danabot | hxxp://sakpot[.]com

Resubmissions

16-11-2024 14:28

241116-rs34rasjgq 8

16-11-2024 14:14

241116-rj4nxsxhla 10

Analysis

max time kernel
445s
max time network
448s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-11-2024 14:14

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://sakpot.com

Score

10^/10

danabot banker defense_evasion discovery persistence phishing trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Blocklisted process makes network request 8 IoCs

flow	pid	Process
688	5888	rundll32.exe
693	5888	rundll32.exe
699	5888	rundll32.exe
700	5888	rundll32.exe
701	5888	rundll32.exe
702	5888	rundll32.exe
704	5888	rundll32.exe
711	5888	rundll32.exe

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: detect-gpu@latest
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: lottie-player@latest
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 6 IoCs

pid	Process
6888	DanaBot.exe
2148	Amus.exe
1168	Amus.exe
5564	Amus.exe
6112	Amus.exe
6364	DanaBot.exe

Loads dropped DLL 3 IoCs

pid	Process
7016	regsvr32.exe
7016	regsvr32.exe
5888	rundll32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microzoft_Ofiz = "C:\\Windows\\KdzEregli.exe"	Amus.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
686	raw.githubusercontent.com
355	discord.com
357	discord.com
683	raw.githubusercontent.com
684	raw.githubusercontent.com
685	raw.githubusercontent.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\98d0926d-3f41-4f76-bd28-e313899789aa.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241116141451.pma	setup.exe

Drops file in Windows directory 21 IoCs

description	ioc	Process
File created	C:\Windows\Meydanbasi.exe	Amus.exe
File created	C:\Windows\Pide.exe	Amus.exe
File created	C:\Windows\KdzEregli.exe	Amus.exe
File opened for modification	C:\Windows\KdzEregli.exe	Amus.exe
File opened for modification	C:\Windows\Cekirge.exe	Amus.exe
File created	C:\Windows\Adapazari.exe	Amus.exe
File opened for modification	C:\Windows\Messenger.exe	Amus.exe
File opened for modification	C:\Windows\Pire.exe	Amus.exe
File created	C:\Windows\Cekirge.exe	Amus.exe
File created	C:\Windows\Ankara.exe	Amus.exe
File created	C:\Windows\Anti_Virus.exe	Amus.exe
File opened for modification	C:\Windows\Anti_Virus.exe	Amus.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File created	C:\Windows\Messenger.exe	Amus.exe
File opened for modification	C:\Windows\Pide.exe	Amus.exe
File opened for modification	C:\Windows\Meydanbasi.exe	Amus.exe
File created	C:\Windows\Pire.exe	Amus.exe
File opened for modification	C:\Windows\Ankara.exe	Amus.exe
File opened for modification	C:\Windows\Adapazari.exe	Amus.exe
File created	C:\Windows\My_Pictures.exe	Amus.exe
File opened for modification	C:\Windows\My_Pictures.exe	Amus.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\DanaBot.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Amus.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2348	6888	WerFault.exe	211
4104	4768	WerFault.exe	226
1348	6364	WerFault.exe	235
6588	5888	WerFault.exe	217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Amus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Amus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Amus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Amus.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "191"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-87863914-780023816-688321450-1000\{E75141A5-0EA3-454A-AE22-2F1F9D5A7BE3}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DanaBot.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Amus.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
228	msedge.exe
228	msedge.exe
416	msedge.exe
416	msedge.exe
2260	identity_helper.exe
2260	identity_helper.exe
6112	msedge.exe
6112	msedge.exe
6056	msedge.exe
6056	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe
5688	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	4232	Nezur_Interface.exe
Token: 33	3700	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3700	AUDIODG.EXE
Token: SeDebugPrivilege	6784	firefox.exe
Token: SeDebugPrivilege	6784	firefox.exe
Token: SeDebugPrivilege	6784	firefox.exe
Token: SeDebugPrivilege	6784	firefox.exe
Token: SeDebugPrivilege	6784	firefox.exe
Token: SeShutdownPrivilege	4768	wmplayer.exe
Token: SeCreatePagefilePrivilege	4768	wmplayer.exe
Token: SeShutdownPrivilege	5856	unregmp2.exe
Token: SeCreatePagefilePrivilege	5856	unregmp2.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
4768	wmplayer.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
416	msedge.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
2148	Amus.exe
6784	firefox.exe
6784	firefox.exe
6784	firefox.exe
1168	Amus.exe
5564	Amus.exe
6112	Amus.exe
6432	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 416 wrote to memory of 2908	416	msedge.exe	81
PID 416 wrote to memory of 2908	416	msedge.exe	81
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 448	416	msedge.exe	82
PID 416 wrote to memory of 228	416	msedge.exe	83
PID 416 wrote to memory of 228	416	msedge.exe	83
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84
PID 416 wrote to memory of 3728	416	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://sakpot.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7430b5460,0x7ff7430b5470,0x7ff7430b5480
    3⤵
    PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8608 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
  2⤵
  PID:6880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15169222428652887719,9578877931029494875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:7068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5432

C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe
"C:\Users\Admin\Downloads\Nezur_Executor\Nezur_Interface.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/
  2⤵
  PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x120,0x154,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718
    3⤵
    PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/nezur
  2⤵
  PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x124,0x14c,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718
    3⤵
    PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/category/69-nezur-executor/
  2⤵
  PID:5504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718
    3⤵
    PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://execkey.nezur.io/
  2⤵
  PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x120,0x154,0x7ffdc6c346f8,0x7ffdc6c34708,0x7ffdc6c34718
    3⤵
    PID:4052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5992
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {494f284f-272f-47a5-8fe9-7234b66319ba} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" gpu
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ce7b9a7-b508-4199-a769-4b8de64b5c5f} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" socket
    3⤵
    - Checks processor information in registry
    PID:6676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2716 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 3052 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5222b9f-ec56-4a62-9b5b-2fe62ee237e4} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:6904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4320 -childID 2 -isForBrowser -prefsHandle 4312 -prefMapHandle 4308 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc31243d-e862-4de1-a475-5b5e23bddee8} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:4288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4780 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dd75638-2234-411e-ac3b-ca3a9399631a} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" utility
    3⤵
    - Checks processor information in registry
    PID:3956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5308 -childID 3 -isForBrowser -prefsHandle 5328 -prefMapHandle 5320 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5db9d5c3-815d-4870-8a05-f12e7bd94daa} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:7072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {525135d8-6903-4bb4-8f55-ce76d0c06ab8} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:6160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5744 -prefMapHandle 5740 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87b1d333-e566-403e-8c5c-866b6a6bf346} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:6180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 6 -isForBrowser -prefsHandle 5540 -prefMapHandle 5904 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4e1ff2-98cd-4c8b-b6ca-356cc678d2d4} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:32
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6224 -childID 7 -isForBrowser -prefsHandle 6244 -prefMapHandle 6192 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df712707-caf3-482d-babd-07932a40200e} 6784 "\\.\pipe\gecko-crash-server-pipe.6784" tab
    3⤵
    PID:1532
- - C:\Users\Admin\Downloads\DanaBot.exe
    "C:\Users\Admin\Downloads\DanaBot.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6888
  - - C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@6888
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:7016
    - - C:\Windows\SysWOW64\rundll32.exe
        
        C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
        5⤵
        Blocklisted process makes network request
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 912
        6⤵
        Program crash
        
        PID:6588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 468
      4⤵
      Program crash
      PID:2348
- - C:\Users\Admin\Downloads\Amus.exe
    "C:\Users\Admin\Downloads\Amus.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2148
- - C:\Users\Admin\Downloads\Amus.exe
    "C:\Users\Admin\Downloads\Amus.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6888 -ip 6888
1⤵
PID:5352

C:\Users\Admin\Downloads\Amus.exe
"C:\Users\Admin\Downloads\Amus.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5564

C:\Users\Admin\Downloads\Amus.exe
"C:\Users\Admin\Downloads\Amus.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6112

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4768
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6232
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:5856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 2284
  2⤵
  - Program crash
  PID:4104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4768 -ip 4768
1⤵
PID:1776

C:\Users\Admin\Downloads\DanaBot.exe
"C:\Users\Admin\Downloads\DanaBot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6364
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 152
  2⤵
  - Program crash
  PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 6364 -ip 6364
1⤵
PID:4248

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39ae055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5888 -ip 5888
1⤵
PID:1068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58960c4568ef706d07acb81f072ec73d

SHA1
0d2f6a150ae9f0611086ed3f04943bc7005ca926

SHA256
9ae8ad2f18925558eaafee959349005a05f0280e35e5e1f5b183ba6616808473

SHA512
cf77f1879a1df8c926b97c1369973f5329b1b7219439ee1a80572628662995b6cb24f20d4b24a166dfdb697ddc8dfda2372ebda364f11baec4cdd9ca94e29e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dda6e078b56bc17505e368f3e845302

SHA1
45fbd981fbbd4f961bf72f0ac76308fc18306cba

SHA256
591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

SHA512
9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6126b3cef466f7479c4f176528a9348

SHA1
87855913d0bfe2c4559dd3acb243d05c6d7e4908

SHA256
588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

SHA512
ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
d1811b567e915d3da37564caa7aff971

SHA1
9cee91abb4e67bcf6b5df28b38a3f784ba190d91

SHA256
7654ba161ffc92ff2a33cc5dd321fe5151f5cde4995c517f51fc8325a28af70e

SHA512
94d6d8878a016b6260896873548f707ea7d6533785e847cccb78b779aa3f520d9a5e670752884654f4be815bd29ff3bf2fc37291d5cbaa7a9421c77edb2aa452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
45KB

MD5
c7ffd0e600c0c45188d6e73f09263617

SHA1
0733a66445392b90cd8413c00f7d8d45297e454f

SHA256
a3a31216cbf33fca3103e0a485e9c958f9330d4c2ae9704fd3378472be84c671

SHA512
72ee3373cac8da6306836e051d41563462d0277a0fe7a8150e40415056ac07c1af39a0dbd3a87b69284bcf851308ec2900339d882d311e7447a4c739dddc84f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
49KB

MD5
295eed0b58b4165e8440b87cac50985f

SHA1
20611a3756255eaf96482346507d7d25d3ba3b6d

SHA256
9ec04231ce850e859c7d3a433b5b878979ad2c925f170c10826a55ea4dca9fe3

SHA512
6c3017c7aee55f83a6ce6dc34d2ea783f2d70835d8383d553a455fc0f0ec562549b548d4c6557fe184bb1ee56fa5ddf7e5b21580e55a276f89376fd57d1b28a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
46KB

MD5
b33a9dcaa9abb7bfc366c09cc3e49323

SHA1
c570712b4bcf616962c06125484f6c9d66ab204b

SHA256
8f09b49d4c783017dd4b6a22748c49c5528cb0cc855a17c2d76f430c4ceeb4d5

SHA512
4e9b8a5920bd04165fc206751bda1326601c2a63ab805d14c7530b018a8c09c334e8e10dcef392365d9bec890a695cca1d2d243df165e00ba848611a15a63aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
32KB

MD5
32413102350a741bb0f16742f5bca786

SHA1
3ab9aa52729f7e5e60994de8271ecff6ebbd716d

SHA256
540076c5e8b2f5da95de399bd9e805fb0de149ba13c63fa639deacb711060604

SHA512
8629a6e241459069df1c8011782cf42f809beb779f2159c5661d7c20610dde30a0f8735f250d98bb8c4a8acf4217301b6ffa71d264632ad39250f0bb1a93a927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
110KB

MD5
4ea59ed719e4ab9a0122c8ead482af8c

SHA1
d03b928d1e50497f40170a89a105f89a53433397

SHA256
faeccaac526a8ec55dfce028eca801ff8d8d2a4d447d230a9744a53c7f7c2096

SHA512
84e0d3bd27673f905f4d7418732684995b55fa710af58893743cd662601e22f5d734877a796614e408b0d2c69995e3eb25012fcb56f3fcbbc284157252657402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
52KB

MD5
7962ae876fa959f37a73d69d7f89b04b

SHA1
c0b6f386f958d1119fd43e4aaeee9b0dfe287ba6

SHA256
b07b025fcf17a62e098417d63d019757c1a9cefcc764e6ea7752d990e7a9f211

SHA512
f0da2b680055295164e8fb7539fd9658298f8f66ea268169b913a3b17881acdf914e0bd35b2ef71ae8e03a7d69d4d947e0e58e46308f3439ff6fe5037e1a6508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
151KB

MD5
7e4defbc06530f1b66922fc4f9919d8d

SHA1
fc917a3bc99c6c55776705b0bc88b8d573a83b81

SHA256
645666b59ab2f3d2a7a33729c79aaf95c228489726df07b28dc834619ebb60c6

SHA512
b39380e1838aeac7192404522eae0785fcc75d23c023e8f3006036209f8f558bbcdb8c7c3e1fcaf89666dfe6033654905f4f6f2d537707750a009c05050240a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
143KB

MD5
30bc76a3af3a2d0f66905cb29ff68ba9

SHA1
5614a6eff61f56e369f4ec0b0ea075f7b83e6ca6

SHA256
306601ea148d836272761159ff1e42cec21857c3632e5e1f091afd299428db64

SHA512
df955f2658c73eb2fbcbd9ba3ad4f45319e1199d7928982ca35d1c394730bc9c308e47f427dee89977402b35ac7aef302a6f597c5d10d6820370c06ee87bbdc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
103KB

MD5
927ab6b27f57821d851c0787f05e7baf

SHA1
21060456d5ad456e4cc4a17cc80683bbfc738a1f

SHA256
dae675a9c73a31162375bc829d2e05b084578e6c97aa92a280216226fe1fb252

SHA512
3d5886bf689e93bd0f088473d75dbce14b678f533799d592b966de40898ffd07d4dffd4c7f629b6e74954872cd30d7868e1b6b515139afb5aa1fba373e4dd4e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
20KB

MD5
e688553c6fbe0a656a84407dd3cf282b

SHA1
18853957b35a70d61285d19d6495cb1c06e68c6f

SHA256
d66c3d59dedd75e0c6407b736716303e2a19c717c912ceb4506ef580c925bf83

SHA512
dce4ad3e23a9bfab17b844ad45a5a49a1ad1ad5bccbf79444b59dbbc54a608bfda82b35fd36a166fefa032d9cf4782fa9307e1189e30933b320acc83b45a5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
32KB

MD5
57632c3e3288b2d52d3a6ac63d989c5a

SHA1
8bd0a80782c89a5da2e8d950205dcd93aab5387e

SHA256
f63506da8221e2480de12f403a9a18c91470ca131cf67b83dd7e003dcedaa611

SHA512
e63931370f5449e16030189ea1e5da61bb654f61e34b713fc46e0e20071c1b1f5d52fdb8ac6495fe4d2de1929b0eb2ca6a1214b2dd99133b6f2cdbfdf6f36554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
101KB

MD5
622921477473e93dd9223d6a6047dae2

SHA1
c6a5bc5a590fa0c75b3725ceb8b2628671ec54a3

SHA256
b1ee18ec4b74bd98f27151f10efdf21e03ae7b5c8398309de570318eedd29b0f

SHA512
df56309937468d93ac2478141e5111568b5e18c3e16d20f62e437e60f5e5a3b8212fbc17feb1cb089490f5f627dd62899ea5506535b3f5e99ee3783cca4eb6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
33KB

MD5
68eae8ae528b3cf4965c780505e8274b

SHA1
23eea22c5ced491f0933dbdc428503548ae48636

SHA256
5c677af2d6e78de58c66b09577213d4b1c23cf0409822378053f1c457ff465aa

SHA512
7fb225df90deaeff597ea4513985545b5ca6d3b4478dbe5969554f15ff4b2c1652c6220b970304884adfc2860be045599130534f1c45586a7adcfb29a8e72ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
26KB

MD5
13d1b429e99059f97e58fa10dd69f8b5

SHA1
174c7f299158103127d50de82f1086c3b66e8258

SHA256
1262bff0591c36094d058ab102b84ce34eb1e547e8ff00557bf8d55449e58e40

SHA512
30dbd99f1abe8d2a9ddf73a93ed199ffb2b55903b5bc2618935a64ad54706f054fc9b46a80ccd1cab4eff3f5a607b5b599f5e02a2e89c990e10b210e4f16ed9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
881KB

MD5
e0edc621e4ffaa368d2e0677d3f137e6

SHA1
e374bb44d1834cf6eb688eabe1820aa5f7c827d3

SHA256
13da46f8e9749704bfff6b6f51a202c87facf593280dfde4127e5858c28aaeaf

SHA512
d60643fe87788d76dcf1cd941002ceef18390cac5eaa683bce2e2dbeaba684b6fd656a94187379b71105333590412d65b3466cc9c37cdaada7e009c1c9f8435e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
21KB

MD5
1682bfa731083c2173526cd01dfa659e

SHA1
457d65329d9866ac1dc3d3ca441ecbd2ce6019e6

SHA256
607dc601ecf72dd0f619449e8c07c3ed9cbd51feda031c5618ff44ca1cc69e02

SHA512
6e4701bc05b868957c11371ffd1938b6a897d4b80b39db8c1ccf3a54bc67842aa12a997e03b2b1d9a4c44ec1e2e5208bb88bfcef62c6f7382d17c58bad08a2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
30KB

MD5
2f740bb391d6c630032fe78a6f3b53aa

SHA1
dc4f38e104823f3054aca9b01f6906fad04f81b1

SHA256
32172c7c2af488cc611c0d797f0ebffed289fd8d8f0e0c77fbc77f0190b95622

SHA512
eab1e99f74ffc8ef44cd85c871375fdce0ea88ee5bc1a262ee00f13827808a5944ba84d0ee92ec51aa7f433f6e737ef4318330d7e7922a34035aa51ebb2232ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
266KB

MD5
aff17b0e3769effaf0119f7863913a95

SHA1
7f4f608b4c3bfc0118168fc995a22582a2ab165b

SHA256
9313d9010db5b54168fb41ab11fa0c147bd8b0cf60bc5b61b7cfdd4bc28e12ed

SHA512
f09a5362cd3732162dec76286910b36efe451fa8602cd23bc0cf90ee970c19a419ddbeb0b472e48cafdc61cd3a762616416a19453a1958fa9a51c7cd124d6a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
272KB

MD5
2c8770159b5e28590f900c9d0d0a197b

SHA1
cc2b62a6e17dcb8b96b70f70ecdc6a0cc4657b06

SHA256
20f45db47d8f5bb4b5db3bf98dc9db7839757c7285504c78f7b8692f46f054df

SHA512
2a7bf2882d725fd057f514ce92e572a86e14c928ae2d9f241ea2ea396fd5d43b777523dbdc9efd5bce369a254ab8c33e0ca1321e4204ff1c27290ae268b6c4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
47KB

MD5
8e433c0592f77beb6dc527d7b90be120

SHA1
d7402416753ae1bb4cbd4b10d33a0c10517838bd

SHA256
f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af

SHA512
5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

Filesize
32KB

MD5
b2229d4466ee263a188530ba16cd7af1

SHA1
9059266f5a47c5ddc2a792131b9b60908dba12db

SHA256
17b766b8e77333366da8c1331052ce026b1555b24c7f8404333420e97fd6224d

SHA512
1038d1c865f0aaca95381491f54eb83e4e61ccda9534de9e9de4081df3761ed6257d88f72a1054d2f2f4c2d570e3e2f14a73925b2867679749fe47d8762feb2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
20KB

MD5
14e8dc91d8c602054be80c75cadf6239

SHA1
de3d6be0577179a55cdeb03aa8bf0c2417bb7dfb

SHA256
94e5e2cd39a92988e80ef26c474c6d128db812d4eb8b673f28f14a6f537159a8

SHA512
62e33e3630fa64d526820ec359d014a0f516f6da2e6df38b3e1610bcf462a0a511ef0154e817016648cb872197ce30aff379bd6675bed54076e79ca4c141af6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
fb6535c56dcbcdb25ae7e4f3702491e2

SHA1
645031e2c11442520adaef90395b2571b26f8730

SHA256
59b44b302f2f45bcbf0c59d509cc9c64ddcccf00ce457484ae62dbf1c1b49473

SHA512
93a70ad5df7a2125ff8bab09a459eca70551ac93278a4619ec32396ca0c9c6fcf8ac85ab346ef25622e57bcc13aa23d428f39c92f25a7ad97218236f32b0c095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
185e802261c0c50275f200d09ba49e03

SHA1
e5fff1fbda8e4f5d0ad342ee3efa43c94d07f8ba

SHA256
f2fb01ee8eec401d20f1422b4849eeaa869c2b8713fe34ff1b9e899f765cf7ab

SHA512
195225b3ff7e2d8dcd4b1385a028c8f09520eacc727cde430710c8f59fd69ed8e23b1bc9123c159f703845eea442c07db670a987044f53d8dd9d22a88c3c3769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2700ccb7e76ff983adae54bc127fd3f0

SHA1
7c7af58eec7ef8d2d643e8a041b2f42c62876473

SHA256
5771c0b8fbd780eaadc28ccf8448ff949557ac49cf6a01adb44149e3b7ebb5c5

SHA512
ea6532e24a871d539b6b416bf23f460c99991225f15bfc5fc67b96e654cf7363754d8f6e6496593ef5b938bc42605aeb56eda5809b4c91d8b6edb5628c77e147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
340f9585196666a68d6a989d6883d11b

SHA1
3d779654e31c41c577e710a4b58d6b555e4cf11d

SHA256
724a15776939195b5944f40e133a166eb4d6f492b8fd764a6a1d5569ba2d7135

SHA512
ba1481786e22f98c5f7e2f0dd551795b05a1717327edb889a18bb9f2270e3ef640dc28d0fe329a34b2e60254b6a2982ecb89739780773c093112448f5d7d5726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
dddd09d2cece96009d004ca2f8c7fc84

SHA1
d0e0cdd284b5e77086253cc4694a4e67baf6ebd9

SHA256
c7e7283786d7950be5f62c9df20b13b5ac42e69c54447b1c2e9f52ff031965aa

SHA512
93665ee00ccd2aa6f3b17eb7ed614da2aa5bea1fd1be8724758aebc61982ee2ad13e2f85c9ea73959c927002a49f72c0c853f0abead78d77a2ec6797a2937e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
9f3160d2efd7023a2de396e1813ef9a4

SHA1
7fd0451950cd28f16a95d0a7bf1b18fe1fa1bbb5

SHA256
57df4bbf9fb2d6a4ff74fb946cd1741a81838ebc7ced96e4f43d18af414484ba

SHA512
8618d92dd148a8109f290968ec45003d2ad310463ac842ef3b60cf6940ef27b237c46224c67be7070be2f79a1837183cfe281e2a897f94c6e10051215437695d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a68a3c5b12416cadca0004e1de467613

SHA1
560d581e6a263d8e3ddf10c3935dbe28160b1bd5

SHA256
1545683b7f02f562af2d436c8d070e688d95df24ec810ad45e20ae5a61c8d2ce

SHA512
2dd7c91ec62f715717439cd127908cda1fccb669512585ab08e1721147ac5ce59f336bf6668d8c850c09c5d00e30e55bc080071b19c6a0ca6bcb7d3297b15465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ae7cafd2ad1945bf8a28ad35f985c189

SHA1
41d23fd0a2c13dc7117f67c422df5a8acd5727c3

SHA256
00602d1d53d95a39ca6c39ae7f664ed8cb6a5792e24bf9d9df2db3e56216cbbd

SHA512
0f8cb280a1f8630671b4e55c37237af2542b96c7ce1068b845a796ac2980f97ed4ce78679abf49e9e43b0b70d6a760bf1a42952518fdf307262c48d8c0bad604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
6d12087e9751268723a6a4b4cf7e89e6

SHA1
17d15f61c690c0dd29b843da79d4533c48905af2

SHA256
dee750a025a8bd85b8d5e623284939f9455888c8b52f16c1e2a2258f06f4044e

SHA512
5fc3a49b06e4075a8d78d5a0db04726917b2d106d1643bda5c03b3ab9ba4109e6be51ca952c8973048f03b641ad26371f491f588a974b7f72ae8940f7fc8676b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe589517.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
deae32f7532a6a719faa3ee835970862

SHA1
5a3fde34b5a39357d0c0aa43ff4ef2131f7ecd0d

SHA256
66e01a20860517989a418f77d82682094354da3f10b4c666425c0e7a77d81c1e

SHA512
07d44a9ef3117fc0d718af4c5e78ce406a1fe391c3bf2efa8daae15200c409f41cead4eebca9de8b9225f3867ea26175220bb49c25b3d72ab8a51a428455223f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a1b15ff46d2dda82f2d62fa28c24e7ea

SHA1
705bb03438de1f48afade92d629e975325917b62

SHA256
67e79fdc1245a33d9d0bb93025fa10d1a9e44832ae35c79bc906e3ee5050747f

SHA512
e4551251acee6c7f80c46ddf5f3c6d16d158d43a74be3aad3adc20e989e8801255434f8113894a23bd8eb7cf1f9b3e735316a10ed5a7c5ed61aa1440bd4bb642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
53ad940779eb89aa286d17fd17cfa486

SHA1
7dd58533c4563944b20e6d6b4d6e7e391fc3d835

SHA256
b791c98b6c2b2c6ba81d38ade2b9f928035454339cc5b4cd44cfc8b43090c68c

SHA512
43fbdec9807397d9c90feb1cf917363d06bf0cec567bb42161a551013b9da7fb85db3c8911867ce8ffb8aa39c17fe59a3479ac7ad13097dc07416b3d20ff4401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aedfe63935894b1af559a1687144e242

SHA1
68f0d76d6ac582bd83e1ea51b58c00e796dcf630

SHA256
50a9c17dabc23e372883260e41e60d6b8f9a87a1372a4ddd3a03c796a513ebf5

SHA512
94f4399a4f4eb26f2588997e877a9145a43875916e7779639b3cd7e02ecb3828e98840eed03c6ee054277ab18cf49ba5cf800e992ad640e7af978d3627ba0f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e48ca95d1df7c0c912f0e19f6b39a74f

SHA1
5e88a6b21982ec995d8fec1784d6c1d34f025fbd

SHA256
147507bafcb408ca4d54c865ff53061c630be200d7c2a34453f7cbbedaa11f8f

SHA512
2c43ebc6e0a19193a8cc4e64634d0ef0e626709decfcfc5fb27874b6372b66000508f8c957aa8c9c11d326bc5301cb8c3bbf34c43bef17d316a00c1b4ef07ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
780f9b8697146687e10543b1134314fd

SHA1
a16dee3b41c0228a355b21b942f3d01106c6c838

SHA256
f432ba5a64b8f2f9258f2d8288d0e4c4910b39d20852bd6c3e31e81b3e536444

SHA512
8520cb9e6c2c763650bbdcd7c11973b4f010e92c72d83634a9643b670fe8632a09e033c72d605a0b2c63f2955e252a6c37ce341035c24743e8d46b8f025e961c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3532242d260e10b558debf2ac26187b4

SHA1
f66b6b33761e2b7f800e8f93931e3e24372da52f

SHA256
b82388c26b0affeeb0c58a3621c0c3f4f4975442d88aee3092001c2967be430b

SHA512
a37e308dc54a0f3e6864ecb6cae799bca4dbc2016ef09a9163be3eb9a13a0a2bf54ec4b16ed9e08716e79ad5021ede7c0f3ac0f3c17f162a97f99b1e302cbdc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07fd86c8714ef65fc71523fb0db7ef6b

SHA1
68e7d98cd62d0790d9dfee5ab85747744ca6a6da

SHA256
e449c5ae57abc2f7b7a44387b65e53946b2e52d63b211fa44dda4db4973df099

SHA512
d87724e3e6b14c7534bbe32e6b556281c7de6002858c4f89ef5288253749a821fb0a4357d4e575113adc6704e5e84ba2a03cdb4e02ed939a389754f20187e672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
be66fb859edf5c7bf8c6be1f09816635

SHA1
6415269b2f8315206dba933ef3619ca0a6b7c873

SHA256
d43e785bf9a939e47869429f94eafc99ab4a87ec1735767212f0237127d2daf4

SHA512
a890e3d49e59cf4e1d36dac4898e15e51b64c0bc19eb6711bdb65adbe0e788ed40d2dff880034bfe55e60850ccefc86d46aa9fbc46f942ed77a0e3bec6e0137f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
85b0b0201fffccd4c5c419643817e235

SHA1
e34bb09afe817a943ea80db7a8b76f567fd3d840

SHA256
c54a11126b8e0cbe886f2f23636e51eb1fd51aa032b2f801e418e59fa0804ce0

SHA512
908a7dc68be9e59ca27366f79eca5bd87c2445d872660c00a04a97a064c029ab1744b7905c6777d1cd241bc9ee300046e5ae6e626f66022553326633f76e7f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
606e86441f575598551bf7869f389bb1

SHA1
49f8cac832c2f15612cee1bd490515516faebff6

SHA256
4434579a3489a83f67f6de3feeda0419b460b24bff47c9fb201d5135756d0876

SHA512
5d075990a220ac08d72e4b8f6ec2c920f2cf93e96ddef54461ecee58337be426a65988e8dc63d16a3b0a5ddf0be34e564271ba175e9cc296268942e08be69b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
90cc75707c7f427e9bbc8e0553500b46

SHA1
9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

SHA256
f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

SHA512
7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0d8c8c98295f59eade1d8c5b0527a5c2

SHA1
038269c6a2c432c6ecb5b236d08804502e29cde0

SHA256
9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721

SHA512
885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index-dir\the-real-index

Filesize
2KB

MD5
276e7fc5ac5dc798f5f9c9e21b4a1594

SHA1
93fd97e08fbe50658d732aad54389e9c146426f3

SHA256
ebbd0173bf18f7b63ec988673f729e19a6448f9e9efa80c9d0d3a7865a6b2337

SHA512
3fe2a75c905d28e7ec44e6f9248783d2050727780d1deb1d80a9dc78bcb84d049dfdf02123c451c86e8ffbdd25146275fb12af0c5b9d8a723fda03ae2d83a9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index-dir\the-real-index

Filesize
2KB

MD5
952cf969e226d649472274d1c86cfaf9

SHA1
d98587ee008dee3ab6f72e6fc639612c1077a59c

SHA256
cca8268861cd9c8aa3dea258ff25fae790184edb551f1b6a1ae09dcfa8bbd6d4

SHA512
e11caa3825a71ce0315aaba2dcd17df530bc626c06d827fc0585dcd3b7affac6c3b19212c38a434f9c319070336f69daa9ac7f7b446e07c624b8fdecb6eb2074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2ae1cd2a-719e-4b65-beed-319875f992e0\index-dir\the-real-index~RFe59c1df.TMP

Filesize
48B

MD5
d1dc70c6172f2fdecad6c0864812b286

SHA1
7b511f656245ad1b77f2cfc3a33f4724dd788476

SHA256
5084f49cc990352b7383b74e57c91961d7e601dd215433af469aaa56c27818b9

SHA512
191bbec0028133b81ec047b2800c3bc0198273a16c92e7709a1ba0950d69e71d0427ffb6e8159dfb9b461a4d3bb7f30b13f3fa9a29f36ce34568bcc75f1b018e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
8f9d28305d40602d2e90383589af4c78

SHA1
782228f5da0ac6c22fcee43e4fd4ed417b9fba2b

SHA256
e6a00972c17482d386174365aca078ed1cd0117729123214d117b63266ffaa5f

SHA512
c5ccaf7fcaba5ee86a6010d4ff1b5fafea758487d1cc5b9e20473e8d0b58044ddb4290b18db11f43ef793b3fbad6cbc91fc37b8d7b8b3992a8d7bffae4ed35a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
0ea5e658225869b347b835faea02e636

SHA1
f475784781879181b7a9e854a9a365a5a3573034

SHA256
e34e66c0b769b2ae5491eb4a389badba2ab36c495d481aa3277c3ab7b223a0a0

SHA512
25951b58857ce9e579622bc7dd8391f3787e0e3696fe29b8a43a438bea89dcf9cc49fe421249c180faae478e9b0ef03337f15d15302d06026c37ba2eb7a0c174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d20f5194996dce1af036ab489ffc50d1

SHA1
37a7a7c81a8c066981ab5a0a48017bb9ff3eef96

SHA256
ef87aec4f5368dce2663db5b635fae11a457e321f22d078eac9764e4a73f3c15

SHA512
147160f44a4c556682ea988d65caf1ce3f58584f8d5fa6a0fbdb308517aad2701b2a0747967eca4d9e01b8a08dec0079249c7da03eb59ec469c32b126cbd9e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
9aebc171e801551487873b5885d878d8

SHA1
80c9caf09c98381c0e65e63f4bb9b91d9395786f

SHA256
181b941fcd6b1a84f592231d83352d6d84659c93ea60d228a5a1e316c74ec5ba

SHA512
c0e68bba715cb299d94868c7e961435bf2d64ab0618d74d25f34b0f246ed0529d4ad231b4a1930b0980c23578848146078a581f06fa106f4a5e9fa573d4d11a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
96cf151ce60a01015937f3747211440a

SHA1
d28a5657810d475dc1d0e2622123fe25c8e72be5

SHA256
8745fcd0ca33c8203515527f86b697803f8e660284b2e1ca8cb2845574a1844f

SHA512
ae46162d3d4e71ccf7828cea0ccd37abde43b1c6d22a5bc5a99d2fd76f02879527cd8c8eb08b7f102d08d087119dd213f71f38711cbc706742f7e37331cae61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599e4a.TMP

Filesize
89B

MD5
cb4572f87d58648931bc34e3dd30670f

SHA1
97c49b9103ea2bbcf97ef845b1a602f049e79543

SHA256
261a4b299c61ed63538da0654a370e08b61b921ccb92ca4a24bce301ec5b70e9

SHA512
3cad852cd26394f4c0aa08c6fc9e3099d247e58c1da71e331f2fa5270c09ac278ceb3254fccb7a9dd388c0a81834d8985c1d903d1cdd77bd75ea41d9554ff4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\ff2645c0-3d15-4429-b6af-1d051001faa0\index-dir\the-real-index

Filesize
72B

MD5
d52787f8cc17b8b5e78e9a62d052189c

SHA1
6d8e381c6e7dc3db1746b179d312ac1ad55bfdfe

SHA256
702dec066fb35f80eabe3492811f19e4393b1285a900a5f93be99e8b4f034787

SHA512
327e544a83218e65a63ccadb4098470773c3acafb03f76f9ed02b83277723d574dc0b1efa22599f3a21f82c2e7fc7ee8044c3054482b679cbd218ca93556b33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\ff2645c0-3d15-4429-b6af-1d051001faa0\index-dir\the-real-index~RFe597f0a.TMP

Filesize
48B

MD5
a3a6e9be0ba9e1e5d779f1f67b6c287d

SHA1
ea6afcb30aac75cd35d088fc57031dbd758b0d13

SHA256
b96cf3a6e84416bcebcfba7761f168ce78e32bad4263c166fb6d1cb113315798

SHA512
c29e2444c68a4bb0acc062385034b139f90fc78355ab8aeddc88ec261c010cecf9d75e965cb4ee0c968bda0c6ba04eac640cd425495850b9a4135eb6f105ca18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt

Filesize
116B

MD5
6d7644bf5ff5c331b9d5c2b6cca99705

SHA1
7ed5433eab9bc6e799bde27f5b6380913f6f8ed5

SHA256
ede2181e221d54905fa2d093bb17c8c5efba77b9b35400132931e3091b34ffe5

SHA512
e2b38188883780748341f1b666e54ee3ba782806ad57e73fc539874caf164379a84129a713273809d9372091157eaa4bd4de751fff4a530adf9f4aa904b7d1bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\de63ff4275d236d5c1b83225b76d1c14d40b38a6\index.txt

Filesize
110B

MD5
334dc2b67c9eca9906c8816886d63306

SHA1
cd131608e7dfda4820dbcc701813d27f2d25f958

SHA256
25a2988c072fe8f77546f37794925b9ba8e8c639385dbf53643281407fe7a944

SHA512
f4a4bb5efb6671e6a12aeff28ef5e020ad5dfd759b625a3c10d251fd02e38f3826711502574f63f4458829fdb76f79d7880a37c08e3dc044e83504aa33f18727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3bed9f701f0863b29ab49823691bb390

SHA1
53a2917804983750f486741638696e635a5ab71d

SHA256
6fec0599bb51b84bfd6cea36bc0d58df3a2187522107e3b36dc63da7eb7326d2

SHA512
55e13c37f27cc8a0dbf4a05225a56a6b1d5d542249f53132ae07b017aacbfaac8791208b82385d3ada14fe385b76ad022b7d4b0a1d4d4ceb98d375f5830edb00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
b6cab0e15f5b0b77a5a7744d4138181f

SHA1
c85375bb5b204bade92d8d3128b3f74850372c0b

SHA256
ccc5da5185fa15b46f0433345e8d8fd309df12aa7e96cd1d5fea742dc8cac3d6

SHA512
07bd69b7f94d4ba27493ae589d5ed9971d275b2b69e372c2569e8c798462196ca43230c6fd032beac2269d2d932f201c87d90932e6c69225b0fe8ed789c0cbab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0d934832f8c40a50acf7911455e6fd1f

SHA1
ce18b0af7e55ffecb1702122cf71da6dbb955a07

SHA256
f9574110112c97e18b623c8a3f66509113e0b97bf82037d90419a28e2a267234

SHA512
fc0500e8a3f1430bb75becffb187e4950f16018375ae1f8a11423d78beb78d8661d5d9e00e59da4a8288a105421f634eeb721ca29653082c4edf15544ae75f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581fc8.TMP

Filesize
48B

MD5
f6db693688d626f37bc6a980fbfa0dfe

SHA1
bec05f6d6ec4c0e2461c2b5f346998a30e84d2bd

SHA256
bd98793a56bf63203ecb01e9b4f94df4120f1112798126f43b5fd6859c0f491e

SHA512
ce17c68792d4e95c793786f6a8b010581c3af70e1629a5a5dae25cebf1b5e285f7ae516f2200a83caac9a3425ad01a1ab87d53cc5854a06bf2cb0bfde79f5f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ad225314f9f3a068a44e91b32cd08084

SHA1
5984ca1c2c8f352a38cc23c1fd7813d80bcfc5aa

SHA256
956835ce31d13f7c26984d2f078a55469acc7bf6296fc7cb500c48fd053d34dc

SHA512
eddb7ddc805386823bfb77de81bb335d22a138f94994a6ad3b3b0450a79e46d153a570aa0b08e08e1ba7447523495636322b76e9d39b7211f70c6ea365a39fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3931d2a1676fe356e3cc538077b3f6ea

SHA1
cff4007125bd1af830cdf643d64a0d587977528e

SHA256
768fbba4cbf894121f6aabafbd67f53c7775e7ca046caa11c9dc7a91bb0a7ec1

SHA512
897ea86dbe6ea28d395ac210d0385a4aa321e388a7994da7b31edad3ece464790db5f8089386f605b93f85c81841ed4df79b4d22c888a75e1a68bfaded734ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
71af98300f399e90ca91dec41b6375cf

SHA1
7028cbba4bab491c5dfe37b1dcce1bf8b42cab63

SHA256
523477e248ab1e451f05703790a50d3ebae06ed0bdb16b942b45342a4524a32b

SHA512
c60d5e24804d7d7f8e33f59f51ed711b722c0cde14575e457b39a26cba4243b53d2c967064f5c17c2f1b697d40c7dcd552dcf9298a7c0db03e18afc2d73a184d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b7c6ea1f3bd390f4aa61e32d39990e5a

SHA1
96e7b5f3d3961cc2fa4767f31f5a9f24140ecb54

SHA256
e37832d356f75faf749947bffda87e015332d07ebec295277a679e7561d7c6d3

SHA512
00a454c774426e11f37e248daa7b80bc6dcc346e1a430869fe09c0f089a8fd78a85f5f0b9ec2c8673667f93611702c8a4505270b61a5e8ffd30a061e0f051b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3e67aa623b981501513a31896187d5c2

SHA1
f80eab93c39df6db780324449dd054f939871db3

SHA256
bd5709742fcabf2310b1135371dace289dc4760a1b9d94d0746328fbed301218

SHA512
ffde2ec538317b7e9f56b0e47b8f197bb30930dac07835f21fa436858a4e9f454ff807530d8c0898df0021102fbf29234454dccc95f6fb7f2f4741d289108188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
eb5b263915b95e1f3ebcc23a39175c09

SHA1
e8459cf063c25f4e9dad06ec5086c1266b599d0d

SHA256
a1fc0c05ae602d267c7bb22f795ab7ca673fedafb4e9a636144b8c0f40c1822f

SHA512
6db1bb1962f40e00ef8f9db118ddee92c604b56df21b6f298c88176b4f57aaddf59b131636e4047f1d4f6c1567642f545e53fc420de4e8ccc88cbb2686995d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
fa6ca494aceeaffca5b60642218208a9

SHA1
bb4487642c8cad37731e073f20b71a59ae0c8087

SHA256
807f03b0ea494dffd9538337ef1625a207983a23d1d839c8fb5ce09960a3e3e5

SHA512
56244d601417cf4fd9afd94df2e0bab443732c94f489222b8708b41ff7068720c4657d9ad411d1fdf03f2bf1a5488cc36c16d3b8530e8ca76a4285fd509b9240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cc04aa7c580e22a6a150750aa316d8f1

SHA1
50e8f1c718f0c4a8dafd10f7e537965d242107dd

SHA256
9ec6fc5a88fd8e1814f5f03ab9a2be30e72662f01ed79929205b49932e17f45f

SHA512
b20ad5df6b9e9472b43517bee2f89498cb40830fe5ad45357b9db3726e521f0156d6806b5fdaf6e0be02b2a394bea2ca90f57585196354713eb93c7fe4a02d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e8f46e0ecc0847bb6ceacc00a0ac87e0

SHA1
96df046cb962584723c6687e86552dba618958f0

SHA256
56bd6eadbc0a36c3dd15e5480d2322f42f1074f647dbd57de05eb7a1d732b147

SHA512
e281f427103ab0bf9104ae470c7b5c7258f300b63500080ede7fe6d4d166d4dc83262a89a4a16a6bf750e211ab36c1e07c9588470617827a294608c2b5c9c6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e01f.TMP

Filesize
2KB

MD5
bf781a0b74cf55caf348ae78269054ef

SHA1
755c31a9e0f7a7a89e18074e097c803b62117d27

SHA256
3762de878157b4130c97f38503ea27ecd464a108dca2eae1c4ae6eedb21f044e

SHA512
5b561ff3b270b6aa4a6a71fed4871425b84c6de8ee0dc9a1bf8d49942f7f08b02931fc6b6689f570104a2f4be61be34fb91099a207e84fa6a2baa1d2f9f20cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c8f2b9d0-0069-4d10-982b-f0d5080dc38b.tmp

Filesize
12KB

MD5
8953eaa269b82db6c50f4957936f984a

SHA1
818f449ee840e94f9287aad2e936c9296a9b24f1

SHA256
165e3ac47b786b37a13bc49acb37d03fd297dba264b990f206587ef29ec0e626

SHA512
d93e0c7cda589cb88ac0a78615d11f67955b31a19c6f02ea05a157a7bd9b5cad4a16f20d2e5f6473453234daed184e996e0d8d84703734581b5a07363ad31dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
85bcde0444e74e5ed81e7bc7ee3a94f0

SHA1
8ac2e850c9a42fcf24bcd05c55e2723a27f22357

SHA256
6d9d35ddabe06f02219f8cc7b0ef11bbee953f672d011f2b530f067338d03108

SHA512
c1292989d8c9a0576b8aab3ab83dc0ec4cb5a34c9f090d29320327f483359c0e4184f6fb063930b6d6560f67e5d9cd6b17744ca6ab3b025a93daa81818c93f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d841547198246e63d95424b086ca5f5

SHA1
6094bb391963d5f822523e5fd2ab5e86f8d203fb

SHA256
993870cf3bf0de03000bc942cd5fa2e291e20a21a6b0c0ac026b7cf54fc88678

SHA512
00316910ff9afef8d06bd351f81f348d5b3d144f4da81ecf6b380b732b50a5465b8f49bc0d50575363adbefedb51d06de2cd795d980da4ad839b797583c40650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07b38127b2bc659eca72838f0e297553

SHA1
6081639786b5f6b4112edfc822cea2ac90a6f172

SHA256
dbc1e308b0be54cde41435c97de7ac5988aab4909dc58ee71f3600f5b560a78a

SHA512
9c074af0be9e762d75c709d170b41ed053a9c86035d8311628f6f12e5063c0c988055d21542aee1201edc22b296efe9f8d2698e3e13284c79f605b61bc938cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
406aee14f1ff61c84f3d9e63ea9dcfef

SHA1
9de185a36f4a3c2cc745c93c3695e1040fbd2bb4

SHA256
694e2aa2675aa7ed9a5ed919f6cbb163f3dc39c862559995363f972a734fbb20

SHA512
1a374eefcabebc2a707c9f05c8de6e71cba28d418385bfb67c89217053ec280a3a88392064f2b35dabbfe492e2a162f3b4ab26dd1d854e7298232e22efe54cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
3d4ef502d2912a70c362072959cc0554

SHA1
c63b4efc83c73822429859fb51014cd291f48ab7

SHA256
bd965be46432eb5aadcdbd12643e16c6649ed3466de3820d41b4531bcff0cf20

SHA512
57ac2aa7c2198f7dab453bd30777240f5ab710ff0e960c83527e1e3e6ff05d716c83454026e52a5d30e94423ef18dd375b1ab57d641ce1cc8cf06b02cdf57340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
f97b6fd19176e464bce3b61b4b871635

SHA1
a40e3135692777171d64af7017faad8b6c628b05

SHA256
fe230bdeafbf1bd9c16e144688ff9a189172b397a7075604a78f1845b50dc053

SHA512
0c9405b73b23464d0db4aa253a04b33a8c90ae02c5c697ae29d3ce00d9e263539527c2c47e582f4fa37669da84a97205eac47371e1441f5a85f8ff91691b80b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
e9f8c099d6872ec0a544540dda78509e

SHA1
49f154bcd6c86e943e4668b97f78e68dc4b726f1

SHA256
a96f8f5be21ca915dacab7cc25c3d9d6c8023c72e14bca4480b6d73d816c065a

SHA512
4048b1d6b741a253d02a4515a185fdd00f68f0f1163a09115cb4e97bd4ed9bb27af96d1b38683d73ffbc09f9f68023a015a697b99700abb708d471f15d27be87

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\33809CDBDD69269236BB05F66DFF2693F384205C

Filesize
65KB

MD5
f92c9d7cdf7443551d331e580d01a647

SHA1
c13b2a599a008f53130bdab3d4465a8c00bed2c7

SHA256
9b969350175291b83394f8755fe0108263a52515b12cc8c21b08adf0a55b0635

SHA512
414e03f7c0f987dbdf953fc02f04a0e558cc2745ab707c1fccb899f22b42f2ec391355318a346245726418e6f20afbee858d355862866ae5ce84ec4c76ad5857

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

Filesize
99KB

MD5
eff00426d6b0aff6b47bb97ab831f89f

SHA1
83e16cf56f9b18da2be645326584fe7c2febeb51

SHA256
4bff23009145c88f426e2f88bbb1f6ca0cec1215313e9552524a3b3ae849fe46

SHA512
0a2e5e6f19cde1c3b8bc34cb063ff9b0e08529d16bdc33f45159aab96b219784baef16c246ab64f4de9e09859c9bd53f36a24a70883c0fc72eba8a2bbd2d3eaa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\7FB78C9D4678D3E57F04D54F36A2847939730A90

Filesize
37KB

MD5
cf08239833d47b513aad96db07fab757

SHA1
dceb3640ba7236bf27db3cbb4ba87fc4106a85f8

SHA256
6fb7cb68992682b8d9b0476ff2ef418c068af2c496695efb93c321e4f765fd4e

SHA512
a0caa373b9f1aecafc0e25bbfcc2779b5d825aaa6f8a98ef064ca95a4267dc87da9b4f481535202fd0e637d84c2fae0aea3a6e1a6f09752d0df859fb444dcc21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\8ADF0B8FE76015F32F4AD7D4AC02D58AE5922581

Filesize
29KB

MD5
ecd12bd593b123a6e886c1dfaab457f0

SHA1
177c54b4c6e296b8152bb697ba45500bea98d954

SHA256
1d4c1992d9b983819a6a1036bba871902f5a0b572f96e511c2c81f5043a95644

SHA512
177cb390ff8fed1d8a6e667bc45ce9e9e2b44b7bae45d31dab85768f9198e39f1985c0f428b858825e1e753a86bfe185760825a5f381c69d83499bb6b9c07e1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\BEA4DD767DBD7BEF2D1146F1A7C7B6DBEC858F1D

Filesize
41KB

MD5
15511b3e5b70dd3dbd027b2a0bcf6022

SHA1
66cd16b6ccc81985a1bec32f145812cb187b2e92

SHA256
6304ddd8458f80e94ff9bdc2e62a9be22927536e65228ff0c4d9f796565ee96b

SHA512
a6b153fc7b8b1494d2e2faf91593cae39bc2be8a350cf7f0331eb6d941283e66315a20d8750ed07d7c19694d9ac60e5a743e894424241ae3f0201a8a563c5e30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\C63D2277AFB9D33AF6C3CFCCB684D58B42F37D12

Filesize
34KB

MD5
aad8535d879c6ff9a0b48a9578fe3a18

SHA1
93dfc406c4e07940619abfb64e9dca9b2d9241f9

SHA256
e838623f5a4f8b7da3683714ef13b409c60344c832d14295a528e01469f9b299

SHA512
7c6327d3f53c259cf904569651bee9c87c67a071e1c3e96e67fc97afc1444a5ac3f151a07d0d3b8ee052abc568ab74f7347457757479a274c5d38bfe09022a6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\C93F59131F26430B8E189FEBC8E637317721CE6B

Filesize
40KB

MD5
787dec87151cc3175dbd024b775fa427

SHA1
37594fb92e64f5fca35e90803711b3fc408874fc

SHA256
35e29797f4fb9803a4110933e04f9a83abe1970c6063cfc2f2105e000849d110

SHA512
c3c05c18a935a1533f7dd142b7e7162d69932036aacb723a73aef91e9cfb90158d0afe0d4d9f89f0e88b0b9775a910b309804e113fe57c799c9f657bdb704da3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\jumpListCache\rsC0IwZXNWMY3JWIAVeJrs66EWZbCk_wv_Wsi0dOIQ0=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
d8917a5cf44a9918390e179b47109333

SHA1
07f2a5e29eb7df806298bedc850d68c3b17f1fe4

SHA256
f3cd143801b8985ec6c5a0e30dd1c857bc0d3c22e218cba561c1381dcaa0a18f

SHA512
0fac82861ebaa21768d2d6df6c3a9988398d0b9c43fe34ea4c8f1d6337a20c415ba9f4b6fdde6b8719f34b22cf3e5859fbebf9e2ce9a2c05b8ad1ede855ef214

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
dcc7f7210bf408db6707aa9743cb8554

SHA1
3a0dbb3a5882bd434962bc8391ab738802a9bf7b

SHA256
26db5d90f4f41734fd98c4f909bb40da2420f273ad4fd729ed8a9f5a1215ac40

SHA512
38e1b5cae546a4cd622e96c916216ea681a2fb336f4122ed5cd9d1d275aff4ad3755eecc1f0c36e6ca065952c521b06974fbb6c57ad7c8fef7e845190c6fda9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
975ca4fb12020601e0b2a5bf219ed03f

SHA1
5f78d43ac4fbbeb91f067bfc3d3301edb1e1ab6c

SHA256
ad02fa8449dd0eb4a7a09b6cedb3612d56594333721e904db7721be5a712680f

SHA512
7a5e24c09291810d9b495a9487b71fe531866506d78cbddb55337e30bddd1fdc253baf8df445cfaa8814e88af3fbdf462bf69cd7cdb301437b0581ca590ff695

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
49e89edc4619d5fa106cd2104c495814

SHA1
9ceb2b69e07beac3ca9fce00600b5bd773e48267

SHA256
ce5698ab9471f7ad7ac6c3ed491ff01c4a7d0cdfd5c9dcedc1dd7d4846e55b91

SHA512
afb389d2f717cd89c3f640e7059d8d11fb15f7c14de1fdff8aa2b7baaf7eef9db057961c7dfe347239edf5203f463a37cb5b38a07894bfc966e2c6644763afd9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
4a9120de7552002fc56af804867c1ff9

SHA1
c02fd071638620e02665f31bb9af64881291179b

SHA256
495fece3a372ee6ca510e94755b946064988f6eb619a866a58f958a4e9f6130f

SHA512
343db0c58147a6567ef564afb8f40e6647528bbd84fe7a554e3700fe4c89044a2ed4c7eca58e047f5306952a6926e0ed4eaa8271934118a2c6c0d3c19c03fcd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
d8de7b6d010c9708a3b9b5cf395b65e9

SHA1
63b10f547479e8dba5bfb16728299e1d0588c9f9

SHA256
fc50537ba852096075e0da4b327dfd85a5892536534d624a4407c07ed4775a2e

SHA512
193346c9276638c87f27bf1337644d0997f115c2ae1d785a8b7d753a7475f04489667a885bb0c9d13c8a6495e3a2eed1e83486f0073d2176e2e72c797bf94028

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
9bc5e7394a25776664a3e91dac5c5a5c

SHA1
47009ee755dbb6056d1d4b1986b71d3f6b5448f2

SHA256
f93d9760911b0781edfb984d772da360a8480c650238c42a07e1aedcbb199896

SHA512
d8e0a1958d020a6c205bb789b1e87a51d9ae565780ba5b9bb823976e4cd02b242d2b7738afdf36a9331d132839dcedddefae8c59395c2e270d9222359aa777c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
95d5f6befa44f9bbba6d8c8779d4e52e

SHA1
2d4ab32d4d35040d79e035ad474b78ae901796af

SHA256
5fe87cfead644e64b04e7a1b0af635aaa517d6fb58492c41e3a97c08ace9cf2c

SHA512
ab30622906b5abb31990e18ba6cb4f190914b4ffd37db12d5c110388c263a50ca630cf45a1b0da43c9ef9bccf344c3444c85a83a69de1d140478ce60558003e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
8af84972b5afb7d1262350e509cffc34

SHA1
01e4a6c59498f83c753e2d8d40548356a2fd0d2a

SHA256
f1099e514fe96c4bcb138aeb299808bf9dddf3ab0c18a28c6f60ffadbb566d83

SHA512
7eb8cec45a12fa654275d4e69cddbcc9b00fed8f87622ce80b9fc70fad6424d405583581e6f718b4b0bdd49e27693be64e60a97e9f9102e04fb4e4db347c2cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
9KB

MD5
efa0707b2b37b81b7917ebe02dcfb98b

SHA1
1c4e20dfb421e11bceb335760edfcd4a9cc2db27

SHA256
dc29eaa2101765d025e36d6f07b2df7c7ce287af2066cb23b2e6a430f762de96

SHA512
691cb15fb1f0a4ceb6236a6e8008c0fdb71f41bf3c5a7fc6fba2a0572e3db44cd4d937998384f4a79674d6cbe7ab5f3d88036d45f6738e7eed1e3d5439c1b5d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
c2969f14dd43b86a5750aa0f033ed4d4

SHA1
0c7c61fae17af5fec142721b60c9cdae1b222e7d

SHA256
b59480e3aab90de67daa135c1b1cc7d96fd4da61ceb18ffca91f4b5b496535ae

SHA512
b10c6bc728ee2c016b0f383bab7aba0615dcd01a452f15f4c8b7d7c56da14f63db6943635c2e3a516763da4d7958b9dc4d7250ab7ae653deaca8053210f501ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

Filesize
8KB

MD5
87f6e29c3b3e96b77a46bf6d16555d29

SHA1
a2568a9fd899751c1593908c2eb4f9ca9eb7f747

SHA256
fb759db1514abd8ae5502994fb5f2a2e5f88073bef7241b3b6d3452723791949

SHA512
6297038064028e3d7328235699483b93336ab1badb59e5ebef46cd1efb9b7d9b1b679de8e96fd1d957bbd3ec1911d7bbc3995dc1bdc29af18637449ada775319

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e8141118cbecdcdb7cf8cca6f8b02fff

SHA1
b2cdd01b864da6b45e77c45fb78d2c0e445635b2

SHA256
9f18727c1013c3f35afca53315e87d2d05ee3f346fa1de990e423041b3f631ac

SHA512
261fd93c9ae032f984c4ac2f01499826d1b62f11cb86456c369bc4b155b3aa5a27f74a27e809e9a8563d9880233352dba958210d6808becc192a75f06e15e272

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
982ecc854c8faf4b7452cb6f67af5b81

SHA1
8e4212e6be2e8d188ada9bc02e1e6a9dddb4e672

SHA256
acd24228dff49b87a20280ec7d0202289553ccf5ee8b70665ba43be932c89048

SHA512
3ac965e1d8b25742663a6c4df86d448ecc96670d8a2d396ca9913556b40a740014e041f13d6422834e6fbd3f5021ee1c94216486a658a2004116926d1cc5bbc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c084a2d91bac3ac94f9fc31239ddd14e

SHA1
16e86e5515b9878a9b843a0328b2f8e865b8bd1f

SHA256
1a10c509d5e831d941924b2a00a0a3839affaa033cdd8ad257d7f03b2fc46c9d

SHA512
c94a590a7f4bd8af3ead298d604499b207d83f8c331b021436ccdaf50951736d19f29ed53eb85bd1e66c626cd5cc8d409a3f7a4f6624febf2eb8a00725db49fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\3df0246c-61d1-4417-bf15-44a23004d130

Filesize
25KB

MD5
8995f82f800db4c90787adcf4f10d287

SHA1
510b5015ffd5d206c2068d5269a2c1fe4794c667

SHA256
0a738c2b1f7583a152ce84251916904398e185f84785ce4117bf48c1056b5f9c

SHA512
98d5a31197536b0f5b9eb28cf16c6ca4a3fbd3ab39fb06782536a6f0c8e32a8d228c9eabee95dea08962228b38a8beee1fca842c8f8d2cf741539f8376482c75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\406cca4c-91b5-4d14-b7f1-78dffd4d4884

Filesize
671B

MD5
c6684513ff7110b1b8cd6f6811bb75fb

SHA1
e3128cc205c5c2d78d076aa3c8463b0a7924cba0

SHA256
c4dc36a6c626a1305513a08347b4b7c815ac0c2896c5775052eccc91183c17f7

SHA512
95525251799a44ea4c84ec959cb029af3d14a7e7e50003b462a8ed8d6d5f23ce2aa76c80f3443f1706766e99c0eda061583472be728d9aa2a3e97cf453ad09e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\c88e60b6-73fa-463c-8ce0-00ee08e641cb

Filesize
982B

MD5
e7f8876da34920426cc779ace4abfe08

SHA1
4718213df03ef022cddae75d6578be3e6bc58e71

SHA256
662f86f333e0d0826e9a10162e96ec8e84a64ce7db0394435b793a35ad64856b

SHA512
210f2134f5e22b4416fc731990e989d6d28004f4a912588214b0e264519e85ebf0fac58301283e8185dc1d870c00077a856b2e259972f6af984f5406acc98475

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\cffd9bc4-e110-4ab7-b80c-0a0721e35e80

Filesize
11KB

MD5
ac99ee7c283cef5e86cb5aa026c39a48

SHA1
4e8671ec2b4f499f86fb78191f84c1fe394ca7ca

SHA256
d3868252cbff4182349e20098730a26fdd5b59b1aabdb4896f1fed4cbd7f062d

SHA512
bf1dcd4e54d23f9aadc2eea74171a3b65613dbe68bb55b935b4f855facec6d524f49b6eff49706c47ef5e88498f3a9e83acbbe0f1b33ad19be4a7e9ba1fb38ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

Filesize
12KB

MD5
3222e5ad9468d7a75849a03f52453cda

SHA1
47dd02d5519a72c4b7c6df8765e53441345cc738

SHA256
75475e534dbce3be9661e0b1d46296a09f17b0477feefd6c9fdb9ab0cce65c2c

SHA512
d6f9a9bd032fb2c2bfcaf56d0a4e519f6e8c76cdbdd08679ca19839288763365ccde1a86cf5874f26425ae1ec6e41526eb90edb4283e18a74c9068284ff345a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

Filesize
11KB

MD5
e3505e0fbb7b9c316af83f3e2e5070a8

SHA1
3eba8ed8ff8d435347eb7a2f0a92519d2056a3b6

SHA256
7cb9b400fdd433ba1b3f3b33ad43dcef4086b8176d0b6e7f2dfc9a6416fec963

SHA512
b6ebb2be79066a16a73d9f451fd67dfde9989ff13fd1dcb4838bb3b2380d2bd942a6be0c9f12209aa8dca4197d2adc730c80884ffdfb7e8c55bf21f380be1716

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

Filesize
11KB

MD5
693085c79b7a70f4efc2506556226a1c

SHA1
4bedc2e9d4186fc3cbe6df8724e2ab8ebe094338

SHA256
d71c48cf52ee0f26ed32f7ab866b5db1fd56fd5c93ab86750a1ce3a32c7c0fe1

SHA512
6f21c3f34c25196b9a7098cc07cf592b97c7eedf7536959d59059873ee1da4dae12762614e59f5020a51773ef1c2e1983cb397aabaa9bbab66415f0a51469018

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

Filesize
11KB

MD5
1673a1ad853223f6fb0aaa0963b6283e

SHA1
15b6b98555e78f02dffbdf096cf9d81534325e1c

SHA256
30209f39e2af45f4f5c7f172790f340d0bd47dd17477813fa258b29d3173415c

SHA512
d067f6671d277f536811edd5761e8e03a5a40af34054b4ae33d8e9b14629a03ef3ebfb5781838b891b175deedce3da3b4331d0aaa57ccf09b7e273c2a7ae1b96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
7a4689a5f7237cd33530466ff8845846

SHA1
df55364cd23dc2330bf0a53b40e262d499bbe35b

SHA256
045250121a79ae047579b7e54456be2c9032e05b9482256edd397da0d23367a3

SHA512
98a4de8168f76aabfd2614d1d547d4a5a883a0d23eb38fc3ba1e1c628d20dfabde47e6f12e896c99caf4b2d28ea696d6f8c0039f7da235f6fe9b0e4b5a6310a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
63af4c5424d1463b04416cd20626fe3a

SHA1
f43ba59fd7cfbdcc715397ac09bf87db08ec92f0

SHA256
4d2354ab51b4546098d61ccbbe91e16cb16a15b2e488e963751df3f0493fc028

SHA512
05d93bd57125475c6039a5f4e34629a4169e225c12cd22820f0728b584763895c6ecdaecc1dce1f912142941a240675584cff32a313772f2fd0d8f12af049aa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
24d9c32912535b5300aa8fc4ed829f74

SHA1
9c2e85e41da233e5c7374bf7ccfde24863041a7c

SHA256
f9ba7ccdfaf235580852ca8dc22d99d240e88ad9d55c35c190391637caf248a2

SHA512
7e89af723bfe03d267e63a66f130988cc59a72dbccd4e64412ed7f4bae74ffd3aee3875a42df00faba757b22a8b4b5a40c3d6d2683e1cd6ca86663570fe3a5ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
6aae807ca9a41345ba1ff1832a0d2c52

SHA1
522899a6d75c8918da9cb52d800a91209dc02109

SHA256
982f8f3fdc1f8fcb8316042b2f2b711eded66a57622a73e15332f53ed333c6ad

SHA512
b6e56b309a9222a085a6a5006ac46f8d7d01fee97152e1d2f4c4180f3167c2daf74ff6db6b56ef7385479a50fba15a256a7149f475660a78b45c097200c7e3ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
644c072fb2ba59e1d8b64d3dfa041d92

SHA1
5ed985b2340804619081090cb896ce8d90f72d3f

SHA256
86568d5aaf7f2bb9aa85e89621056e23420a27f6a85697ea91713bb6e102335a

SHA512
6cc0dd90b05d728ea3dea136b978ff688b074e0279f0cded7e74a0233b0b74097513e1a626726a30ece5a90c9c3f4636ff86d94b5f1f4354ca477c0bf4badf68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
f17bc5883dc25040f47619e179567109

SHA1
6004adfed3e24139b775829583e691118bafbf73

SHA256
daad59f1f376cc41b6e2c22d6855820a477fd7ee64fa8249945703fa86f1cf6f

SHA512
499661ea8cf90111af7e8dd1f1df325a48169b52155e28169a6420318c9f58fe112b1d8c9a5b4d46138522e780ef30a64068d03d2cb650fd1e99fd90dc8fa584

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
6d059d5b2631fe287b75875b6c5e92f6

SHA1
55e3a5d018eaf45fd45d76123c6430368ddd8f37

SHA256
aa9c9d58f7f23f60dc3418dda5def08cd2cfb24e0f1cad41935185e97a2346be

SHA512
0257ec1878577066916d7061a199af7e8e0493db6d04b17063d35354329b7b4119461d977a35a9e89d336784b3539dd855200c81c96908357a4a8eda684a2586

Download Submit
C:\Users\Admin\Downloads\Amus.exe

Filesize
50KB

MD5
47abd68080eee0ea1b95ae31968a3069

SHA1
ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

SHA256
b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

SHA512
c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

Download Submit
C:\Users\Admin\Downloads\Amus.exe:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 761916.crdownload

Filesize
18.6MB

MD5
b464744ab9c9ebd75169f1c8639e432a

SHA1
ce83cff14a367c1fc88fdf1b9aa3df2e64549d85

SHA256
08975e2665243e02ad55dd53892d907554b297bc19ba2e4d11334eb67b45f3a6

SHA512
37f4cd8560b480126ca38135cdac10d28e56f36ba42583b8cfbdaf6555bc656a2448c67fc715b2337e1db07d4d87ec9336e7f7ab5418bf2bb4f9a0206817beaf

Download Submit
memory/1168-3268-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2148-3405-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2148-3234-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4768-3435-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3443-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3442-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3437-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3434-0x00000000087A0000-0x00000000087B0000-memory.dmp

Filesize
64KB

Download
memory/4768-3436-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3440-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3441-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3439-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/4768-3438-0x000000000B1B0000-0x000000000B1C0000-memory.dmp

Filesize
64KB

Download
memory/5564-3398-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/5888-3260-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/5888-3194-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/5888-3469-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/6112-3400-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/6112-3403-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/6364-3467-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/6888-3114-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/7016-3113-0x0000000002350000-0x00000000025BB000-memory.dmp

Filesize
2.4MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads