Malware Analysis Report

2024-12-07 03:10

Sample ID 241113-sdphgstfre
Target https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1
Tags
vidar 4b05932e298d86a233eec0514ef2c4f6 discovery stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1 was found to be: Known bad.

Malicious Activity Summary

vidar 4b05932e298d86a233eec0514ef2c4f6 discovery stealer

Detect Vidar Stealer

Vidar

Vidar family

Executes dropped EXE

Suspicious use of SetThreadContext

System Location Discovery: System Language Discovery

Program crash

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Opens file in notepad (likely ransom note)

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 15:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 15:00

Reported

2024-11-13 15:03

Platform

win10v2004-20241007-en

Max time kernel

130s

Max time network

132s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Vidar

stealer vidar

Vidar family

vidar

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2664 set thread context of 5832 N/A C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe
PID 5808 set thread context of 5924 N/A C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1288 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 3588 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 5108 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 4192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1288 wrote to memory of 1552 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.dropbox.com/scl/fi/67epyl2uw2x9t8y93bkch/Unlock_Tool.zip?rlkey=g0dmjtoajve5wofhntuxo673o&st=ibvvsshl&dl=1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3c646f8,0x7ffba3c64708,0x7ffba3c64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14015638036638473420,10109063126518341294,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_Tool\" -spe -an -ai#7zMap29195:84:7zEvent11316

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Password.txt

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.9\" -spe -an -ai#7zMap23787:122:7zEvent11048

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2664 -ip 2664

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5808 -ip 5808

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5888 -ip 5888

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 296

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 252

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 272

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5984 -ip 5984

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

"C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4388 -ip 4388

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 248

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 260

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.dropbox.com udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 162.125.64.18:443 www.dropbox.com tcp
US 8.8.8.8:53 18.64.125.162.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 uc645a4b9320a941abf91edcb791.dl.dropboxusercontent.com udp
GB 162.125.64.15:443 uc645a4b9320a941abf91edcb791.dl.dropboxusercontent.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 15.64.125.162.in-addr.arpa udp
GB 88.221.134.251:443 www.bing.com tcp
US 8.8.8.8:53 251.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 tip.neiki.dev udp
US 104.26.12.227:80 tip.neiki.dev tcp
US 104.26.12.227:80 tip.neiki.dev tcp
US 104.26.12.227:443 tip.neiki.dev tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 tipstatus.statuspage.io udp
GB 18.165.160.38:443 tipstatus.statuspage.io tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 3.162.20.18:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 227.12.26.104.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 38.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 18.20.162.3.in-addr.arpa udp
US 8.8.8.8:53 q72g5l27zzgc.statuspage.io udp
US 8.8.8.8:53 36.10.230.54.in-addr.arpa udp
US 8.8.8.8:53 api.iconify.design udp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 172.67.71.159:443 api.iconify.design tcp
US 8.8.8.8:53 159.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.neiki.dev udp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f426165d1e5f7df1b7a3758c306cd4ae
SHA1 59ef728fbbb5c4197600f61daec48556fec651c1
SHA256 b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA512 8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

\??\pipe\LOCAL\crashpad_1288_SMJJXCOTBXUKQEEN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6960857d16aadfa79d36df8ebbf0e423
SHA1 e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256 f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA512 6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f27281f7a5fd8fd530de0f693e7048f1
SHA1 4ca5c2a3a2740e732f6f5c3f366202b21a05bc19
SHA256 38bde68d9f24cbd7e4f0e252c4b99ee724a46ad5389ae0181edf8960066b94be
SHA512 5520a3a3f1b64f2d07542bd9eb2670bc4c1595095a5d667647fe9c7c6f171cff378ea743ac98611617abe575e7eb034a849738b2e07b40f45114d65f2e04607a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 219d98ce510dd15b440260bf6d0d266b
SHA1 4d0ae23c4748cd531fea874b787dcdb1976d8acc
SHA256 df19c76cbc2e8316c130680d8de2b7174dba72a7d1c6b3bdaed488d5e2e283ed
SHA512 c4f06d2f14610fd7fd1bb140e39c2d5e35d00aa16a6ddbdd72c1eac813416352f0799174471858fc06c9ebcd2440bdcdd965a4694e0ac9f3b3da2f677b32277c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 85f58e243d68f4b8dd302e86fad24338
SHA1 a85f62ae7ac3a8392a4496d213fe90534c4ec658
SHA256 5b12dcab8bcaca58f52c924d0e246890dda84b33405d084b34e93ddc497a6dcc
SHA512 98aaf1386537df1b9c9c56489b9c6f6281860cb730b9097d29688116b825037ea7a75c78c97be45d24be36794979a4ef8b538c6ab5b6e83b11aebdfdefdd0762

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 612f593fcafd27b4d96eef573f0ac745
SHA1 2538adf5de896135330cbd927a18187272e616b9
SHA256 0c39fd52b602ce8221a0b34d2b76dbc43d80fd59ca94c6fb02946cd943ab5422
SHA512 c480f730e0b48519a4f0b4fc4d39e4493f9697fd35f9e9325a167c34f03c5d2ec764fc58954bbe8b21863e41216e2ba2fab6d7e70ada92166f886eb729ccd404

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f41bae04b4fbd135730e83e4fc66dbc
SHA1 c29c0cd74ccacb9035fb9a272a56437a9cd24afb
SHA256 64dabdc20327bf955b02a600b9c897fe84d6d37d4bddd98ca6abb554b814f04d
SHA512 a70005e6c8aabe63934b5fdd32b90d826a5e5dfa7a461dfcb23b3fdd63eb7bec237593e8a06a60c2c80dfe25a59ec49ed2dcfc6eb04254354a4b98276b9010f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57de2b.TMP

MD5 4065d605ede7b8077f1ac1f26a62c358
SHA1 f05a3412a1b992a48c1362a9632253da8c941f6e
SHA256 3a8ddb7cfdb9608cfec688762e1ce2c9b039d7b942c2511678b85c1c2d5560e2
SHA512 c0c79d698d92039337be8a8ea63a4c885a31e28620c5e7a5b2289886ace0bca1b649ab4767231e57c267e325da677b471e8f3461fb11f550bbf3b2738165ddff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f013fb38e42f3b34880842f3a18da36
SHA1 760a0fb008ddf91b852e4729e7e411e848c6fd58
SHA256 c3dcad9df9e8c65b6d0b435b0311b546d6aab0c0bb7d57cc93c825fc9bf959f0
SHA512 21c84e823f3a3c214cf1fa6e1bad0e63f7c14bf7c6fca2ba2aae6d299f0070e10ee3932e63210e5725b354a2b85b1aedcb04dc145afe664cf1418bae43f47690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0d8f6daadc72fa35f025629a44db3bcc
SHA1 ab1e60ca41cd02cde57db909d5c274f595de750a
SHA256 b8ea3507ded8c4f15d4920877001850c0b5e88a5b687b7595ff736e1195f0598
SHA512 e17664b448713f82814b9bc6b109905a3bdae5579eb38b4c5d6c82805cf4eda6b9b03b1db0757bdab101444be6821a2639733ccdf5c8a9e0a5b7b99a1fac4457

C:\Users\Admin\Downloads\Unlock_Tool\Password.txt

MD5 40d2bba2661f32bec508886f1d097cef
SHA1 006afae44254592c4bf3ff8ab989dcc6c3e535dc
SHA256 310fbc255888e9d09afe844b5523cd3377eb8df64c04efe0bbf0f69e26440c8b
SHA512 9af0b4b27d6841913dc6e3ed55f685e737d96af67ed142082478ea4353b941eba1f92fd0011fe41877c50c1ba3618db430ac209f5d7c4502b25a99ccb6921fa6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a7f653dec373fd7e6277411103c5f7ae
SHA1 7f7f0cb96564b97ce59136237978d389f9e9ed01
SHA256 4949b1af26effa9d2df3dc24f8f66f128b22dbe4a9e5d4cd194e499ccda3b4b1
SHA512 91ee0a32774ce2f77bbe89e34dbc95cbee6d1a1f6f72dcf3f6d7d7c16d288d92502e7bbfd5c0c09839484671d47591444754eb269e8646f57e61af4ffc2519bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75136eee89da75e65b7ef14c448a608f
SHA1 203baa89914f4bef846838d6d21d715d01bf2918
SHA256 a3690ea3ad0db44e837c48dfdf46164c66b5f816695d77970e02db9004566024
SHA512 c8484d5cc99eeb5e2c01b41ac75a8e1fbf70040cbb499482eb8bfa7fea101469c536a48a440d60f0260faf68c1c31fcbd59a29c568673084d2134abf8312d6e6

C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.9\locales\resources\Data\level4.resS

MD5 64d183ad524dfcd10a7c816fbca3333d
SHA1 5a180d5c1f42a0deaf475b7390755b3c0ecc951c
SHA256 5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a
SHA512 3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.9\Unlock_Tool_v2.5.9.exe

MD5 e66371441b6223c517e381cfbe8e1864
SHA1 2ac93eca52938e19c086550807923a85800e97a1
SHA256 736ff6e041158ab21fae0f3dc2f2389f2d1baf9186e60d75900c2a71552de95b
SHA512 8aa02d9df0ee8ab6c43c8d7883a9ecfebb1f0957bb61a1101d6331324c28e0496f0c654be548ce34f9f76a08a0c102b3239c6c4b4f0457e708ba980c488d6e3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 62a7b426cc150889d08d493ae4dc8b31
SHA1 0012fa67df21dc3f358c2c55e691f60279590329
SHA256 9416d85f4014f1401fedc4bb523144a8ccda07b8d861c61b01953dde40212e0f
SHA512 b5130ffc5571aacda572e47a21ba7c2fb2e46f4805409d517375973b9ce8b5d4c2c05f91a035483b8b9d73150a7ef44bd3b486802e695e363da54a3c4f5821bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8e73057e1010ca3e4665d8684aa5cb27
SHA1 0ca566c7ad7989fbc18c776a3fba50efad8f1d4a
SHA256 d85e29689cd211d3cd266baca7738ffd200e2ac07f24b3aaa75940e274f10e7b
SHA512 48b7d189e431bd565fefbae5ac1060401e4401bb11a5e4dfdd2d8c925212abf2180936bee8712a70f30728250b31a2016a20abede0d2d1cbfc405c8eb14242ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c2daef1f300f525d1a5ea3e8cd3cf55
SHA1 722eb5d530bc00dcc7b2423e38c7f60bffb24c3e
SHA256 d6e90851be8b09dc3858c73a190fdfe8c54fc5908178bf44bcb57d07c701cf5e
SHA512 2c99f4cbeb81651222dccea7d7490197a10510da8933b36969573a96cbea76afa8466398194d6a8b8ed6eca26d21337831c30649496a5ceda3f367d862d9febf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ebd95dfe4def75ddfe6e23d2fdf14928
SHA1 f25655e3511f2ec769a32e68f6e748a7b1b6ad7f
SHA256 1400aa4a44eb81b3bf967a19afe97e9bcba5def94d1fd5a0060aed1f7c9aca1b
SHA512 8a17fb35753c5f97468b87599d9b5b2b9b37e63acf8c4758f5aa70c97657d97197bdc76290689f1e3bd93bb3d4668425e5f8554d7ad4c63855e98fa4ce3802ae

memory/5832-1006-0x0000000000400000-0x0000000000659000-memory.dmp

memory/5832-1008-0x0000000000400000-0x0000000000659000-memory.dmp

memory/5832-1010-0x0000000000400000-0x0000000000659000-memory.dmp

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

MD5 ffb4471226b35c2c0786116e96ce847f
SHA1 ac13b87354771880715acfa93a807cf675b25d05
SHA256 1cff3c013ac5769bdb2a892135bed19b5aa58e94bcf1e48a63c63e62948604d8
SHA512 b07cfb4e72ebff238ff66952d826d3076c2f0a60dfcdaec412b2476b064739cb1bc0f27be466e12c01be7167d2166e023ef0766be550244194d26a1568781826

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

MD5 02667fd4801618e851c2aa0b89236692
SHA1 2d5ed412d924908a455ac70fa280c430079d555a
SHA256 c688ab98b3ce475a30d73be4bb2ba7b3e1c0d43b98e55a946b2ad75fe4127888
SHA512 bbac9c0b89238c8c8385e8c4d422bb8457a08b9672197b0a8aa231c3d7e0a76011e078662b61f36ec40d57c0527c44b4984bb9565089be8eeab12f7087253a60

C:\Users\Admin\AppData\Local\Temp\delays.tmp

MD5 1a193683dc74337cbe008b244ae86358
SHA1 926e6b7e6c2c26d65f028e50b7c41d9a8c4dfa92
SHA256 458eb5faa7e902a906b649529b45f806c8fab7b480db06ff8f0e033d2ed08608
SHA512 752f20331e34e9c864bff13fde9333148d235b0c1564a9d18f9a0f873f627b5e04b6bd24c763f64fdc1e8281e3701782e8d754a54bc2a6cef47ef230d97770c0

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

MD5 1736b099d03923213471ab745472a9cd
SHA1 fe4ab5f1fb86b6dd73fce9c95878c58056526950
SHA256 0669dcfae99c920ae35197a45ba0a362d9b3828c74685d4d27751ea6ebfd75e0
SHA512 500e06cd3951cb3838eb5681343816683471ec3d13b4978c80df5ecbf204540e6a3999aa0ffcf1466f0ebc4bfa2ba1b25471c9ef59aa6707c4c8bbd0fdf08fa4

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

MD5 eb4a412aa8d5c9c7e4c489f685688075
SHA1 3a4c3c99ceaf4608eba404e5870a9d033e6c9912
SHA256 095d005b613228c7306f68cc0b617a62768266fcf298433ab0be01e9f94a56c3
SHA512 459f3fdf8f883efc21ddfe06030fa2ef66a17a49008e55799603f1fa043eeb32f906c0e0a2aad4e48081442c2895fe465d9110cb2ee2c35aebb00bdf494ee573

C:\Users\Admin\Desktop\Unlock_Tool_v2.5.9.exe

MD5 debb713ff875e66ccd03f34df8ce807f
SHA1 305ca23d2931e375b13a09a0f48aac5eddbb299c
SHA256 409e78124545fe7c99da07a29cd8b2ffc267605affa4d281e8036efd773049b6
SHA512 2263c19dacfa57c6b8dcca1395890dc630bef55961ff979bc2a7d575f9ea2d316fb0b5fe52b4b5e7efacc94e601cc753b5a4fdf7d65af1b8fcbba823539a3c6e