Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://87.120.115.16...

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2024 22:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://87.120.115.168/sex.sh

Score
10/10
gafgytbotnetdiscovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.115.168:23

Signatures

  • Detected Gafgyt variant 1 IoCs
  • Gafgyt family
    gafgyt
  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

    botnetgafgyt
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://87.120.115.168/sex.sh
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3776
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bd7e46f8,0x7ff8bd7e4708,0x7ff8bd7e4718
      2⤵
        PID:2496
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:2372
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3312
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
          2⤵
            PID:1060
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:3324
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
              2⤵
                PID:632
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
                2⤵
                  PID:372
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1944
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                  2⤵
                    PID:4552
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                    2⤵
                      PID:4828
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                      2⤵
                        PID:4172
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                        2⤵
                          PID:1192
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5488 /prefetch:8
                          2⤵
                            PID:1476
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                            2⤵
                              PID:4992
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:4132
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                              2⤵
                                PID:4148
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6176 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4168
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                2⤵
                                  PID:3176
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
                                  2⤵
                                    PID:3244
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
                                    2⤵
                                      PID:1488
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5712 /prefetch:8
                                      2⤵
                                        PID:3916
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6764 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of SetWindowsHookEx
                                        PID:4996
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
                                        2⤵
                                        • Modifies registry class
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of SetWindowsHookEx
                                        PID:3748
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,179694797848352944,5200563361866474014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4996
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2584
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:4000
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                          1⤵
                                            PID:4040
                                          • C:\Windows\system32\OpenWith.exe
                                            C:\Windows\system32\OpenWith.exe -Embedding
                                            1⤵
                                            • Modifies registry class
                                            • Suspicious use of SetWindowsHookEx
                                            PID:372
                                            • C:\Windows\system32\NOTEPAD.EXE
                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\sex.sh
                                              2⤵
                                              • Opens file in notepad (likely ransom note)
                                              PID:3600

                                          Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            0a9dc42e4013fc47438e96d24beb8eff

                                            SHA1

                                            806ab26d7eae031a58484188a7eb1adab06457fc

                                            SHA256

                                            58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                            SHA512

                                            868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            61cef8e38cd95bf003f5fdd1dc37dae1

                                            SHA1

                                            11f2f79ecb349344c143eea9a0fed41891a3467f

                                            SHA256

                                            ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                            SHA512

                                            6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                            Filesize

                                            215KB

                                            MD5

                                            2be38925751dc3580e84c3af3a87f98d

                                            SHA1

                                            8a390d24e6588bef5da1d3db713784c11ca58921

                                            SHA256

                                            1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

                                            SHA512

                                            1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            1KB

                                            MD5

                                            b2baaba8b60a76b21de357b2040a003c

                                            SHA1

                                            3ecf2767ca9f9e5105d1cccdc85bfed648de1d92

                                            SHA256

                                            1e1cd934bfb9fb7db87a910aa96e6ffacc3e57f2b808594cc62bb7509c1c1a6b

                                            SHA512

                                            2baf5ae537b01ff3809c020eb86d09aaf09b66871c720b9a7181ee31b854234c22feeb93d912bd67bb516396662c6b88709c3b2e747511325d54b60d005c585d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            2KB

                                            MD5

                                            be45fb0b97d7ccee30a1cd62ba8db48a

                                            SHA1

                                            765100754009cc73db3c4c68a1b690a7671475e6

                                            SHA256

                                            3662934352c011ef530b93c13e8e9b08990b15896c6017833df499be609f4c4b

                                            SHA512

                                            cf0cc9bb752a53ee0c51aea9f16edfa8f5d75c33f40c74b94420743ef73f36efcc442e3167d647de3a47c6a8f6c2f2efc4b7c8309fe76ac45501cb3a9147d1dc

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            1461669e42ec3feaf577d9478bc7bbd7

                                            SHA1

                                            10a0d170feef02738eb57c1f4a2dc7d7449f64e7

                                            SHA256

                                            17b27aaa2e50f4dcf817a66db4eae7d54249973acd9fb1994e4d0c184bf8c604

                                            SHA512

                                            f1217b6f5ce06b649f8f19ab063ad5cd9b7867cdb0a1576e772add31803685536244f1648098d35f8a0cb05d37de0d24f7e79c402330b23359db98725fbf4ff3

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            8KB

                                            MD5

                                            b2ef670d574a441895c1421713bcade0

                                            SHA1

                                            5c47d68c0d7b890b42694575350a82303c9b64de

                                            SHA256

                                            cf1b810353f115cb40ab3d2ed91fc23c8403b23fc7718fe7376fb645b2a37c75

                                            SHA512

                                            98da1b57ab04043faff429d68c507501ea75f71bdfebed9fb4f4048dbfda62c4ea89c2b83f5896dd216c9e9883b5750f1736bded6d7d82daf1673e53e19da78d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            59159e937ea7b00df36722081651cb00

                                            SHA1

                                            6d8108464f5bcb51af1114cdfa0ccc62ae846d3c

                                            SHA256

                                            32119c0bfc6bbf256c68f3472d0540a0d18b5a5824b201746c05f35246d570d6

                                            SHA512

                                            a95746b21fd9a37c2565d137c365c5d481f7d846506314494ca37fe56afc4977039ec11f6ccec5f9dd907885765fd2ff06c3a2c2b24127009069628999ca06b1

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            5KB

                                            MD5

                                            666b37232ff3b3823c628e2bfc8cae59

                                            SHA1

                                            2ade16815f7778461963deab1ec93a8bb1639c7e

                                            SHA256

                                            aa8eedd09b46a9ff662e41b26a72c5ec6db98877c6ba9739be00d25fb20972b8

                                            SHA512

                                            a2a3aa7e2dc86d89d5f6d0b2d76be39934f07f803b888a61e313b0f60f435e57b55efc440fc6c066a44081489a82bcbeafd164663121824c338b926cd3d333cc

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            fa06efb373732dd4d396b1e2944e4cd7

                                            SHA1

                                            e9fd014dfe70e11d699d187aa7898f289cc21c37

                                            SHA256

                                            deb178d9154a3fb72203df3f3da6f379c6e2823e89d4c8364825ff5597694ce8

                                            SHA512

                                            68bf9918e948ab782a147a61bc56fae9820a566b776afbce87a22e387dfd97c16e6c7a1cc723a429f09c8583496547980022dabcb66de0981f15a56ba12315a7

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                            Filesize

                                            72B

                                            MD5

                                            52aa7c0fb51424e12b4acb075324da62

                                            SHA1

                                            2299733c39a258160e472252815d98a3e0a094ef

                                            SHA256

                                            ad90932dc0e2fb64d14ef040469311a9a986062f2bd2df6cd03dfdc8b49bd544

                                            SHA512

                                            a972994444a1720070248ad6b4cf0217e92a880d13841c0909dcdab2b57d76ed3d608e723a7dddf9db8b54a29fec4e765af483eaeaeb68ac853b05a556a3213a

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe591498.TMP
                                            Filesize

                                            48B

                                            MD5

                                            fc4e70d14a2dbff87586357f1d2f4594

                                            SHA1

                                            1ac61fde53fb41ac1a18a11e540142cda6d5d30e

                                            SHA256

                                            2efbb40de4dd035f6fea04e837f51644154ae84bb96a2d84f94a455829359dab

                                            SHA512

                                            e83134eed855b0bf57b829ad86d7bb603aff811271d31ee9bee01767425e72967b001ad1455e449a301f2dc8050bf6888d8f057d9418ca9b0cfb2275d165ff4e

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            128be468fbe1984ca79f49bf07dd496b

                                            SHA1

                                            d0fd760e5659a5888b843d96afae89330d880ccd

                                            SHA256

                                            e7d73c22a5a1c5eab3185a8b82a5e7ab4f630afa7092cc74665945266c39e1c4

                                            SHA512

                                            8cfb7ca3b71e4822df92ff7aba62915671c2ab7d905d61d84f360991e8f0d29584b3c5dffa856ac646215cba7ce937f480dddda82be6cbd849dec7a02f4e3228

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            ba4194f6810c89ccc7a95aed05fcf8b0

                                            SHA1

                                            bb710d9fe142f7c7f0b1d3f720c4720ec5b7805f

                                            SHA256

                                            ca847ce8e27c090b5d26dc106c9a2c6ffecdd0e5bcd7acbd191fd6c4289d492c

                                            SHA512

                                            3e40953cc1a9ee4b33383201b0f449bc8cc27e186e4de33344c8b73cef39bb15f1c16e4378569332c7b7340242629c035cac4424c5d6a40ced5a84e01fb4d0a8

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            10KB

                                            MD5

                                            25d1b6f7de58ed3ccd1a603f1093b004

                                            SHA1

                                            88a1bdf384881924f33fd6d21e66d0303f9abfe7

                                            SHA256

                                            4c6915cf453a7fbc22b38089c7a9d5d11276fdea0aa61385b29ce7b2b2cbc67c

                                            SHA512

                                            82432e6f27f749119fe500cf525a80d5592c104fd8542ae8f394706e29f9b0ab2f2727bb9787847810f67a2ab5f0f5ab250f152fb20444bbcc7e3741f90cd898

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            652645e411c993cf7ae709dda71fac63

                                            SHA1

                                            1cd7dda7e301419071e3245ac2264ae3aeb5a506

                                            SHA256

                                            076ca22496a253215702a1d591666cfd24fc5ea1a16d5cddbba0e911e69c0dcd

                                            SHA512

                                            9d0491181df043e7387226d16939eb546bd0dd3b2fa33dfcd57f8ab07646a7537750b142a5b2529f12fe962e80c041e75d8d643581e1b6530e4eaf37c2fe5784

                                            Download Submit

                                          • C:\Users\Admin\Downloads\mips
                                            Filesize

                                            148KB

                                            MD5

                                            87e0d903a571fcfcca6775bd599d4f2a

                                            SHA1

                                            9d5c8f78a5505e4b0a919d620ba6686af5ef5651

                                            SHA256

                                            1b87993b8c4aeb9bfdf718c7feef1f239f2ebcbcbd5a57e20a54d15aec8ace7a

                                            SHA512

                                            afdc4156c36a365821fc4910dbbc293177ea2e21b3565412337fae1574abda0d651cfe150e0bea6baccde3331d5a5e08d18bc91e509009431916706d82394717

                                            Download Submit

                                          • C:\Users\Admin\Downloads\sex.sh
                                            Filesize

                                            1KB

                                            MD5

                                            3189d19ad6f6f1da0267b0390a050ceb

                                            SHA1

                                            eadeb7723eac480febdf3a5dba6452c0f8e1b710

                                            SHA256

                                            f970e2afe2d0fab6fbf2eab0e3d1e555d3fed10a6bf1b7929069f12689d28985

                                            SHA512

                                            143874393ca2612bbfc81d451f16c45eab4c0c119fe0fa63a3ce6c74baba6dade2d0a241694dff2d4470228853f82dc6d4dc2ede4f18128de2c70cb27ac9a526

                                            Download Submit