Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    405s
  • max time network
    405s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-11-2024 18:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
10/10
defense_evasiondiscoverypersistenceupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 7 IoCs
    defense_evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 54 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2680
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe71b846f8,0x7ffe71b84708,0x7ffe71b84718
      2⤵
        PID:4980
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        2⤵
          PID:5076
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3936
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
          2⤵
            PID:4380
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
            2⤵
              PID:4612
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
              2⤵
                PID:3556
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
                2⤵
                  PID:1440
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                  2⤵
                  • Drops file in Program Files directory
                  PID:1840
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6512f5460,0x7ff6512f5470,0x7ff6512f5480
                    3⤵
                      PID:3660
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:876
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                    2⤵
                      PID:1704
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                      2⤵
                        PID:1532
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
                        2⤵
                          PID:384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                          2⤵
                            PID:2332
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
                            2⤵
                              PID:5908
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
                              2⤵
                                PID:4960
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
                                2⤵
                                  PID:5400
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
                                  2⤵
                                    PID:352
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                                    2⤵
                                      PID:5444
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
                                      2⤵
                                        PID:2216
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                                        2⤵
                                          PID:552
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                                          2⤵
                                            PID:5856
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                                            2⤵
                                              PID:5868
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                              2⤵
                                                PID:6040
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
                                                2⤵
                                                  PID:3952
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
                                                  2⤵
                                                    PID:5932
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                                                    2⤵
                                                      PID:5504
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
                                                      2⤵
                                                        PID:5692
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
                                                        2⤵
                                                          PID:3264
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6332 /prefetch:2
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:4976
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2712 /prefetch:8
                                                          2⤵
                                                            PID:4516
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
                                                            2⤵
                                                              PID:4412
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=932 /prefetch:8
                                                              2⤵
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:3276
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
                                                              2⤵
                                                                PID:1584
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
                                                                2⤵
                                                                  PID:3300
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:3248
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
                                                                  2⤵
                                                                    PID:1540
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
                                                                    2⤵
                                                                      PID:6068
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
                                                                      2⤵
                                                                        PID:4200
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                                                                        2⤵
                                                                          PID:2976
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
                                                                          2⤵
                                                                            PID:5628
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
                                                                            2⤵
                                                                              PID:3316
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
                                                                              2⤵
                                                                                PID:4712
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                                                                                2⤵
                                                                                  PID:5240
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5200
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                                                                                    2⤵
                                                                                      PID:1208
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
                                                                                      2⤵
                                                                                        PID:532
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                                                                        2⤵
                                                                                          PID:2672
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7984 /prefetch:8
                                                                                          2⤵
                                                                                            PID:5568
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,17777964035514103005,3744025752510246033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 /prefetch:8
                                                                                            2⤵
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:3744
                                                                                          • C:\Users\Admin\Downloads\Birele.exe
                                                                                            "C:\Users\Admin\Downloads\Birele.exe"
                                                                                            2⤵
                                                                                            • Modifies WinLogon for persistence
                                                                                            • Executes dropped EXE
                                                                                            • Impair Defenses: Safe Mode Boot
                                                                                            • Adds Run key to start application
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:3540
                                                                                            • C:\Windows\SysWOW64\taskkill.exe
                                                                                              taskkill /F /IM explorer.exe
                                                                                              3⤵
                                                                                              • System Location Discovery: System Language Discovery
                                                                                              • Kills process with taskkill
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:2080
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:1456
                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                            1⤵
                                                                                              PID:5000
                                                                                            • C:\Windows\System32\rundll32.exe
                                                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                              1⤵
                                                                                                PID:5348
                                                                                              • C:\Windows\system32\AUDIODG.EXE
                                                                                                C:\Windows\system32\AUDIODG.EXE 0x304 0x39c
                                                                                                1⤵
                                                                                                  PID:5900

                                                                                                Network

                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                Replay Monitor

                                                                                                Loading Replay Monitor...

                                                                                                Downloads

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                  Filesize

                                                                                                  152B

                                                                                                  MD5

                                                                                                  b5fffb9ed7c2c7454da60348607ac641

                                                                                                  SHA1

                                                                                                  8d1e01517d1f0532f0871025a38d78f4520b8ebc

                                                                                                  SHA256

                                                                                                  c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

                                                                                                  SHA512

                                                                                                  9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                  Filesize

                                                                                                  152B

                                                                                                  MD5

                                                                                                  32d05d01d96358f7d334df6dab8b12ed

                                                                                                  SHA1

                                                                                                  7b371e4797603b195a34721bb21f0e7f1e2929da

                                                                                                  SHA256

                                                                                                  287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

                                                                                                  SHA512

                                                                                                  e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
                                                                                                  Filesize

                                                                                                  47KB

                                                                                                  MD5

                                                                                                  0d89f546ebdd5c3eaa275ff1f898174a

                                                                                                  SHA1

                                                                                                  339ab928a1a5699b3b0c74087baa3ea08ecd59f5

                                                                                                  SHA256

                                                                                                  939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

                                                                                                  SHA512

                                                                                                  26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
                                                                                                  Filesize

                                                                                                  62KB

                                                                                                  MD5

                                                                                                  c813a1b87f1651d642cdcad5fca7a7d8

                                                                                                  SHA1

                                                                                                  0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                                                  SHA256

                                                                                                  df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                                                  SHA512

                                                                                                  af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                                                                  Filesize

                                                                                                  67KB

                                                                                                  MD5

                                                                                                  b275fa8d2d2d768231289d114f48e35f

                                                                                                  SHA1

                                                                                                  bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                                                  SHA256

                                                                                                  1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                                                  SHA512

                                                                                                  d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
                                                                                                  Filesize

                                                                                                  63KB

                                                                                                  MD5

                                                                                                  226541550a51911c375216f718493f65

                                                                                                  SHA1

                                                                                                  f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                                                  SHA256

                                                                                                  caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                                                  SHA512

                                                                                                  2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
                                                                                                  Filesize

                                                                                                  19KB

                                                                                                  MD5

                                                                                                  1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                                                  SHA1

                                                                                                  6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                                                  SHA256

                                                                                                  af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                                                  SHA512

                                                                                                  b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
                                                                                                  Filesize

                                                                                                  25KB

                                                                                                  MD5

                                                                                                  a0914bc7fb19bf3ddf3ff50958a69e42

                                                                                                  SHA1

                                                                                                  24b38738128b1efa1dffa433b25d5b1dc19dc124

                                                                                                  SHA256

                                                                                                  8b7bde3c9555d7d20aba60467cdb0e5901bf9112ac781562fe9cf442fb08cd43

                                                                                                  SHA512

                                                                                                  7693c9bbafdea30976470b3ff95bb6551f7cc2234d8179e820764ac4ec8e1a8368eee71a8804e07bf0278d636be08bf14f8cf4f3bd586328c8e9a12834df2b7d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
                                                                                                  Filesize

                                                                                                  40KB

                                                                                                  MD5

                                                                                                  3051c1e179d84292d3f84a1a0a112c80

                                                                                                  SHA1

                                                                                                  c11a63236373abfe574f2935a0e7024688b71ccb

                                                                                                  SHA256

                                                                                                  992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

                                                                                                  SHA512

                                                                                                  df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
                                                                                                  Filesize

                                                                                                  53KB

                                                                                                  MD5

                                                                                                  68f0a51fa86985999964ee43de12cdd5

                                                                                                  SHA1

                                                                                                  bbfc7666be00c560b7394fa0b82b864237a99d8c

                                                                                                  SHA256

                                                                                                  f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

                                                                                                  SHA512

                                                                                                  3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  4KB

                                                                                                  MD5

                                                                                                  d1392cdd6a9b5da98c761c6f7a070991

                                                                                                  SHA1

                                                                                                  97291dd129844d79bfed472b0dbe6242241c3720

                                                                                                  SHA256

                                                                                                  6790d0de954a9ce5877026fa21287175c483728038278a172ca1e07ff46d7334

                                                                                                  SHA512

                                                                                                  e36a5f912c7037e88572a3f185a750a519b9609e2b2dc963a4544a0732eb2e78b6d5f2ad88c850545ef8ac93a446d1c76eff6d1885a52aa56a2ff5bb40029cf9

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  0e9d41c485c04b6fcee74e7be7af40a0

                                                                                                  SHA1

                                                                                                  51951c5b35b7c44ad52669e22bbfa949a6cfb348

                                                                                                  SHA256

                                                                                                  2356a1093290f38edc07354e324112efb0bda9f13da10d898071afdf4e1f2260

                                                                                                  SHA512

                                                                                                  bd97c229607721f211353ecf07bd4772ffbb081dc067792bc3a73fbe6f0464f5077aad0ba4a9fe1d0c137dcf980973e642ed5acfb50b65b06af9adb13f5c50bf

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ba30739a4c5bd0179255a5945593f53c

                                                                                                  SHA1

                                                                                                  183d15ac857c80eeb9e528a63fedc442ae05019b

                                                                                                  SHA256

                                                                                                  e98af8efe6f60c333b5ebe4528b7b130185872c609c93e3f07a45b30da558142

                                                                                                  SHA512

                                                                                                  1a5bc1577ccd103bfa4de2eaa4e0a52ba3ce3619bdb07368a2d076e4d680a45b9a48b2ec04dcc01ed116f01acae8e6f9ce256ee508ae89f86e3afe5485286426

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  3e65e39a234575967ea34bf16f92728e

                                                                                                  SHA1

                                                                                                  f1dfaadca20996d997cbc4a22feb8b6b8a58295b

                                                                                                  SHA256

                                                                                                  621225cc927d1b2d6160616a51862a235257369543484ad739db4f7809314894

                                                                                                  SHA512

                                                                                                  21915a8296278faf21b07b5b7c4f7a2eb71c80af92be6517bb35ba5b6b151b09035f91ebcf312967f32a0050bc98c8466c727a90f5c9f7331a79434458f8e0f3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580412.TMP
                                                                                                  Filesize

                                                                                                  48B

                                                                                                  MD5

                                                                                                  8a09e3d26593109e2d0e8c53fa74fe5e

                                                                                                  SHA1

                                                                                                  2469bc4e506b47806177a046c0c31d4381c3a563

                                                                                                  SHA256

                                                                                                  fd7c12e5822a697f9ccaa0b7c8a3f089f6b92bf6bd05b9538fd543ace2d843db

                                                                                                  SHA512

                                                                                                  d90afde2167314ef9ac36755995f5ca56b4f35ec8f0a6d5b9beb26b0dde0b1c8142824a706f9087ca1b87263c6bc5b7f4295ffe1d39ddca83cab89b94601afea

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                                                                                                  Filesize

                                                                                                  70KB

                                                                                                  MD5

                                                                                                  e5e3377341056643b0494b6842c0b544

                                                                                                  SHA1

                                                                                                  d53fd8e256ec9d5cef8ef5387872e544a2df9108

                                                                                                  SHA256

                                                                                                  e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                                                                                                  SHA512

                                                                                                  83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                  Filesize

                                                                                                  788B

                                                                                                  MD5

                                                                                                  c808d572c738caf47720e0a85ed67840

                                                                                                  SHA1

                                                                                                  55f802c9bf718891124c0514e720e5391ce5f40f

                                                                                                  SHA256

                                                                                                  a19ed54df2dd3b889357db90968f02189c4e00bedaa0468d01fb4d51e6ca8c94

                                                                                                  SHA512

                                                                                                  1fe172023c555c5fc314884bd51801a0fa4f2271c68a75812da1d1d3367f31589e737d20488e27474056696c374fea3904a3870fc297e46e044f424360589d46

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                  Filesize

                                                                                                  871B

                                                                                                  MD5

                                                                                                  47c5045efed40b95192be1ecd0271692

                                                                                                  SHA1

                                                                                                  841cf9e86a5383facbb938d23cc72e6c38c0acbf

                                                                                                  SHA256

                                                                                                  adda9e6db233b9da400ea52103a36c661f2700f8dcb6d27296d5e141caa485eb

                                                                                                  SHA512

                                                                                                  7fcee16e681ec74b39f466eba9942d06acaacba6e63476a4c9b1e30831736b148d85739d535547ee4dd151b86af975bb13011559a1f06f177dcc111e27d034c1

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  c3c21bb77cd7623a4c27d8d6e351ed1b

                                                                                                  SHA1

                                                                                                  a95c2eebbf75045ae08de6577b1de484c589f001

                                                                                                  SHA256

                                                                                                  377231487a9ee713c81c4124105dc31400200e2eaab10db22df25ceff1b954e1

                                                                                                  SHA512

                                                                                                  235cafb357e4bdcd10aab932c436581ee4ebaa291e0a6b350d12ac9aec45cb88a5ed4ef1bc5030dd999872e372e1e98023d44d5217cd206090b2da4996f3d701

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58c02e.TMP
                                                                                                  Filesize

                                                                                                  59B

                                                                                                  MD5

                                                                                                  2800881c775077e1c4b6e06bf4676de4

                                                                                                  SHA1

                                                                                                  2873631068c8b3b9495638c865915be822442c8b

                                                                                                  SHA256

                                                                                                  226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                                                                                                  SHA512

                                                                                                  e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  e02b1077e952091abdf03ebc0b7a26be

                                                                                                  SHA1

                                                                                                  b75009a3fdfee46d71e5828023b76884f339579c

                                                                                                  SHA256

                                                                                                  45ded8b3678dfb2cbe77ed1506887c00767a9602488070bba3f63ed5753c1c1b

                                                                                                  SHA512

                                                                                                  8d55a26bb4e324a165d4850de79cbedc60a1ccfa0031694d673014424e6e11050a2e18da0ddf77a76155fbf7cc7fcd5721fb70c2ca9b7899bd7abc505674c005

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  378914cdb529841fbc3bdb6d7f87ec3a

                                                                                                  SHA1

                                                                                                  29ed257e87f4169f7a6ee12e445f002cdc400098

                                                                                                  SHA256

                                                                                                  eea471fb39fd5e6a327181f1b2023fdd9cae19fcdb63b5b7747ce8d93ad1baad

                                                                                                  SHA512

                                                                                                  7309f2d4ededdab9c98932439897ae24aec9ceb57cd0504c693525f41e7ce3e07a36abdfa54697ea9121fdb715cdd656525eccce938d7d2a55e8f13ff2a24c65

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  ad720d636bf1ff18111f9bf2614c80f4

                                                                                                  SHA1

                                                                                                  116f6547fda6516c55956106366b6d9e93b63fbb

                                                                                                  SHA256

                                                                                                  851b51784869e9b26e9540f2c14ad568dc3a4c952665d46f9feedd3568637e5d

                                                                                                  SHA512

                                                                                                  4e882c0146618441b91c514ff4ddcc042d6dbdf371f92218e2ea1e34c14779f2688bf32c6afd5b6412e1eb873990610d1d1f3e599fab8defa2c626151204cb9e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  c989dfff8bb27c5b419e557c0eeab2a5

                                                                                                  SHA1

                                                                                                  0d7d1ae70bf8d91f2848d5413a179e073571bdad

                                                                                                  SHA256

                                                                                                  e5f16bebd0e9e27e49194f239606100a536598f08a43ad306be9001ea63adc13

                                                                                                  SHA512

                                                                                                  e4452296d5083db4fd6ffa253d6f093245f3ee4a564e49f9d3789cfb10191ea63b9353c76f5a74dae0d57f6301621cae44d4507f1238cdf23c994be7fe67c561

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  e98028e34cdbb22e9c02280dca54356f

                                                                                                  SHA1

                                                                                                  f6d8a4c1216f91909c0a3add312d977abe0af4c5

                                                                                                  SHA256

                                                                                                  901f088faae953e0e0f3a2c0a833f31b1436e065e47326b71f0b2071dfcd5558

                                                                                                  SHA512

                                                                                                  0e65acb130832344b8b4a881f5a98777f812f95b8e4b4a1e1fcf3e9cc73d02f084a3ff0c8a04f876a4ae604f420bfc93e558dfef7fbe159625c6ce89c0e0489b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  b89f06c67352b10d8a9be04b02125e10

                                                                                                  SHA1

                                                                                                  4898bc124c09c0bc488758e8e3d3f704b5cdca59

                                                                                                  SHA256

                                                                                                  e92cb20389606ecf93696f02f7984b51bfd51412b40e822fe6450c969fd7ec7e

                                                                                                  SHA512

                                                                                                  7b0665bf00642d9312c1687de0b96b3a469dfb8ddd37db3c9e02cc89accce0f2e1ecf5533abc7e080047f3386cc747fd79dfff897aa6914f31645637206dc8d9

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  6KB

                                                                                                  MD5

                                                                                                  a840f2ab5929e5b934bef4eb80d17872

                                                                                                  SHA1

                                                                                                  84367103b0b19c926fd291e330ab6cf0f6867f26

                                                                                                  SHA256

                                                                                                  ed00ded5108c43f0389a443c42c9bcdd891950573cdac746d06b73ba9be8d1c1

                                                                                                  SHA512

                                                                                                  2cf4159904db409fcac05216dc08085dcd6a7c3250bc89ec109505749a46b9bf4b72db4a8d6757ef22c52c46d9635b85652e83fa9fde4976d6d0740bb8a1caf3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  5KB

                                                                                                  MD5

                                                                                                  c99a586c5cb548b77d1a4d8a81b358a6

                                                                                                  SHA1

                                                                                                  edb0d3c1139540103080c9f64334d7c90cc40118

                                                                                                  SHA256

                                                                                                  67be63b1bc7cce5965167189fe8a766a0921af0a179cca2b0a82d61b83521f81

                                                                                                  SHA512

                                                                                                  0b14e482e68e19954b1a8006b976e3a9c7fbfe52deb4f8dbc8fd4d65c72238ce7a0e2d2b9799264e2e828f1913cd9e834384ec490500950ad21c1be3feb4bf43

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  9fc02e9bcd66f102b58836defb85dbdc

                                                                                                  SHA1

                                                                                                  97055735e9b254a3cc9e4dcb01e4e27cb4970e0e

                                                                                                  SHA256

                                                                                                  7cb539e2c9a8186db0aea93b9a3890e76eecc81773e7b7719f501c2d4610ec99

                                                                                                  SHA512

                                                                                                  c48fbfc5fcd6a6db292cd4b6922758ce058ddefb303b785976bffe344d2eee5208970085be88ba6fac5cead337954dbfb5e0c4c68f5dc8aea7685422af38c14a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                  Filesize

                                                                                                  7KB

                                                                                                  MD5

                                                                                                  2b217da68d1796e4bdaaba7826475880

                                                                                                  SHA1

                                                                                                  ffc41da01e90d46681162d51f912f9783a23acc8

                                                                                                  SHA256

                                                                                                  520019bdc9eda99faf8dbb2a826228f8340d1ea09d20b05345d33fa57f097e3e

                                                                                                  SHA512

                                                                                                  558abb7f14267912505a4cf7a3182f5d4309426e45f4da1535c90232620fd931bde4c7929ca9e53f0f585b7a0b085d514732782dd618f3e55b3198e1cdafc286

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                  Filesize

                                                                                                  24KB

                                                                                                  MD5

                                                                                                  6e466bd18b7f6077ca9f1d3c125ac5c2

                                                                                                  SHA1

                                                                                                  32a4a64e853f294d98170b86bbace9669b58dfb8

                                                                                                  SHA256

                                                                                                  74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

                                                                                                  SHA512

                                                                                                  9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                  Filesize

                                                                                                  24KB

                                                                                                  MD5

                                                                                                  ac2b76299740efc6ea9da792f8863779

                                                                                                  SHA1

                                                                                                  06ad901d98134e52218f6714075d5d76418aa7f5

                                                                                                  SHA256

                                                                                                  cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

                                                                                                  SHA512

                                                                                                  eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  362ec5955ef089804222d3aa4fb2d841

                                                                                                  SHA1

                                                                                                  54aa8759e906d3419cea7a264e045516b0f13eb5

                                                                                                  SHA256

                                                                                                  049463a3e748e464251c6084f4a7e6f289ecbd2cfcb32db42cf9107c0e74429b

                                                                                                  SHA512

                                                                                                  e4e1eac206e8524bbd8191f463fba0ab058837a3dfa13cdc0711b86cfc98902d422f634a344495b1d1cb609a202876d289723b38c6fe3496065c65f3b4455ae5

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  9746a6cb7d14814ad68de6abd4df6d2e

                                                                                                  SHA1

                                                                                                  ec161c0ba72b0f297a1705d3cc409be0300b9478

                                                                                                  SHA256

                                                                                                  b781a5c3d88ce36d9f6ed15ffd0a05ef9ddb8d31a74f746c9d6528a358d1bc7e

                                                                                                  SHA512

                                                                                                  15e2d0e7b8f0c0bd591ed9c791febe22ad579f6b39dc55c988cd696e3ecb15ec17f6001226bb461ed2ec9373201286251f1556a42eb37b6cb5be452ce4ac787e

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  874B

                                                                                                  MD5

                                                                                                  cedbcd634a107545b392409182a7a617

                                                                                                  SHA1

                                                                                                  37985389a1059f03602b799622464291864a84be

                                                                                                  SHA256

                                                                                                  e0c4438471965ad7ac0af8fd7e8785c05e6cad12eadf26a21fcfd9b255a9e7d1

                                                                                                  SHA512

                                                                                                  219260ea9732e407d280a754c90755ce2cd3622391abee562dabefadb30283adaa24bdd77d91710d9005807fa792c0be7b33d3016da89cffd1e2adce95fab1b2

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  71e3c9015da40af6c83310adcddd1511

                                                                                                  SHA1

                                                                                                  30eb93ae14a2d6dafb203d69070263ef86792efd

                                                                                                  SHA256

                                                                                                  d8ce30bd01e497df290a9b90b89116c0840c9080b2acc4f46d9c03953ffaa3c4

                                                                                                  SHA512

                                                                                                  bb1e3014e696e4f81e3797474742c8116428f1c198e4b82b3f963e7f856bddfcd554d135c2956b4b901b74c82fbd8d1bee1f53db74eb71fc56dd134029b52f2b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  198a78e546cf6a112e683f82bf0fb949

                                                                                                  SHA1

                                                                                                  a98916fb8887d1162d71a618fac1cd7f5afb058e

                                                                                                  SHA256

                                                                                                  3b369205659a9b33dba7640adbd69f91da9af0d17103f8dc3c6724a73d04018d

                                                                                                  SHA512

                                                                                                  4e3e58cb68d29828eeab039f1e6329856e2404361589c3bf53b8fa9287369c9ede906603353a1fe729df029983511836734aee47b935b515de1bdc1c2e0e1b3b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  2KB

                                                                                                  MD5

                                                                                                  9dbd053255c4c5cd2bae2b429fc99229

                                                                                                  SHA1

                                                                                                  67891584b102a4d3c44961ad7d11dbb617e8feff

                                                                                                  SHA256

                                                                                                  01458c0983f23c551e3fc1594f2991e298ae8f53fc720545f0edf64f099197e6

                                                                                                  SHA512

                                                                                                  8211cc48f8db2d8f5406b41ffa5048691b0b629e2144f29a8c8f89c92bcafa5a1ad9249f569306f389f350900d99013c741e8e6c82221485851be95892cee131

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ef45d14ebc520fa7cf998b4af3db9410

                                                                                                  SHA1

                                                                                                  386e1d23d8f68678facdba6272fbb06de24be061

                                                                                                  SHA256

                                                                                                  363f65bc2b9cc9112242036950dff0df399f3434bd96897e351e8619c8a2fee8

                                                                                                  SHA512

                                                                                                  b61fdf2bccbad5393d693aaa12cf1b869217317cb338566a26c9cd36c49a1a2ebac072162a148caa5c9cfa37787b73983d919cf95bd4e38b99a6070e5374934f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  1e1ee15c28ea6c47126b4035605fc5af

                                                                                                  SHA1

                                                                                                  fe7cdb4f2a32f668bc79d80f689efbe3f9d20f44

                                                                                                  SHA256

                                                                                                  135489a7e988ec489618aa5b036c7729ce44ee5f155eede16c5cc99abbc18235

                                                                                                  SHA512

                                                                                                  797cc899528d0d6af4dc541803576f9c6d6e760c51e2105c7a6a8a0111af2658bfe348f760e0104cca3802f6f04c3983c73c8a3aac747ff0495250df925ff4c6

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  17257eb73418c692dbc273faa2af450c

                                                                                                  SHA1

                                                                                                  3da887489023f9d82301622b79a87c1425593ec1

                                                                                                  SHA256

                                                                                                  73582db4eedd7b3025f4d1ba508ac0baf44efcf32d49627a245f2c94970efc76

                                                                                                  SHA512

                                                                                                  4063b49eaa4311e77ec42f83fc2e194351903e4546d15b22fa62410f01618331e662835eb5cc53aec62f1dab04db05b645965711436086a934b8d68aa4edc78b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                  Filesize

                                                                                                  1KB

                                                                                                  MD5

                                                                                                  ba27c86920f82e02f7a697b54ec146cb

                                                                                                  SHA1

                                                                                                  d64ec7cc370f26ca2a6b573f1e7695f0bd70af36

                                                                                                  SHA256

                                                                                                  469c47053369ff3ab344345886c9dfd02db69e6d66f43fb712aba1b0247edbda

                                                                                                  SHA512

                                                                                                  21114d7369afa8859ec589eb89154faa64319eb90a3a47fc6392c13e0418e137225ec0a5c3a33bc0f9bd48239fac0de205dfd61ddeab5671e889d6b03132761a

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5875a8.TMP
                                                                                                  Filesize

                                                                                                  874B

                                                                                                  MD5

                                                                                                  6831fc5cc2e70a0e2cc1d929f90575d0

                                                                                                  SHA1

                                                                                                  78fe2f51f7851be6efb311733ffa57f69e1c0e76

                                                                                                  SHA256

                                                                                                  9ca4e16ff5b8a8cac7291fe39b2a29b59f0b2d93e9c9b98c6acedc192e1a428a

                                                                                                  SHA512

                                                                                                  597500cd91913dbeda6d7eab3ea6507b18bce09910cc01471fb655ac138437ff6e395c6d6f27824906e4a2fd6ef26c4c0ad036933f0e8ca9877da9663b5b29bb

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                  Filesize

                                                                                                  16B

                                                                                                  MD5

                                                                                                  206702161f94c5cd39fadd03f4014d98

                                                                                                  SHA1

                                                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                  SHA256

                                                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                  SHA512

                                                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
                                                                                                  Filesize

                                                                                                  41B

                                                                                                  MD5

                                                                                                  5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                  SHA1

                                                                                                  d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                  SHA256

                                                                                                  f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                  SHA512

                                                                                                  de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
                                                                                                  Filesize

                                                                                                  16B

                                                                                                  MD5

                                                                                                  46295cac801e5d4857d09837238a6394

                                                                                                  SHA1

                                                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                  SHA256

                                                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                  SHA512

                                                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  f8aeeb19e18f3358aae748217f359001

                                                                                                  SHA1

                                                                                                  8e7ea2114cb697b280ad3a43e6a11e2557077185

                                                                                                  SHA256

                                                                                                  cc9f3ff2e8e7298118c016443a3beb03447b3cea77d8415c4a29d8296dcdf3c1

                                                                                                  SHA512

                                                                                                  f28e491bc1e61e76412b3ef9de9164b15b17054b39bf493ec665913c955b4bf064fb29c987874a2b9d1630395b3a122060dfcf5c1a2b27a92f8f8047f71c7452

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  868cbc433eb26b5d6ec44bfb0a3894a8

                                                                                                  SHA1

                                                                                                  63de8b6a59263e0e66c7476941cd4d4fc2d74890

                                                                                                  SHA256

                                                                                                  e01c606fd637ed8ac2a43341201b558498f5dd36b486e66894685256589d6578

                                                                                                  SHA512

                                                                                                  e6b55b21b3e520fe58146e3273a1ff8168895a7b9ad1d375302a4ae92400f52b3a7b67aac5dad50ef0ccbce5d2de30787ceee6510dc590487c23aceb7aa9f04f

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  9364b8532785e97e271c0526804949ea

                                                                                                  SHA1

                                                                                                  2c69723fbb7e04acc0e0db4701a7df9f0e31f655

                                                                                                  SHA256

                                                                                                  922927c11664c249f221914c49c0c8b53c36f1eb20c0532c8a19d8d9ba4ba444

                                                                                                  SHA512

                                                                                                  ff69a4200b12fad79be5bb0de25fe9cf89cf74d6c5ce9583e553e312400f5401108ea90b8ee5966581921a13b7f23a6c60cdfd9703fded82bd66c51d6bbb067d

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                  Filesize

                                                                                                  11KB

                                                                                                  MD5

                                                                                                  529bd9df86e9b8c67ae92156f72c4bcd

                                                                                                  SHA1

                                                                                                  e8e48b64eb2dd3ab8bf5f4e04dc188e38a8cc544

                                                                                                  SHA256

                                                                                                  d64860d4ed8dd4fa39fe35877651a78e4cc37ef82e2d8c1f1d46d88958d7e2eb

                                                                                                  SHA512

                                                                                                  b02b83801843c46ca62c036eb1ff7302b79464272d5bee3c4053023850ea35119931aed45faf0a0bcae957e039a6eb3309ab9e276eed9922c57db13564a5b7a8

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  3db0961c5a989770da627256938e92d2

                                                                                                  SHA1

                                                                                                  bdc8f4b25dca6353ddb37004ee984aa9a8d6543f

                                                                                                  SHA256

                                                                                                  8d69a31f562713fffd2961e3264e51dd9a0f439c7d20f2ced9436104e95f301d

                                                                                                  SHA512

                                                                                                  5f612db9c0983997c6dfa38b297c106a1fe196e3e988c132a102652610c417b7a3ccc999631d56e25f25f9bafa6d02bfb13bba9a4e0ca5e0f4980f65618fca31

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                  Filesize

                                                                                                  3KB

                                                                                                  MD5

                                                                                                  7024abf8edc33fa23c942030f07ce96c

                                                                                                  SHA1

                                                                                                  a99698f6f5552eeb81b809ad6f74546331f988b4

                                                                                                  SHA256

                                                                                                  b590b1187a94046cd30510fdac196fa12f5070f1ff3db3eff1a5e6f3b3fbe9c9

                                                                                                  SHA512

                                                                                                  eb8d669bc926295c555a6515642e2d08e561cd3c531e42285e14a678eccc5e6702ffc2c7e9cfe1dbdc0d7888f7970f4c0e3ccc0b80dd97f12f4253d13c365944

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                  Filesize

                                                                                                  10KB

                                                                                                  MD5

                                                                                                  b30c0d27ee0a7f766a8c1e02e37e13ab

                                                                                                  SHA1

                                                                                                  7602eb4b6142bea2200a38ba76ceae7e9dfc0bc2

                                                                                                  SHA256

                                                                                                  a5497ca108dd12f5258102141f20c87594ec72e67108802e875526d4b4bb8d75

                                                                                                  SHA512

                                                                                                  6f85f348426c5a714c9d81cb7de62d99d2db6e1304c88466299ac1253ec88b5e74d7fd48147d9d57b333e887eadd4cf87b7e8be36ad426f58e7db8a805d38074

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                                  Filesize

                                                                                                  8KB

                                                                                                  MD5

                                                                                                  f2bc1a400cf61a8a9ed4651b9c7d7f20

                                                                                                  SHA1

                                                                                                  6c0dc349871c3d4248c574eae3b44c0e69840386

                                                                                                  SHA256

                                                                                                  65714d90f912e1e3e042dcfb33e853ddb579e909edc2bea124d1c0e234a78b9e

                                                                                                  SHA512

                                                                                                  0a4d0d8e74c8b113afc1d5cc76bd4ed9c0750bd41898b174da38bc85d958a353ab05e9fa34de51aa3ee7b0d585299fd56ab11fe75bd5de139710c96999bc1bc4

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\ScreenScrew.zip
                                                                                                  Filesize

                                                                                                  104KB

                                                                                                  MD5

                                                                                                  b79554fbb0dc8dfc2382b39b5dd3a6ea

                                                                                                  SHA1

                                                                                                  c92e557a8c1f756108d80d7af2d2bf8c8ca0c3e5

                                                                                                  SHA256

                                                                                                  ab7d15cf7d327924602b5cd6e6ad43306573ca14198a00d8b5cf3a5ed532f8c4

                                                                                                  SHA512

                                                                                                  cd88011fc6e0c6377362a0563caf8e0494d622ff74202dc4fdae88f4ccc62727d01523e8e0a430db49b895a793f7cdc718ae96640a7fc839ee94b789f6ccfbb6

                                                                                                  Download Submit

                                                                                                • C:\Users\Admin\Downloads\Unconfirmed 714258.crdownload
                                                                                                  Filesize

                                                                                                  116KB

                                                                                                  MD5

                                                                                                  41789c704a0eecfdd0048b4b4193e752

                                                                                                  SHA1

                                                                                                  fb1e8385691fa3293b7cbfb9b2656cf09f20e722

                                                                                                  SHA256

                                                                                                  b2dcfdf9e7b09f2aa5004668370e77982963ace820e7285b2e264a294441da23

                                                                                                  SHA512

                                                                                                  76391ac85fdc3be75441fcd6e19bed08b807d3946c7281c647f16a3be5388f7be307e6323fac8502430a4a6d800d52a88709592a49011ecc89de4f19102435ea

                                                                                                  Download Submit

                                                                                                • memory/3540-1437-0x0000000000400000-0x0000000000438000-memory.dmp

                                                                                                  Filesize

                                                                                                  224KB

                                                                                                  Download

                                                                                                • memory/3540-1439-0x0000000000400000-0x0000000000438000-memory.dmp

                                                                                                  Filesize

                                                                                                  224KB

                                                                                                  Download

                                                                                                • memory/3540-1450-0x0000000000400000-0x0000000000438000-memory.dmp

                                                                                                  Filesize

                                                                                                  224KB

                                                                                                  Download