e794fdde94cfaacecd16246b7faf8f5e76af309eb48804e8aac496ff125e2805917fa78e65a2108a1aac84af95120963711fbb8c57610f21e9233ed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
7516126f89232e9e3cfa57fa2939eb5c

SHA1
c57c54165c922807039c7786a434fc4c57888b95

SHA256
907a364f9b791fbe7dce6891ce20c43fd900656ac54528c3d00d42c43bea3ff9

SHA512
cda914ea4ece7efdc2056b49500309476cda08dfecc63ce6e724151ed221c7a6262daf984f08b8bb3d38c44ece72b622af9916b20b0ca7b0a5497aa03c94286b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
b94289838adf44563f97d0c83ef29e1d

SHA1
cd020eb4bd4783226108c17dccea4d8f9152fa45

SHA256
6d4315700b579d7930d56b6d53e28d50c09e5f1fb4a721581d5eb54f423f6767

SHA512
c14f01ad3fd96002b1304979794a8f85ae3c6568a21d332dd9099f6f16bcb92f7d71095a246dcefb789270b7fea2a136d5e72e2749fe24027ae4fe2a8e7097cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdeeca48f8268c0909fcd620f08a10e6

SHA1
e3f86ca11e1292be9d4b9c623ab330b9c54b8a11

SHA256
bce489fa9182961ea88bc677bcfa02265d9f08d8174ff9877bb78a3cb3a5e23f

SHA512
7cbe28df1d5c5b3076cc1f444087a32e6461d7d9b1bd355cd835caa52d2b746cb76e09ad055034f335518fe3ce187ccf384a03bd36b048fce3b6749c0f73efc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1a2994c0a0901a48a0c1cf403e0af05

SHA1
6f197178359387ac0dcdfbc01140a04fc604223e

SHA256
737bcbd14d31802e2d253dbb6c95e425b62b308345d7ec654abf1ab1da4b934e

SHA512
42ba075df3f1b669e4443b84df2e0201745eb9b46716cfa3d2ca4099adb174cb79c9b0629815f5d71f3bd739c8339e18672ff328901fd294b61d6ae7438ced28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d23ceca2ddc2163b7dc0fdecdca60d93

SHA1
621272cb8fb205b7a049940978d6a1bf947e0c24

SHA256
20939298afec8cf58b47df62d033258f5ad015e8d111255502dcb16ed452d846

SHA512
656b83eaaac83ac631751c5f2efa769c383184b68d3cb6c6cabc3a4489d4cdceb27b9d8a133b754b59c2eb74b2d1aec34c1e5bb34da833f18690acd7f931a87e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
84836e4d6af424cb59238efde44fc489

SHA1
9ae470a0a4f0f7d02f538fa8f5481349faa4b48e

SHA256
cbaec0d17134eb52a37cfe781d78a6743f88b2adc99af7dc1910927c362340d3

SHA512
fea6081078b7d9703e9924dbaf6401a64f6bf5a8988e6bacf9cb9aa7d2a0cf630c98436f00976073e509ab17b41a3fb728c1d0630be9b367d6c4c32fd13d36d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
f651e160f3b6b419275b794d3234c481

SHA1
22db01b80adbe89e8bf13fe9609939af7f1e1948

SHA256
5551b86008f4fac2f59f32f9a77f32c705ec1ca8773a36b3f36ab0a60ace2d1a

SHA512
39eda22288126a3882d656b8d2c7d0aeb1e4ba2078ce9b9142d7ea26b7905dea459ac173f161cd49b7da459613be3a5de2e6d5357b7e354d016d7812bd95c330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
1abb6bdc0bc1381f22534d46ca6e3c7a

SHA1
c4932eedfbec88feb5e5afb599cc99b13e30b465

SHA256
5c6406efa6f9c453bb125f2fbe9d962aa5b7dadbfc46db66cb8bbab31a1c9e5e

SHA512
a13b6ff7decd5d2e378b34c406e60e075826c94d40204ccc2aeaf7536388395187cbdcf120dd431d80f3052ae342a620bdbd917f0c6bfcd96df6e5f3f26a1fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa41a901407e812d_0

Filesize
222B

MD5
940ecf57facb1debb3ff8346a6bbacfd

SHA1
8aff450b965d1b1ba3442b9abf66233768e33158

SHA256
e93acf844d0d779f46e8bec9e181c14e96ee92433bc1155678ec11ef8008ce0a

SHA512
3154a2ae3ff3fee37b733c3104f23994bc58f7ab0ceefcc6b322700f989172bcf169fdb1f08823c46d34b2452ee8d9b2d2db5980a96fd3ac25006f80e6c9a165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
386562d39d3d6fe3d81090340addbaa4

SHA1
61c470cc92f2443f2996f8e267c0badc7c038bfe

SHA256
935e24e256a1eb6bb92f0fa124a834342a00d4aee96052c202366e5bb7b3758c

SHA512
52eae4261e12bcf90adfde3e33d50b67e66c4da0a2224d21bece5ab12fb93172248954e25f92b0b4b22cf5f2f8b56ad0e17f9429bf25bf1749284080259c9eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
76221637c09d28598e29f6d3c3a1581b

SHA1
12471b6f4de7ecc472772b1efbd5c22add3e1517

SHA256
6c1dbfe238fe73c393737310fc9043c7b838889736a6646bbd8ca977000747db

SHA512
f2846fd817e252ff85c258343ea11c33b7cd982f754f32a7359b9a66c101e436a3dac32e23c3c41df2cd7457033945a3c564dd850f72ccddc3d3887c2e18d550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Collections\collectionsSQLite

Filesize
64KB

MD5
2b65c5d1ab0aa3f3f57c635932c12a5d

SHA1
b532c837537438e591d5d6adbf96a5dfe5c40eba

SHA256
c111777e9b9a42cf62b06900b847283238af63d15033c40577cb10aaa58c084a

SHA512
7d75089fb928c23c0166a74bb2baa3c1245bb23012d30ec2cf1fe71f8412700d354d4b9b8070309b23a5b003e37727ecd00f9ffaa018ffa5bb67ad1bed58e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
55bd32ed81c134f0f3855688aa391c97

SHA1
d86539a47fdf11150bfb971e97c64a79effc5201

SHA256
5d7921adacae5072dbefbfb7e60a3485db5eb6b4a79e28b80122e2b18563a503

SHA512
08ba12bda1c0a77a308cf3238dd6508b0e9410b93c57c87bb1add01e28bc53349298abb3ef186a63c9d66b87ab9806c0332c72f7743df08319523f3bf41ff833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
d235158a16a22ce673fd06e1fda6c3d6

SHA1
bc7004f2f0ed98cb03dc182c97f337bc07537abd

SHA256
b78f590128776c21c4aeca1235821ba490059b62b76fc442f11c228ac4880403

SHA512
e9d8f1a666418003a2db7bb93340303603177b72a9b17a7ddbf851fb2f45d25eb0cf308059459159723b67d43d728c2432789a3e28e7d538e478f29929e3c651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
51074bf841f2f9c9cf734288e7b67db6

SHA1
b5398e7fc4b3f99e69cb83cf4300e3a25a4f72f1

SHA256
d2e8ccf00ae9cd9cec5069649d0dc8ed3824b182c1c72d31933638e61be90804

SHA512
0507d222b99f61d1779e81bb6333fbb9751167f77e5e3609a2a696b4c1e44f4c869b0d3a170cbe595ac2ad473bcbce99a82bb97d602e55deddc814435e098ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
195dc844d870e7aa8a34fc524579e759

SHA1
3620ea95c605a8e40741555d11d4ae9c47bb0f58

SHA256
50e931e1c344d9807dd99a242e3ec72889a8c993ef723a64d32bd635a93b46b8

SHA512
c84faecd25f80738bd8a451b70deba487e4d140b1785077d0dcfb1e5e15e0fa5bb7b9603af7ca777dfbbb400c8b2740335a5cecb20c273fddcc3a1385f543802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
6532063213d7b2e637603b88cbda9c00

SHA1
49cc1ac383dbb0385912f69d5f9b308f2205feb5

SHA256
b347c7ca02a7ac137cc25befa48ffcf3413a72c95378b27300cf3a31ac64be00

SHA512
185f185e295444af8458581828a5512c80d42ede6a7c83adbc16db91edd76b6e3e3193ab40adea7a3aed19e217d1eae86a2e53eb25973796d62da4eb2402fa68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
fe1cb251b46c11b28f8a686bf24d3060

SHA1
4404bc667f1dcc0696eab842b8e6de5c9bbc831f

SHA256
0428d770eac213c344a35bd191bd66616a069bdb1e7584aca6eb4c67e154c742

SHA512
5c606c76567105c042248c4cef548f93467c0fa4f978053ff545bcf90d73e8743bdecbb6603816e8f36a4f0549536659fc14570eab3d740ec964f63be8dc8a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
862da29ccc6de92e7f926b24c5cadc8e

SHA1
7a0820abcd0bb711a7961728f838b8946348a10e

SHA256
cb0c26fcc79256a5fc179df5cb273354ccf13f8b89d8a2afbd90dd6c6c7cdd78

SHA512
5183a8f37fadfc04bedba89f8b9ff26a21b9955e01bed18c5312ba82e8bb038e202a9968e1e832da214275c1c42c36a4f5b860cf0c94e83a2472fd649eb24149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
77bdff852ab4da696234c50f54816298

SHA1
49ce6711187f44b219bea7bafb92d2820df685ed

SHA256
271c42c81dac3d33e5677fd3290f2c34fa4c76f0f258f598ca68f0c5233f3160

SHA512
ead2a410216327ac1049fedd6bfe51d352135cf839d2ed0aea6d894a5c2c171e3961acf43a3131ce7263e0658200f4cc482ba255cab7051c9dde7b073169810d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
341d69fc5fed9f2c408b393852d5b1be

SHA1
ebe4eea1411d0cd1041c38e13b9101e85a2749c7

SHA256
348094378e27f054d1c26e98ead3b2c52d59ec9a2e2d7038984aca74638dc7ad

SHA512
b486ecb00a79c76fd48b7e3751fbb12713101893e9e4304af70f9886451c563fa35e99c3fd7a80555b855b60ab699f7631cb4ed7bce38f518ea644dc38e6f0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
c8f297c81963ae5d0233e8eb7b9674f4

SHA1
2a5439622a7e1465dc5225cad7e79d2c6e05070b

SHA256
d2b0ec6b8ccb6bbcccfb071565890ac3706acd2a141597159f8aba7942ccedf8

SHA512
62f973541648b4c1d5162cbf3f1c318a8123f9c7e038e8514b84c12d20d376bda7f79ee1ca28a4f140dc3e2ff00fd31e94835f196cbe1d133bf728eeffabbc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
d01be2bc277307bf760669a4f350a984

SHA1
64859376f5718ae3b4e6979a9f029ceaebf91fe4

SHA256
de4ea8f1d2393892282b2e5ed049c0817630e9350e541f75ac9e9dc832967d41

SHA512
a901a5b217e43b9553b2dd6edcafea6a97ad56ea0e94726e578e167409fb8218d7cd5b029788186a5ceacc2ea706f37a6d498ed6915d40e25e662501d02df94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fe438e60a385c1d4ac35ecc77eb51b2

SHA1
85284883f7c343ac21f16204a8c33892782ae94b

SHA256
7935440aeee99148d76dea3f54b1edf4c735cf15d2dfd12c0bdb9ddef1ecd721

SHA512
951f6cdfa9574322357fbbe44e4aa72d4d904cab592fe97e6581ac236371fdb506e083c77bc7ee8c7750c0df4f5b6013944d21e9289b62307aa77e751f1dabd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
995944b6ed75407a72e1ffde55e50000

SHA1
5728d9d02ec416755c0850d2be1a380288f2ea7c

SHA256
2191c613aaf0a4d08ce32646546c32f25efbf1e8d9c132559ea156a2d08f5bb7

SHA512
496e259ba1af66ceca9c70c0d12ccf39e9433f8d3de2d407d2c93dbb7b9d99c65bad0f330cdabcbfb96bfaf44ed016bc34404d4159bf3d43b1f699950bb3a1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
33cc13023396c724f898af8eea8b27e5

SHA1
4a2e925b6636e99aa75e17f843942fd4dc739a4f

SHA256
2911c6dad5bd437c5c2665439728496fb78cd3e4ac19483e0abb699a04d87759

SHA512
902b248cd33141b54afdfacfcb0bf2bf3f1fe36ac8ea5ae9ed9a1f1b8b4ef7ff4c355c842e41330e5175c3bbf33c6c4679ab6ebf63ca1c3b78906d6697bc9b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
971aaa7767c69a960fd14a88291f6665

SHA1
95cebd53d23f891e989b5704cd8b7e9087e92d0d

SHA256
779c2ad2f6c7a7f3be13961e3d532a13e5e9f45689566b1333d19b92ffde57fb

SHA512
c470c407c1e20d7fd83d75e91548f94cb35683a54797654cce291877fd283d9a771da6806853f61cfd3cc2bb7586cc894211541be9a944222a6ff86813da0759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f6349fed90809bb68efba61fb3d56e3

SHA1
fab7136d8e3d7d031912735c75b46cade9ded2df

SHA256
421123ad6d993d0d3867853b8e459d059e1759837e0d8dc2ea064a33b188e400

SHA512
377f5d6f1bb550ff4707a133752bd0c8add24334be2746b06601d953db5d1d77019162df3eda9f2f784e639aeb00a574900131b589d497b44de76af28a6fe710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fccd21c2768cc39393489b47fa546416

SHA1
4b3648d64866adb49ec56501c80698e7d30971e5

SHA256
df00aacb0c014ac2bf0c86085499b56e5e7f388ae53aafb0a609556dd15aa728

SHA512
226d708ea9f69fc362c6594b0a6f28997e8f43696603b0b9880f600153cd27a1c6d0159aa2606403fa97618fbb85f196eb100e3642e61108f6aec88d51b1828e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dada55976bd55a8e5b4e6267a01b6de3

SHA1
48eea25c06f954ea091c2bfa4e04b771df6df325

SHA256
353d27cced2b4553af8b9241cc0a37262ecbec037bd9c793045385b7c29f1160

SHA512
e803e733fda9fe5330aba3f9866981c0497d143d13128aa39faf401097ee434caac8a9024f494be1f271b6df2c96b675ad3b6d5fc6735ae98b19b2fce152beec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
919026375c389f3a92fec42caa3e97c5

SHA1
ecb2eafc81cb1d66501ee41e330abb07baeb05fa

SHA256
67078326cb728ed6c40e4260032abd04cc840d1b4d7cc12d0743f2ffffa35006

SHA512
fb72533d01618b85c9f8fe999cd8e1fa00d46ab85bfeee8daf5a66dfbd85e8be112232776f8e77b5a6298c49b3e31de62a7914268ed32e06440f7a9a4bfa7010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
2081b8dde2b754f0a2df13c18f5486a6

SHA1
9ec228260aa17b1e23647cd32153039edd8091ad

SHA256
a1259eb1ffd756c48aa447c1c067b502fd902911fc441df173999912388c1f7b

SHA512
d9b31c961839a1f5aab5abfe546986540ede1ee2f32d6fb13a78e675c99327b55cebc99938f543f39f7483889a5d4825f9856dbaaefc5169b83b2b058035b263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13372390682162742

Filesize
16KB

MD5
5153800a35c8a89e37af77c14f29bae2

SHA1
31cb4a5682d4f622b157e8474d515754bb507827

SHA256
fe581a43478a61faf6bb84f69462afe2c6c7f8f007fe959b87d0be1cc210c288

SHA512
7015595ea35d9373cf248952689777eba162d40a0d534dd64d8d5fab4f3d4d2ef509abd10742112765df264481960f3372448557b78f920af82ee74fb87cd469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372390682440742

Filesize
7KB

MD5
c4d4692f5b62b87d625eb5c3066a981a

SHA1
5bae64f36c2bc9147b7398d76714393ff3cb8317

SHA256
9a4f0999993265f11e57dbe51a95fbd6709311908033bd74ea639b61815e2ec6

SHA512
07eef01785ca1265fdb3d34082883b807396a30c12a60b622e611ba2e85c033cbc266433d552f35de3c21c59b1da758d1328c4c29f3e713e4516baf1e6dc48a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
05824711024587637c54372110b4bd74

SHA1
7e086ad7ec792153cf8b1268f71b6ea48b6986c8

SHA256
a57731d5d97eed01bd20616cd09d692f6cb0e398f9a9628ca138dab1d375337f

SHA512
50660cea59d92a13548f9fa32aaff8263e0e7f21d588dede968d17c71d301c0120a55dd9b3d61ff3d33c102bc20932dabcdd8df82714b67f68fd1d3f12a55035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
96b41507ed49566b697d77fd23d38d81

SHA1
36fe3b3c17f5e10864e07092f03f6d9c9f79f647

SHA256
ac23b6189dbcf018a705ce51e67f7c7e73a4fe1f7e12f5517fcb4e80ca9a0792

SHA512
d09c4802f8f3661e2c61cd365d0c685f1fe7c0c055119724991cf7aeb4aa1ef43beb10d930a1cf606e0a0a3690d1e1cbcbb17ab138f99662d2a831e44bed56bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
def83e3fe6753ca87b04b665d524187f

SHA1
5ce9adaa21615694c90286b50541e00f61bb3802

SHA256
3328a0f98cbf1d26c9b70fe2d9e9b822a10555458a193ec2bd018cc1a06835e0

SHA512
de7e29b11531c4ab4d53d0dc6280c50f1a4cda429770583b49e366a221cc822f3961f3fafcf02f12f325ba33c35f4f6fd6a9733e22f34ba6fc6b045ca26fcbdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75824800ef0fc2477fc6dd809c5c484a

SHA1
097378c7600310b964ade19b1d26d653d6374e5c

SHA256
fdcbc5fd9689b1890ab0917e2535ea19119db9a2bf81d244593a51d40bbaa782

SHA512
a2fba2000b6b0234d8f5a181a29cf63f3be3eca4a1036e4eab13e7486f731dbb8cfee05eee8d7bba3b2499944bdea8edbc2341ef9cbc3a2373d66776aa64adcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8b61d3962ae087eaab0f3edaaa36d41

SHA1
b6f2c31742da38e83bd6aea8c3f454df3318e835

SHA256
6bbbea650df3859f96050d2f439104fcfba8a7084cd7dd557acccba6f59cd6bf

SHA512
3c8193c3a86a75e3a990acb68c0ff323eae99175a335dd165e2b2a33c680c0df7378dc7cf6416c0bcab657833ddb6d724006468b5926d24a837338ed5aa57157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8b455e757ed8fa7660df5b977736acd

SHA1
941a66f6092622316e8fec8262d86227b0a4fc66

SHA256
5ea0301e04bac0402f2e068f313d55222372a6519a32cde6745088b4dcb46a22

SHA512
21cdc0d5d2745bd42893e648d55cc6e9f94be6e7c8df13cdbabfa9a51ab5e9e27ae14a23b7290f0dc64ad458f31461c3f94d9733d3f93fb155fc4d6b09310827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
864B

MD5
3f162b14652ade9686c874c675c82945

SHA1
e3398fee8678f9c9a2a64fc6c00e23ca8dafbdc2

SHA256
efc818213c72e3aea8c531e6d1839dddbe8124dba884e88169c55b907e46792f

SHA512
1eaa32c1358ee3119ef8a024196053185b7a6617ac081135a7aa1028bed32630e49662dc8f4c58b4a897fffe80f2977c595a50be9437c52c65b8ed26af7700c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
306803e993d4f4ce47c9c8257ebe01da

SHA1
1f8ada56f22351b55b2f091cfaf2b968024eec00

SHA256
b18eefd3c3b482422dfe4f4bf9fe6a9a6720ca8313422a36e9ea4d69aa308113

SHA512
ba79c72e49d5692afc7dd907ab4572c55970f25814e156e3188f1537587d5320f901ba93382ac7b6aab69f420ab4012ab66363c3692f62c2b1865bc7ee8238e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f741.TMP

Filesize
864B

MD5
af6a1af052c897ebe28924b47b11abb4

SHA1
272bc9835abf3fe0d7bee7af6d0992efef1c7cec

SHA256
99bd3e73e659b2f0b6ec47aef24cd7dad21964287d9483a7fe8d7c456f30d1cb

SHA512
45184f4cc90ac2feb0427f244316946884ae54574c29e4b8cf9e14a29fc5fdadd0051db817d5f6fc341ea1fa4ee23538d9cae7f90305133b420da0a80a42247f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2e5316156bca52bf2305d8b53d4b643e

SHA1
5ea94ae12216e7b888f942aefc17dc26c4cc2258

SHA256
0e750eb0e1c23563e44f93cb91c21fb251ff6b5509833b8afc8bba3dab8e4c6a

SHA512
0c5ab150109ab089335ffc161f87b18c05f1f05a44cd2b200265f2dfa06a89490c6c2902629a469ec57df5c90b900ea993c12c4c8df72a552e39c3c9cd6895f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
5f789b6b0a4d8285bb3ea1013ec697f5

SHA1
8da22c78faad43469d752a9de47fc7b2aff6e697

SHA256
f9e214e0651703e4161a91e68eae0079bc69bc92584a0ea372b617386888a945

SHA512
5ad2e8232c8640370ac1e8339c3425845c5dae1de77f4e8cb6964c24d3fd0ecbe1a9e138a42cc32d1054e5b699735c77b9c1cbd531d29132892ea3b92c43149d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
0e16e3cc8d101b24c79d6121e8a5d5cb

SHA1
ded18cf80fceaed4d57e68926ec932143d5eab1b

SHA256
ad3dc3e4aee4318855f5bb4b2398ad0523e4882791ca9cebd6658727a6b183d8

SHA512
593cced58362812ad671a05197bda361222cd33dee27c255e3dca4b240a0ba184086a2d307d28ba46898b887a05e3aeff80d3a080ceeb8a5f5b610cb6fd986b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
4838ed944138ce2351843683894b4a03

SHA1
500a82ed4ce24a2b1c260b2a291c7cafb35cca11

SHA256
e78bc02c730583ceadcbd635343add74962617839ab6c599a51f12c3a24516df

SHA512
0844147263ab1f4474a96b13cb44ccae31766eb983a9c7fb3201a9bc14703cce2b2262f1c4a3b1b31ab12a70ed077efb5f6a203dcba24a205c9152eac6892292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
97a866d8151c456e3038b80feb44f293

SHA1
c0b551214ea4e04660907c570c4ea92d6225cfdd

SHA256
c8e8de747ad4a04f44e19625c415c3e860655d949e91a21fca7a4858b8ccffc5

SHA512
2067c8884bf3c92c043432a377117e7ab7207a8ee037500df280dad2377ab5fa7ac32ec26dfd9841d7940312d8ade31c8827cd7969d156852776ca5e0f7c4fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
6bf85a0dd72daf852ff4b17e2f2a818e

SHA1
450a60aaa69d6b14fbf8183797409a5233083ac2

SHA256
09584a5aa269bd8ef6cd950d07c0b9148f10dfe38c4c3714bf5d78ce17ff3d65

SHA512
acb715923400c7692e0c875ee5560a83774fd28f8c1d69c063dad780e5e7129cae86155005d43240bc8ad012bad36d4ed442e0279752188c867c7ab25278abbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
5118a1ba3b26259fca65049018e71f34

SHA1
d5f1747cbc69050004ca89dca92c57af662df1be

SHA256
a15b478ef6c443ee111b632dcda718f1da2b3e3769c54b98f4cc0744b10dae58

SHA512
16e9997dd2829430609532f56c0ac190b0c12b293f6c89d955a6838755e938875d169d23307c8079a9b0686233204707ca879bae6c63313104ef99fc03791291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2cce8b3ef10ec4185d64cdf738fcb6ef

SHA1
f681cf1946136a3af6e5132517962a08776d41a6

SHA256
8c2771a5000f76dda4644fc52d4f3c8bd075ae806375d37c33b218e44c28340d

SHA512
354c7d6c1f4604285a8586e2a8fe942db03fbec71d64a16bbd0505c655ad4a459f4eb85ae3f4ad67ba347dd88d1c22904101656af82a0a7595d576776093f453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6efc9955342846eb2a279217dcbbddc6

SHA1
2c298f85e870ccf5f2bf22ed5c203475f7df3283

SHA256
bc4a64721e5d2016c2064ead99a1a25d512ee49705c45048ce72a678f516536e

SHA512
764483cb62128730f163ea97058d7ffbd647d4fae7d9942442e28a4611f35a94994b958ca9cb07379d309bc273423c762e7530f50400912f31fbcdb395c42b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
392798ce70ea408b64413bb3a60071c5

SHA1
01c531d2d47d1aa4128b070bba1b9d07349432e4

SHA256
d0971ec438ad75a3c319715654acd94227cbdfd13e30d6aac5ee24e946988d97

SHA512
6dedad5e1a6b15797ac418b1e4fb81a3c07a73ad6e3faab208d6002d2e0be98a20174bd4cbd4f336c3daf3ccfa78c6a0607ad3825c63c2fe3354a93e97975422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d72f0747ea764981ff6d118d2677046

SHA1
6f630b1d580e3439157af2220f061e45a82923e1

SHA256
ae6872d1728b229e4f1eddc54837ee748175c9c92fc84302d70b8e342317cc16

SHA512
76943f8fb6b2f696d9e9033e07df9193a59527749fd7b431d35a982248d98f912881bbdc84827eedee4afcb0f791b0634a1fc7fb53d6bf09c90565f92ef05cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63adbd2ddf65751d9e7240e20d84e35f

SHA1
c5c943ed209e429d078ec0b174c47f425ce46161

SHA256
88216ababf0b78f3bd303194f299be19d0a4a76d484ca31841497e6ce0776760

SHA512
dc4beab9cde8e84bfca1a58335bf4732ed4c3132aefc13806f4503556b481797247c8ab8bfde4d51bc5a1ac160c66d85fa224cf537a0aa7978ed98bcfa29294c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
31e6a95305157f04cafa2844b771f647

SHA1
aee93ce92d24a33345fa159f047a1c1f98e6938a

SHA256
7350e172d2e49d36834c1821811fd5bec09f87854a48b68742101a727e7ccdbc

SHA512
d6f4805356437c7653f567f7e1a76519075b963bfde3ae38d373989277a5b158975a80b880f6fe3622dbc53a4e8c74d24cd68d19d72ba2a4652cbca176051ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1672e5d4aaff3a422487579429083a17

SHA1
f5c8202035bac9b3bb8e66ed49988b2f821e712d

SHA256
44d946ddb62bf2d3d095da743ac4a2e8138b2f118828bc92203e53d7f96a8027

SHA512
8d05b4f3154e233317ae2a3633b2d2c9c617002b62983d84504fdcd4db30d2a97cd16eef6da87271aec239a9e04c015bd379a942d48c391d2ceb649f1d49df03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a768fe195a03180579eef431bc7f7296

SHA1
19c4dd27d6735755798cc1a26df80ccde0928df0

SHA256
c6a466b731dd87c5406a8535437c5fd83a2f98f365dea241acc26d7df772703c

SHA512
9edbefe129e6e72e674db4c54ab32fa14129ede69963b6d7d6732ff6fe5bd1fbef6223ac30989d13eed220a439b2feddafba7ae631062dca0b7cdc2a748bc6dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
372d3c3dd1a76e5a351a165a561dd517

SHA1
79862e9fb453faf50e497f5e756ae42f88d20933

SHA256
2a8dd3bb6147349d6d74afd261b326ac7c23cd492434b75353950981ace4295e

SHA512
51bd3b4c13062124dbe46a9497e802ca99278934fed5fbfad4e2a836008a8da37d43d2b4f859308a982d3c7f9988dc38f3881d36c92bbe4d34e7fb91248922d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsUpdate.exe

Filesize
21KB

MD5
fec89e9d2784b4c015fed6f5ae558e08

SHA1
581fd9fb59bd42fbe7bd065cf0e6ff6d4d0daba2

SHA256
489f2546a4ad1e0e0147d1ca2fd8801785689f67fb850171ccbaa6306a152065

SHA512
e3bbf89cc0a955a2819455137e540952c55f417732a596ef314a46d5312b3bed644ac7595f75d3639ebc30e85f0f210dba0ef5b013d1b83bafd2c17a9d685a24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 16438.crdownload

Filesize
431KB

MD5
fbbdc39af1139aebba4da004475e8839

SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0

SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 639972.crdownload

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 854253.crdownload

Filesize
49KB

MD5
46bfd4f1d581d7c0121d2b19a005d3df

SHA1
5b063298bbd1670b4d39e1baef67f854b8dcba9d

SHA256
683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96

SHA512
b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5

Download Submit
memory/2896-1216-0x0000000000140000-0x000000000014C000-memory.dmp

Filesize
48KB

Download
memory/3340-838-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-925-0x0000000005230000-0x000000000523A000-memory.dmp

Filesize
40KB

Download
memory/3340-822-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-824-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-826-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-828-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-830-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-832-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-834-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-836-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-818-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-840-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-842-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-845-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-846-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-850-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-852-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-854-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-856-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-820-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-923-0x0000000004B00000-0x00000000050A4000-memory.dmp

Filesize
5.6MB

Download
memory/3340-924-0x00000000050F0000-0x0000000005182000-memory.dmp

Filesize
584KB

Download
memory/3340-858-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-860-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-808-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-816-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-814-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-812-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-810-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-807-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-804-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-802-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-1204-0x0000000005730000-0x000000000573E000-memory.dmp

Filesize
56KB

Download
memory/3340-800-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-862-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-848-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-799-0x0000000002750000-0x000000000277B000-memory.dmp

Filesize
172KB

Download
memory/3340-798-0x0000000002750000-0x0000000002782000-memory.dmp

Filesize
200KB

Download
memory/3340-797-0x00000000024D0000-0x0000000002502000-memory.dmp

Filesize
200KB

Download