floxif | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Analysis

max time kernel
531s
max time network
532s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
29-12-2024 14:11

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

10^/10

floxif backdoor defense_evasion discovery evasion persistence ransomware trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\winnt32.exe"	NoEscape.exe

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	NoEscape.exe

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x001c00000002aac8-1684.dat	floxif

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	NoEscape.exe

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x001c00000002aac8-1684.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
3228	Floxif.exe
3840	Floxif.exe
4908	Floxif.exe

Loads dropped DLL 3 IoCs

pid	Process
3228	Floxif.exe
3840	Floxif.exe
4908	Floxif.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	NoEscape.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	NoEscape.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
37	raw.githubusercontent.com
103	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\noescape.png"	NoEscape.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x001c00000002aac8-1684.dat	upx
behavioral1/memory/3228-1687-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3228-1691-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3840-1695-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/3840-1698-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4908-1701-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/4908-1704-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	Floxif.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\winnt32.exe	NoEscape.exe
File opened for modification	C:\Windows\winnt32.exe	NoEscape.exe
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 3 IoCs

pid	pid_target	Process	procid_target
240	3228	WerFault.exe	144
4604	3840	WerFault.exe	148
1204	4908	WerFault.exe	161

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NoEscape.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Chromoxide.peaceful.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133799553067160065"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "200"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	msedge.exe

NTFS ADS 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 410142.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ChromoxideTrojan.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\index.rst:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 549686.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\NoEscape.exe.zip:Zone.Identifier	msedge.exe
File created	C:\Windows\winnt32.exe\:Zone.Identifier:$DATA	NoEscape.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
2892	msedge.exe
2892	msedge.exe
4788	msedge.exe
4788	msedge.exe
2600	msedge.exe
2600	msedge.exe
1492	identity_helper.exe
1492	identity_helper.exe
4208	msedge.exe
4208	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
692	msedge.exe
692	msedge.exe
4308	msedge.exe
4308	msedge.exe
2528	chrome.exe
2528	chrome.exe
4896	msedge.exe
4896	msedge.exe
1040	chrome.exe
1040	chrome.exe
3568	msedge.exe
3568	msedge.exe
1048	msedge.exe
1048	msedge.exe
3560	msedge.exe
3560	msedge.exe
1824	identity_helper.exe
1824	identity_helper.exe
3336	msedge.exe
3336	msedge.exe
1960	msedge.exe
1960	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe
1680	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2528	chrome.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeShutdownPrivilege	2528	chrome.exe
Token: SeCreatePagefilePrivilege	2528	chrome.exe
Token: SeDebugPrivilege	3228	Floxif.exe
Token: SeDebugPrivilege	3840	Floxif.exe
Token: SeDebugPrivilege	4908	Floxif.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe
Token: SeCreatePagefilePrivilege	1040	chrome.exe
Token: SeShutdownPrivilege	1040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
2528	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
1040	chrome.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4904	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4264	4788	msedge.exe	78
PID 4788 wrote to memory of 4264	4788	msedge.exe	78
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 1192	4788	msedge.exe	79
PID 4788 wrote to memory of 2892	4788	msedge.exe	80
PID 4788 wrote to memory of 2892	4788	msedge.exe	80
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81
PID 4788 wrote to memory of 2220	4788	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9fe63cb8,0x7ffd9fe63cc8,0x7ffd9fe63cd8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,2193146588164323439,12522325797184347550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffd9b6dcc40,0x7ffd9b6dcc4c,0x7ffd9b6dcc58
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1744,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4676,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4740,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5316,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:2
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3736,i,16183021518971759429,629595843358850335,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4936

C:\Users\Admin\Desktop\Chromoxide.peaceful.exe
"C:\Users\Admin\Desktop\Chromoxide.peaceful.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:788

C:\Users\Admin\Desktop\Floxif.exe
"C:\Users\Admin\Desktop\Floxif.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 456
  2⤵
  - Program crash
  PID:240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3228 -ip 3228
1⤵
PID:2832

C:\Users\Admin\Desktop\Floxif.exe
"C:\Users\Admin\Desktop\Floxif.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 424
  2⤵
  - Program crash
  PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3840 -ip 3840
1⤵
PID:2016

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopTrace.bat" "
1⤵
PID:4784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopTrace.bat" "
1⤵
PID:4892

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\StopTrace.bat"
1⤵
PID:5088

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopTrace.bat" "
1⤵
PID:2812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StopTrace.bat" "
1⤵
PID:1828

C:\Users\Admin\Desktop\Floxif.exe
"C:\Users\Admin\Desktop\Floxif.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4908
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 424
  2⤵
  - Program crash
  PID:1204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4908 -ip 4908
1⤵
PID:5108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9b6dcc40,0x7ffd9b6dcc4c,0x7ffd9b6dcc58
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2112,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3252,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3756,i,3154914877570035902,9726678272449071804,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9fe63cb8,0x7ffd9fe63cc8,0x7ffd9fe63cd8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1716 /prefetch:2
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4560 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6660 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7201807981314124523,15707237832235988016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe
"C:\Users\Admin\Downloads\NoEscape.exe\NoEscape.exe\NoEscape.exe-Latest Version\NoEscape.exe"
1⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:3336

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39e4855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\System\symsrv.dll

Filesize
72KB

MD5
ccf7e487353602c57e2e743d047aca36

SHA1
99f66919152d67a882685a41b7130af5f7703888

SHA256
eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914

SHA512
dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
98bb667fc7d700c6b6144094a975d080

SHA1
ea1dfb79b1db7e3973a14a32085445fc21531386

SHA256
ff23a8c24c462246355cd95d7be8ec577adfa213f5394990f7312090cbc08224

SHA512
473c734953eff7ed5e371c5b6db90e4ddebd0c0ddc67da0b4196dd7bc61c683908dc2b0fc90b324190377e8ad52c67e35b2d5752ea0744f77f18ad77df34a8ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
31c32546fd57c1505718208e77d8876e

SHA1
c2ec131235105cb5514d11aacd62f40938128754

SHA256
c3601ae2ea26db400f7a480e98abc570285ada28d1c63da7c254ff0826812992

SHA512
78511bc44cc0c219682da42b31f16dd20a107b81b736917f06055d1b971b6b065f5292e381a935ebd9e094458f69cabd2988bce401c2b93fcb90969162d39bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aba331de7911bc3eba813d073cf1032f

SHA1
94e8ae5f4c49894894bb29849f5813824f9e8644

SHA256
0af14ba87dbc1cd62b0750cbd54c99a9baf6e87172f13ef470e76a729eaef84e

SHA512
115e8aef32f2ba3ac2280e50c68eadd644358bc70fc8cccc5d6230fa8751734e006dd0c6ffc8ea0e7cc7abd47d03afe51c5ed1e1828350180eafd42d16f9db1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
409fff6f0d97cb2414b28b679b50cc3d

SHA1
67bf5e5f7cd0d765bf3072ee4634e68d578cc0f0

SHA256
d20675397e67410cf5bd7155811fb10f00fd3da5d8e6a722abda7aa292662905

SHA512
862370b367f1fa4b68f31be267a6b80efac675624b8e95f49e7dec5de5e84b72de0be4f75d46a351e5c92128fc786a5775465c428baaa53271becba80a6b1bbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6884ed3ae2dfeee332cff11773467666

SHA1
a746a5d85ae8d5f9f5b2bfae6334fbd897e21920

SHA256
4ad01f437b9d5299ac71b0a5a053162390e6495e47a88adb41f676fc5c5c000b

SHA512
92b2735ea8c91d7e5dff5fe37eb6266743eff5c8800c345c4438749a24eb29cefa3ccab404f351594259259b0ee1c095ffc02bc9bd36260432ff4899def97996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a35716e085fe18eb8e55bca10dfd1b71

SHA1
2bd8621140744c087e887e0e7396e973c9eb32c5

SHA256
dba08de53654dc484cd2bbd47c396383f5584f59fa51f5f28d94e67382b93955

SHA512
93746c6c824eaa4452e8a5252a1363f8dd649d5e701acba0d97a345979128745671c20f30e7ab9074b75f88108f0b4df2556fbb71675ba0d69c5054f8a472d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d00a80ad050252a7539e3262545257d6

SHA1
fde68f688cc756fa6b2738232ee74307b0d57614

SHA256
362d5390f6adf6a34423ca381b87a4988033ba92180e0cb8484000043e4a2147

SHA512
41927816d24c7bc5475116041b6296592ae72f2073d437ac5632f572e2ab8dde807fc60b38069606782f872456ba9545fc3976c6c704621b3559935594a13ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
6bb08ee43e2b9e68f5dcd14b6d6e558d

SHA1
72599180d0649835de677d3e348bd5a31d9362c9

SHA256
dbc335a2a09405896952e6a8bbf0648df364894b8eb7f41aa232b0690340c5b3

SHA512
524c1d194de35b76d3c46565e5060bd12f4166834ead331e7ce457d88d1c70962f9f0fadada73189587b21534f87e244900a3c57c8183e102b85e753e82210f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d5345aa87412c55193fa395a8aa9fad1

SHA1
f3618f7107f9b714bc8eb0e5580ba9e2d7cc88ff

SHA256
b12756d80fab96aaff9800a42859b31f63c79d315ceac9da98b27fda0a4a01de

SHA512
9b94636789e12b2e72eb9aaaf52840a75b5a0dd1d6053f57cb408d53cba5d826c600b4ebfd0e55f62eb0862c06874d679a6ea675fb6e941619dc11c63758e816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
88cbbad321012114ca7d958a02605266

SHA1
e924af54fdc02c6312c7df7cc076b025be5df728

SHA256
43f90c4228166abdc4b3c1ef0e3159f0df65743aebb06cf437674e81d365d7ee

SHA512
598534e7c1f0daf3c1e26dae44bd6dc28a8e2b3f7b1d52c0f54c680b5c890853da7f6a1b83ebb545e668859df1abc23886a0fbcf1cd383ca282add1286aca29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
970b7031c499a4032f43cfa5a01a0005

SHA1
2303e9db2ea7869068c4a6f99ea3ebfd7294cb55

SHA256
621092bbd6c08e67721a3178d066e64619af82e452037658b982b6757fb31c18

SHA512
586cbbbbbfea78a36f43d2c20e7239f2030bcad20bcb4e6ff2cac81c46c107d42a3ee0391a2c90e958620554ed4ff0639c03945ba1d50b2bf9cfbac4d3203c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
313b3b732daba66b73679b062793ddf6

SHA1
b61ca551664e543a4065a134994f039a2ab674f2

SHA256
303d96fa9795643093ed30c801d196c4ef741381cc4e06d686fee8039bd29286

SHA512
3a8cd497292b81e983aa1e838182424c6c2b4110eb5b153dd90cbe59e645ac0906c5368ef8ffae9c12838b09de6b15f289f43ddf7a9af43c46645d8d29f7d609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
476a8850a11995a88597679aa9dd94e2

SHA1
b8084df1c47ac3a86618fe6831ee02c33961c2a2

SHA256
6a1415cff35bba7ad74fad73d4b8280b545953d5cccc1116bb726f318f406708

SHA512
321652cda4892beffeb67300c2710249ef22ac68dc890a12e1a5953916c392da761f0d2afda7c45c7b965b79ffe24cbe6fe195c3b7ba9b0cffd83e08175f4b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
957d14ec441820e3b3f4976f26f3fe9b

SHA1
494389261266cb0d4905d83143607ec71a82f74b

SHA256
b66032ba9fa7ccf28310aa693b2fbb7fa40a35a1a6f43b398488178efa066b83

SHA512
64a8e22a56349bbc30fbe4cb9424ffff3681ddcebdc23061d72b178c0cc40fa26832dcc41e7d9b4090357d743d592b807a81fb3ceda36a08d5aa4d003ebfe331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3dd9cfbd004d40cd792ce3ce05a5a06c

SHA1
8cc0dcaf8de4b2102737a6bb3cb259f2e3d2e406

SHA256
092019e02b42e9942d95a58242045d51fa2cd75e96ea5efe5dfc0a56d76d1303

SHA512
98cc2c3d320f28490f0596497ffb83f15915ce3e03f72057c79013c42f95890ee97ad431efd61e9f799832abbdf4f82aba6201a2012ce0bdce229f26a38e6c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bdb5b784bfe3fc7f438d912a5d895d0e

SHA1
fca77a29470a70e867db900e8723b1b000a01190

SHA256
49e811ad9c8e708a4c72dcad39f5718e04a10efe18068bb85382a0f8dd01e14e

SHA512
9f914582a4f5717b132b2903f464347c7202e2a6594c4004fcdb2bfe689581e0f979e3b81a2b120edd84050ab019de3a49d7b56b973dd84ae0c6df821ac13549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
b2a05b8a65acf2d4c569094aa5f0daba

SHA1
f397696fd697ff5a7644b54252fad9453cb8285e

SHA256
c0e413c357ccaaa53159d06265eb4e58da7281e11f6ba64cf4f20eb1e4991acc

SHA512
d28fb4d070abd6eeade411e90b258459276e56c723a26e66c126864551d3e49cb90f6d6f20023ce525377e9659b96b25ddd98a9745f68749c4ddd672e9ba8787

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
27101807f0b3ed1b7e7db101fb8499bf

SHA1
2a1cfda2079ee649e30218ffa3234d7d5f848606

SHA256
a45d02b0f777cdab49542f92cca72a6fb40986cd0ba4cfe403a247fb5e25edeb

SHA512
4b3e7454cc36f22d611e575c1ae5c89ba0855fa8be8c7d3b977e23d9f4b6ce962ff1bd68ee181e5f738978b9ad2d8315ee9ef16821cff8f3c6624a84106e3e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
590e2e9c6629cb24da6a0d24cb335479

SHA1
93ef09b6bf5c3880d5fa32e66a465d13c35b6784

SHA256
b99d3f4853bb7a96ca5d57a00a08538ebfa61af4db5be6604221f536dc2c6abc

SHA512
e267963e8bcaf73366b9d4bbc8d61bf153c974705a131208b1a3c29656043d15b3663b25feda26e9530ddedbaa0cb70a45735d348c24ec9c89611c5bc0d3612a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
df0ddb142227b00d6225e937a171b5f8

SHA1
63cb3cf77352ce6930ac14ff122be58c33b6713f

SHA256
dfe0506d8e08e972a9068c7c115024e0891a7f3c3d16c1174af1b3fd27aca678

SHA512
3cc7d5114475167a3527fd5185639b57e0e3db97508c0284b60eed6323763e7bbd486dbef9d7e3b894a82e26fd8bc4682aa0f38ba26de3a747bb179874c85a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
05598e03ed38c3a0b5f7db0bcce2fe6c

SHA1
325b313027c97d87a115b6ab154a5b49f08cb5cd

SHA256
ae2a7b31954fbf093d08d62036a86b8af99ffefc18c58ea522ed70914a71cfba

SHA512
b636d2f8530a4bfee5c200564dae3b9542c01c58a4f6f5103dc101d87a40982e0b01f27685a8fe36007ab409d2c3b778e9779dfb76f5a8d57b135e27c9ce9e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d317cb06e84df81f67fba4a58f33708a

SHA1
efb2b49000cc3a01b902ab996f4947780902c388

SHA256
88f60dbe582576625e168a41afc1f40d752fc81a9fcc5d1cf5221a3a1d36918f

SHA512
81089d6f621c174da6f572a484b9903a0cb3ba25bd945474c72303bb777d851b91981ed1a6d10b9c1c9e811291d9c1b393f3150a75966a28098583bf029647d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
37KB

MD5
56690d717897cfa9977a6d3e1e2c9979

SHA1
f46c07526baaf297c664edc59ed4993a6759a4a3

SHA256
7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e

SHA512
782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
b9cc0ef4a29635e419fcb41bb1d2167b

SHA1
541b72c6f924baacea552536391d0f16f76e06c4

SHA256
6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf

SHA512
f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
73fc3bb55f1d713d2ee7dcbe4286c9e2

SHA1
b0042453afe2410b9439a5e7be24a64e09cf2efa

SHA256
60b367b229f550b08fabc0c9bbe89d8f09acd04a146f01514d48e0d03884523f

SHA512
d2dc495291fd3529189457ab482532026c0134b23ff50aa4417c9c7ca11c588421b655602a448515f206fa4f1e52ee67538559062263b4470abd1eccf2a1e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
58KB

MD5
6c1e6f2d0367bebbd99c912e7304cc02

SHA1
698744e064572af2e974709e903c528649bbaf1d

SHA256
d33c23a0e26d8225eeba52a018b584bb7aca1211cdebfffe129e7eb6c0fe81d8

SHA512
ebb493bef015da8da5e533b7847b0a1c5a96aa1aeef6aed3319a5b006ed9f5ef973bea443eaf5364a2aaf1b60611a2427b4f4f1388f8a44fdd7a17338d03d64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
39KB

MD5
a2a3a58ca076236fbe0493808953292a

SHA1
b77b46e29456d5b2e67687038bd9d15714717cda

SHA256
36302a92ccbf210dcad9031810929399bbbaa9df4a390518892434b1055b5426

SHA512
94d57a208100dd029ea07bea8e1a2a7f1da25b7a6e276f1c7ca9ba3fe034be67fab2f3463d75c8edd319239155349fd65c0e8feb5847b828157c95ce8e63b607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
105KB

MD5
b8b23ac46d525ba307835e6e99e7db78

SHA1
26935a49afb51e235375deb9b20ce2e23ca2134c

SHA256
6934d9e0917335e04ff86155762c27fa4da8cc1f5262cb5087184827004525b6

SHA512
205fb09096bfb0045483f2cbfe2fc367aa0372f9a99c36a7d120676820f9f7a98851ee2d1e50919a042d50982c24b459a9c1b411933bf750a14a480e063cc7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
16KB

MD5
5615a54ce197eef0d5acc920e829f66f

SHA1
7497dded1782987092e50cada10204af8b3b5869

SHA256
b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26

SHA512
216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
65KB

MD5
0c3ecdd95c2f73c55c7e223bdd76a64a

SHA1
e2cfcf25c29ac990426ef168678f3718d9bebd0e

SHA256
f6b14fb731c0874a973319ecb9f91d7c4bb4876fb2bc5c3c78717ed64c6beee5

SHA512
65bed963b5fe8b8ab24b154f891a9aabb2f44dc7c4ba39574dfd472432f52a65049d03013099c0d7db58d6b79c793178178865829e7c7c076dc774d2930899fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
85KB

MD5
0b4a846a3bc87926aa17321ddd253b15

SHA1
cc6f4b89bad450213ab3191f666537d0e1871fb8

SHA256
8250a99222a9a5ff734ef9add59c33c4c0e5373b2b5d4eebdc1babc56d56cbf4

SHA512
9a87366a7e6f0b5458b7cb443035f817d01c45a396ec7245b833879afc387640cdac8100dae568908e0254ab6646b0e6d56228e1e91f4df36c16429f5f4f7ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06cdbb7047afc473_0

Filesize
262B

MD5
194971b84b6d7fe4a5526fd6477cf40b

SHA1
b6d6245e41e02b48e80f279dd8997ea333c3b8b2

SHA256
4f3284127ba79825ae3bbcc2cc22f83ddb7b307b8f37dafded9079f6cfe3cd82

SHA512
5e8503e17048fb306c0cb9d7f4573090c2a47adc73bb48f78f55828ec4c3e2c4119baf2e1abca964baba25641dee9f52284f1a35fe295747b903ced8b727986a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
2e60917fce0cb64258a78cf511643db4

SHA1
c7486e25f458750a3a9ab49a663d2c6a2facdd23

SHA256
d252a109de728b59a3e676b444a9df279aad3ee946f446b30617aee208ef1123

SHA512
bdc3595a905f6a34707680243eab2b0d5ce30a11a9e89ac82aca4ab803e1e84debf44b4ec94752c770cefe3683075b721cef789f5109d2700f9383c94c6b59ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
ed029d05851e9dc032742685ad97ba1e

SHA1
1e6a1ab47071e0a168a0dbc076cfeec86e215128

SHA256
d24b91558c8ad7b795deafb73a40ec90ae0b491d988e4de570a14a1ba426147e

SHA512
6ae42ae9b0b122ddbae5c71a8c9989cb8c082a14e48adf518b455440dfcde11c9f3101210d42f0dcd23ab85aeeebbb8f95525b31c5121c4f5d2928e6512b80dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f4680e8f8f8a14f_0

Filesize
9KB

MD5
a54f04a788d1e169de2ecee860510e23

SHA1
6731a296a19cdc9c713019d24247454df1eaa213

SHA256
e556cf13a5b34d668ac5c989b3cbe054bcd2b4bab8b065eeaa97d102e1fc7736

SHA512
fff448eafcb60cd68700e5f2035fa48a4fd675fb05760d2a1176256639b182bbf12e3db386b326c7e2b77d25cefed73b51027d1c27447c0c1e229f7d4bb9c36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
b68e088fb0cf0accfa32d33bb8a07da1

SHA1
ac5779647c37137087b4af814ce946d93d15cf9b

SHA256
d543f7d12a4c492aeec66d6c06bf7d2736d92f8a6f69b52696a9c464c747545c

SHA512
9c78758154abb6748a7b235f208316b52a8db9c7b6317fb2cf213c75ea81d510a07af4277b728fea183dee02d7aa6dec73352f09127ee2f60851fb0d1d7a0955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
7KB

MD5
1cb2b2d69049e054d62e49faac7734f5

SHA1
1340ff70077f91c2ff1efb25e35e7cd278230518

SHA256
9b0ae9d4b0b7aa6bf4b289fbb7dca93bc8390312dcbee85f88850fb4e0dc91a3

SHA512
2b8749a5189ff6b128ab03352f654bb57ba354d018746a323c76847a75bcef086b2be433eaaac2d78817f7539afcfd12220c391cf324b417b8ce8b78a7e25db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
60c265de60ef4e387ae6a438adbc5ad3

SHA1
9e0c9299296fd5ee13120b1a76d644d72b868ec4

SHA256
9217bf7905e7ad9c20ffc01d213946e14c5258265dd50201e70d4fda4a12ec43

SHA512
4c34771316a97bd7d520682f66a505b9b19456ddeba5744e891a42c073986ab9716d2f41298cefa4be70a0f53ac29b740d90f8128c9c0cffded498b1d7a7e68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
ab54cc594bf457b6e7c6d8a2cb18460f

SHA1
0310a88c3c383dd9d901da0fcd8b4f227e178046

SHA256
7d40ad3a0b13615dfdab22217fbbd81d0711c9560e9a3e81c8a715d66a4a8941

SHA512
c108ff2111c488564784208838b1e1f177e8ecf45942b92f12bd00d0b9bc0381997bd7333d10df09481ba63c8e5b7c259278710e9e69b876d12db65a14b7f920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

Filesize
1KB

MD5
7749855cb4b705771270c4544aaf8aee

SHA1
adb820361b94cb0147ed78aaff2891e7641fdf59

SHA256
4f3287a10a59430f0027f1cb06e2e95f07d178841a64ddeaf995d4361d55825e

SHA512
f74901f33ebf0bf3ecbb33365e542f90cbfa35e72460c0b381f83230f4e10782fbe904a27c7f265b87241962605a46e4574f5a932d5857704fd4b68950a2d8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

Filesize
1KB

MD5
40d7e9ca816b1f825f4a488e35791763

SHA1
8d1de63f2a6d4848de69ded66762f1faf76efee2

SHA256
63e365f6c8e4b0c48852bcc537b9ce563e3a7859a8f2681e4a2e2835ff7f9290

SHA512
7c0228f6c12c13e63ffae76f5300f33cbcdee5efb5427803c23eee7b36fdc01a706665c0b771d3dabbcca56d3c12ff7d304c25fc1130499f5ee5b3b769441f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
19ef9226f7d2eb496f984e2c7534f3b4

SHA1
b5cfee032ecc80457c2f51dd52b455f60b274586

SHA256
fb2fd2603bb2a396beb63a0063c5f07e70444cccf94b6aa9d3a521a8778a14b3

SHA512
7b3b86b88a3be3a1961cac25b809cd31d509254afe9a57c28aa6881c2fd4fffae54efd0c56c32c45166697a7e7d5d0fd5077dd5537e585855615f485fe551876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
b4d2d0bfbf0392a04781c5af1445636c

SHA1
a75d4f7bc5ba7f02d1de462fe04c5f7478df545e

SHA256
b13c67326f63e5f9cc284c1f7f1b28d4f5b6f940b3b9077138cd6a5ce7caf4bc

SHA512
dec5f9ef498bb452c7a5e44bf868451e7aa81628dc56aa7f7bf48837042360e9d017ce8a4dc6343e78299ff124d20bd62af9432154807d53f54c8865c97cde56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
2936f6031d99c174c1994613df396493

SHA1
d3ccd6af4fca44dfcac28d984f1a241af944f052

SHA256
468e02713048250f4a5782b23469e4199b6d89997e0c4d207b220c8a8d96e8a3

SHA512
2a7214751dab1f264b94f9ad31918d3d53f7f7510f51a505fa212310026050df00da76975535d55ece7258733f87b8fc2c62cbe5aaa105ad7ac32cbbe7aa1543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a5e8bb53a565b9f_0

Filesize
2KB

MD5
9b11e9e22bc0812197a7a9f05b1265f7

SHA1
b583b61b266f86c3a8fac3a690f17a031ffee111

SHA256
64609fb2997aed5173a60bb5e16a94cd96fd5c99c56ee5881bc0de56dd181ac7

SHA512
6a06dd1549c17e779412b9dd06a6180ce1630d4ed9f65742f2ee1eaf9a7f89d43f99edc510f7436b3721ff3ed5aaf98df1ce05db530421c33a0d6f4ff336bf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71d68e68ea4089fe_0

Filesize
5KB

MD5
a9a33dc1f558665608c97b8d1c0bb6a4

SHA1
8a4862af9eedbcbb6d34de1e66b4f5f388a3c6fb

SHA256
6b3aeec023800b2966e70f44dfce2e4e600741a11dfd4018a6025598e09f354b

SHA512
884c83a013d4431b6d24ddaab37072cd3720760784639da64a7eb66e9e81ef5edcae6f6e6eeeb90eef7bdcd05630609d108456d611a52cdd0b033d48ed478a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\72863f79a38d3051_0

Filesize
74KB

MD5
d0cd110aadf32c2b1ec7a15ec45c46b3

SHA1
7312b4360eb5c8c48f5ed0841091c61cecb6f5b5

SHA256
3cfd1e3a9379294e63db6c804343b57f1b8df53076e60f5e17858a819a5ed6a1

SHA512
b062bb519ce4e2be7c22d7de1434a7686066030e73bbd0cfe736f3b857398e6fed186a4f398f943ef5fd75b832a777f7216f6bf66f86345b82e934497b995e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
14b0113b70b162fafb55437f0143b15c

SHA1
a987e66d2aca1509ea53cec7f847e9b950338fe7

SHA256
4113feaf2ac03ce80496d0d96e15081d046d8a3e531e3ce06ab9de20635ff594

SHA512
861a93d53faa45a2e5e2bbb02de0d8cbf967a5ecb0a6503d9cb4d62da103a2f74c40c1328af346194164ad4cdcfd4d3987d3a4b7f5954c3e987fef49a49dfbb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\766094f4b47e839c_0

Filesize
9KB

MD5
853bf734d4eaba13e5f378bb8f56da02

SHA1
3c338c9b899154139c35f6d17c33bfd126cc8cce

SHA256
5058708d27be028a0906e125136cdefd8317346f80b03b28b26fe178ed68af1d

SHA512
9621ad95d12d0de0f87fdc7acb5478794c2bc4010eb53bc88c6d53ff45ad69bc03e38cbc54143bec1d2510686eec889846fd9c14eab8f2369121f0281002760e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\86b9cbd77d05d034_0

Filesize
6KB

MD5
b4ae83f6eb69105862e76a80510212fb

SHA1
e5efd80630cc39657615a820f548136078d95c0f

SHA256
37cfdfb653ca044408ba7bb9a137baee4da46d582412c0205f3b4b1c20d3a473

SHA512
43d139f552757eaf3f2c977e42f0d1380d41176ae5be5eb61df647c51840de68a5a3c6ea0f66c6778bcea0bb368e3019c41a7e8188f56dbd9f31395377901cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88139e541ac427fe_0

Filesize
22KB

MD5
fac6fab17b1ea0809f3f751a424923c0

SHA1
3d1506cf6a8032cd4a07dedd94b7a3dc91a274a9

SHA256
a3a92bfe70c6a9a39c63d30d003ca2d4fe3086b10ca2b6ba82bdc1d82bdaec72

SHA512
ddb8e09e5b0f64c8722cbd24d1b3bdc4b468d6734dac48bf5f57ba0baec5e82da5f36f29f7fb2fd31eecce9590b7318ed82bb2fd989c9a9500802ad834e73db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
26df2c91b06c4b7eb31284673d8c9718

SHA1
8d950ae2dcfb64cadde8621b4d58f18701cf8f50

SHA256
6221ea71e57ba61b484aefead3c396ee1eaf1568c7f19ed8d50fc38f7215a792

SHA512
ba97e927585309b11b82fe4eb91b31e0aab5db6c8daf46e070bd38d96c10b878a9e9dd74dd4025a684e75209c9a10606c077529ec2a1d867cc5770a79af072e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
0b0bc6cd966016fdea78c587a5f23075

SHA1
2f58e102dbcc467392f1889960ba72573bbf416c

SHA256
dfbb657a22d4222af4d9470bb0fd0d46d068b580a39738597a3cef18a371979a

SHA512
4e128a0f1a8dce82b1e01f728a36f745cfd8c2e17d37b3089c3de6ac680e81983c93a44b38e3faa9136a0b98642603f136bb6df8064239d8fc0eebdc09b3ea43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\96bc766215a93e35_0

Filesize
1KB

MD5
2b22cc879d1b02f4393ba0379a717916

SHA1
38bb62ce40d1327493cd2f33a4bba473a7f8a05c

SHA256
8de4aa30bc671a3a13e6b14babbc0cd06fe5160ae5189eb4d3a7095adccfbb8e

SHA512
10f5f220ef0acbca03a0176210b2bba073d1f92c31b03a2263723211382afdc56169b89c558afcdbd351738bebb1af40a38ff688e72ef157763fffe46ab8c9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
64cf90ca66561e573bdaafc3d777f261

SHA1
7d6865b0b2e7f4750595e54e3b24133e30aae2ff

SHA256
cbe214c9061be3b32766c4fb86a93b763b907f6f45e873f5b65dcc9a7766c543

SHA512
3e76bc8026adeefc4180bba090880e5c0f1be268b84bb2c868ea1d5ed8404017c5f7d061d5654855a94f09003036c7f3c8038accba457daa80d132cc53c6195b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
ceb38ae845c84bb317c6c8238ceb763e

SHA1
f61f9eebd71e06d771b0efc15b959b871d7ef0ef

SHA256
9ecc2067106d2ff7d321feb1b1993ffe43e02becb57038a680f0960acf34151e

SHA512
44c9ca8aeaee451252cb1bd47523a1a080684b07a05e5aca0ee901abdcd843509bde72980574d804d92c15b2ccbf9e18273682d2c0941dc69df66e8d89c505fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
03bb9cc5b0c20538103fd9da24d661b2

SHA1
9584708e31964eae471c9e029dcd4d1d725136e7

SHA256
8089992b66257a08a34c904a82fe0d26ba8b0feb473c8ba78e5cca9c43a9f015

SHA512
cc72652256df9ecc2409adb6ed7a94159018b73807e3d4157e1309f4c66254ef3a600ed9cbd6aa5703e0f1167d3b8b9ce7a6debfff987c7750a3abe3af9bc889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
a2fd71b8bb5082080100eeddf9717797

SHA1
ec4d76971e00b6a03e1e0e6c5743a586a1f7a93e

SHA256
5de6887397f2a0a2d5921ffac0fc34a25b01a44530ecb0987cc1b9b225763c9d

SHA512
f910447e83c45c646ef93a6bf0712038cc59e26e0c524b8984288d0cc0335f6ec8d21c57ef7dba070112f495cc181f6467dc688b24a41340acb7cdd1eac97bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c089e813c7e81a11_0

Filesize
175KB

MD5
d2aa71d473e86c21ea49d54cb75c9a66

SHA1
3d12b617b24c6a6cd6f973348aaa6253bc3dc6e7

SHA256
3310b446ea8af6dd4baad02b5a7f60c4690c4b7f8548ccf68ae237d475bb22fa

SHA512
27c6f217a30fab922833c8dd41e0ed3138fe4bf63d3c4b457b3fea36b67cf399740d0d3a637694629f847758cb481b69ed829bb0e3b0100c010817cb3bc72886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c52e4f689c05cc4e_0

Filesize
200KB

MD5
3cfc50416fef696ae3e8218c1474cb98

SHA1
122212e193e333c6f90bae86c48de8602ec5bc09

SHA256
35a10423afaad56e366017e0985a6a1ab89ae97fccba9916957e9455fe854d12

SHA512
9e98b78642aec1c4df8dd185254d844b09cc7ca101dfa728410de4ac9644fdaf0a7dcba76c1af4f11dc7226e14526b136d5b68610259692eebfa1491ac9698a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
47c9961ea39889598c7e6a1f8b87786a

SHA1
473171d9909e2825b493441b9bd4169b2731b01f

SHA256
e5ec0f3a4e7eec158f6c2860404ea4337ae4a1db2c8e1461c650149acaa07fac

SHA512
99eec7bebe487444da6693be79074288c2d6b58c940eaee0a87713b4ba81e6d8509595376032346c53552d7229d86ab53c06cbe0743060e9086e6d36ea820d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ccea6bdd694d29dd_0

Filesize
294B

MD5
a5d1dbfc1e2081466a476f871aa1e0d3

SHA1
e71f157c8e4d7f0e15d7aa03e130735022235abc

SHA256
4dd55c9fbac38f0e1bb6f03a25be44fae64f1ec70320ea93d77200a4a1e53edc

SHA512
14a4d161d48866d79e7079a337ac05921be45ee907814b91e6ab295ae5e4e64ade52cc54da447d1bfe84021b84afafee66dc3a7c185b5f7d1d3ca4e22723f215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2f9a2fc02c20de3_0

Filesize
2KB

MD5
1fd5c99e2cf8cbaa73e2806b18204d70

SHA1
dfd48a398f0ca87c85ed8993577ef9231a540b7a

SHA256
9c215ce6ac7f22af890a29df5014ad5031d2c08ea9e0620a8e3ec0e547944d5c

SHA512
4147293804abe6974edd5fa2e05ada300c578236b69315f3a13f756f4d05213abbb71ee5b6a97d384a9aae64a497169bb9bd5801a4516639573ab5a4f8a1c999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d79e0a2891fc014a_0

Filesize
262B

MD5
44f55d89fe29ee4222ce35b38d32b134

SHA1
3c360efef0ab9ab3f84e801f25c264b93e16cd62

SHA256
a3c39eff433dd6b9f847a0b086c1e45dbe13ad739b9cfdd5bc4942c3642abb50

SHA512
5654bb02298c8381fb2cde9668cb6a6cf7a32b3e586adbc9cbbc8c91d0cc4abbaeae19f79c359b742e255bae2b086d77acf6afc9714e5472237bb302fe189e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da82014a94532e8f_0

Filesize
29KB

MD5
2112b03ef097da5d611b7bff4e62091a

SHA1
40e765cc4016c276996d5bc25b48940a0e79a04d

SHA256
fb0c76025ae3411220c37645b0f8d72dcf5a8d9294fc3debdf381269f1d0bd2d

SHA512
4e662ef1a4cc95a467adf57b99f89631110edae1ec92c6da2523e2b3315e2ad1eae42a2505dc1aeb15ce1adb80ac4f1d18e13b9a59ffb77848ecb89fa6b28c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de25460d24748487_0

Filesize
291KB

MD5
2dc28acda262c5d3081741c23fac06c6

SHA1
644deef7e87072862d30dc599af3e01be65bb4f1

SHA256
b5c3e5a130f6473e5f3108a808910210712e065996a13ccabbd7c2d140c6a772

SHA512
33b9e08f884109a4c18c741f3c6f627205766f3c4ea32c2edc815447cc324027593b1b16ab5772616ddc271eea03b84e9a73c4c2ee5d56f07edc085eadc9e8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

Filesize
6KB

MD5
77a03fd6fcedba0ec2d51ffb29ff400e

SHA1
7d668909d094662217d9c8c14a57c7972873f687

SHA256
9c95a2e1d6c75d38ab8842b0f568ff6c050b298d2d643674909722fc90ae7af9

SHA512
678a1fef2437e3baf17222e567cfab5aebba6d57cd6a11be1ae2694495c04f7f35b95edf9900f44b5175bbed9c7bf97d0948147f568f1ee9e99f2f7bf07a44c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9c7e700cc3e33cf_0

Filesize
48KB

MD5
70bcff3fba29bc24e306a177ae371b9e

SHA1
a5ac54c200e2de39183cb56bb24c49bf0b0ab6b9

SHA256
cd89058582e621b6d064fd23aff563431f6c24724919c79b1a70f6bad730ddaa

SHA512
9f809bea02cdda51a34335e6953c8f41bdf7f2169528bad7e4c6229ba494a14e415bacbbab86b4d0d4b18cda22379cd94677dad2c517b446a8ab19fa86c38021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
b5725b313ff42425b986f72e4eed3bda

SHA1
376351676ee33433f211f272a1a068cfc0b68bec

SHA256
d0beb8804cfe849a502ccdccec273473b5fcfe6e00003c330b9139eb95991f03

SHA512
30a107c83ff29175aadb298166d5cc021731ed3104c358b009645ff78770acd08881967ee40cbe83553a0ac493360b69e311bebc75424483a8cf9af61b9a7dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbd11ea5cda006cc_0

Filesize
27KB

MD5
6c14c006fa1d5571e2e0e96c1aeb16f5

SHA1
fefcbbad02ad81276f510e4baa811d5a6caced19

SHA256
a0e1e676ce84ac6e6ea4376b89f270b77363e22c0299b9daca023f626e0ae02e

SHA512
7eec8f2db036b41f22c680ff1cac7523cee2a1a25cf330cea906be6a0829b1eb3c093725b772b44b565bbf312e9ba5323d28a63b62e38720576e11570753a294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
ea0b148b483da7c6bd951dcebf740afd

SHA1
9943dd096a68ce5ba0854c72fe7548d74dedebe0

SHA256
6d5fc2f369e79e63721ffc2e7ca4598b1fc665f610ccd306b24b46fe03613a81

SHA512
8101399781dbc8437b86626bdc9e42e869c726ea0486dfe0278f9d886d718f197030fda0bd7c709b77f6a0e6e7abcd3ee54a2e90864edb73092bcd7b99dfc987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e82a07f16b2d615c3c50797b8ad38e4

SHA1
2d60ee7e2cb2d9c75cf03963e4a2872cd87aa1bf

SHA256
4cbd3930a26e424f177b87fb2940cd829bb88db6530a06d149e25a42b9f6de87

SHA512
883f710aeb95014ae91a6888d3e7c303282d0f9dd018e45920015a1a289c1fb1e9f4a499afd8cb98384dbbf66f5d116b3d9694df5011cc744e3ec7528df9ce10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
042591d6ec0398a8c9bc70375df528f7

SHA1
2135b7788923b2142beb855984b79ad8205c7a86

SHA256
74ff6b102905bf2727a6b291ca59944c0efec3953bbf954f21d6965b963dbfe5

SHA512
06ca5eb5b4ec3de0be78014f47c7010421e43c7b3abba8e28180b118d14ba2bd61c9a5d558486ec19596e2cd73cb7516fcb8e391b04caa8a097a0f4705c5306b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ba1aee038f3c187ff629fd25fe9a48d2

SHA1
ef04da6a22111e7997c890b5cca8019936a0e95f

SHA256
53ca97369cdc492cd07aa74954eb625cb669da05e377832b30fa75247707b3a0

SHA512
77eca5958c0f6cc9833c2f1397b8c2f1921dcb4f3a1dd83e1a6da1c9d021ee199e957ba4b03da8dfb38cc93bdffc1b18876a34a47f16e0aa46edb96e66ab1a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e7011f90ae54f3343f90f04f33f39310

SHA1
4e892a5ce33dc42056b243e9339eacb4ded497d6

SHA256
2024ef45d2298dadb0b15b7a97a8e77cc32c4126ea2dc54d3a214ffca1dd990d

SHA512
fd12b76e2449ca37f98616ff0f3f22077b1c7362fff35975eea58006ace2beb8c1529f175a02f74314c9e1a4131eb612712fca0c8a29835b4180d38bdcfefef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
beed8b111dde84aedd469a7a0b60f65d

SHA1
fb7bbb059dee0fbfed8482e8a5d7c97431aade01

SHA256
16f3562bef6d62ba73c53a69511a7ff3e147446b188e09dbdf05da0aee85a588

SHA512
c04d53812f5cb3f3a7edc69aff915a43187fd81bc04f8e762895cce5f374dd530f133448489c1f88bdbf8158af4a25014602129fed55cefd42873b4846350ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
1b92794633aaa7d8ca83e408ef516a36

SHA1
4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6

SHA256
0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0

SHA512
698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
62bad0d9e81700ede818620ef4f29108

SHA1
c1a0164e4c52e12ed30d1071ff908982cf632727

SHA256
a1c728e6f90a2829c79e8fe92af018117d19db70a7719a33fedd160dcd2118e7

SHA512
b8a95a9101808666dce9d19b3261f523be74d31beb4a7963105c45abfc89162046dbee32739493e43cc35ba40fe9268ae4390c03d35b0908268048bfdee3a58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
162bd82bbc08e954e45e1e282b0e9c37

SHA1
ca68fc7fdcdd5027efdf1db9b9e2a6097ff45818

SHA256
4409187d6adb4fb72fc14ba99eaed06b2383530f22d21651921442df86fe11e7

SHA512
d12d53e13bde457ec6fdda4de4a8e0eeeda2dcd1ad09ee0e834485a5ddf58fe5cd4fc3f0016147f5a24f8bbfb672842ddaf67e628e5cd4d1dd74b93164da8b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
3d5ea5ae4d94ca27778b38bd737ef860

SHA1
da406c2d52b7fa16fe492bf53ccc90ea107c4cbd

SHA256
e5882b9662922c3867c286a6a29c3f5be33e2ca359067ca8f9c215f09407599c

SHA512
5356dcbc244357c976af5257fb9aa89be1ed45fd58f86180db89bee5f72e141e141b8aa14ab738dd1220f52877369c5f58131b1c97e5676a27a6f1a59dc4583f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b05fd017dc528b6542dd290c105b7b48

SHA1
8c66f6ba9f99b19339951e9c4bebe5a55299c09b

SHA256
5fa4bc5094a59bc33d98e3835ef2de190d92636bb27804fe01d6c5fa544b1279

SHA512
4f1867293359a827dad65bbdd024b9dd0788edd1a0e9cb152c1dff96247a0e55b0b1d688a5e34d24dfefe0938346b3f070f6d2ea6974f86bab94c22a1ffe857c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9366d5ba7ff0cf7f28b008f1bd8aacfb

SHA1
e301c04aeb3655b31a97732a832fe566ef6c4f31

SHA256
243d9235dee6bd3a7b0130158d851e376718853f1ef354ee92c138e8c8a315e0

SHA512
65e9dd41f15ce77784cc1da12bad420e432b5a558dd548a20863b8bc89a3e96ae905b0a3cc0976cedeaf29b6111d39b8e0989f61dc427a49a98364e8d2bf1f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
432810a9472a5f92c37fb0da2d46b92e

SHA1
1033d2a74e4ae4c7b000a95d741e84e4ead465ea

SHA256
15cc97747aa0ad5d26a78eda9e44e2019a4655d52d001a35dd227b065217536e

SHA512
2f6bc74e369b386abb1b7e2e13d97864730dce2b1eb06486def1001fc1740299f74b9d8f573756a6a00091a5bfbc3864fee7b0355f4f1b1a2f4de45a78aade26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
728c58170b05349334d0ee90dbddacc5

SHA1
585a45acefae44ba843890dbdc7986117a75c62a

SHA256
4b9dc69ca7c4dd7dda10e76fb66d535c5693ab0276b27d8f06cf9771014ed960

SHA512
fbc4fe882c7ab5d7210663fb72fa0a1d1af6bf2d962629be225b030a96b998e90264950a87407a9bb38b1735f018854e7eb52036685526175af70b70534c8467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b96bcb86656c7641df3cae560cde9d87

SHA1
990a9609bb2f69086afea33f8ac1f149914ef56e

SHA256
3ef0f8e98fed44c2aec9738efa1ebc1e0898fd03b94e4a35291e370a118b25c8

SHA512
f3ab18efff74bc5d6e4579a0e42ec596fa8799b5548337f612e01e55c7c49da8a3c442bf999f73d9041f8efc6feedfff57e49a5b67c6d3e4584350e1c4491f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
37ed5735aa790f85a8f29577190d430b

SHA1
19968906d0204113d9d3dae2e4415a8746cee6b2

SHA256
667511fa4f4ae3a01ab25f55fa51e1f15cbac355054a6f4a2cadcbbe79592d6d

SHA512
03725cffd08537407d59e37b68205d765b2878b771f38f429358506243ce25b38aa27840488dd660b71025c776434ad48bf162852393536b51aeac2b3a8c2146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0090c89d6225bba4a9a9439a2ed2cf1

SHA1
41f73a193fc92e3b905b84b670b63c678f7f9e3d

SHA256
a530bd10a359d8009267764789c080d25227d272dda88cc89dc55ee1fcbd67be

SHA512
330ce80c02d4c1eab15fe8b05f5dc1d940b134a50c73a4cdc65f54455b6fa5edbb6cfe90035771a87deb17bcb8ff69ae7498cc4917493c51bbacc373ae1812eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05219e154089ab95488b2c538c07400b

SHA1
bde111236c45754aab32ad7f25e1c0080e8709f6

SHA256
f886f889104635d6676dc0448473176147536bdd67134c1fb73fa91cb1e159e0

SHA512
e559a94c61a18c34fb6d2f17690cda46c26831833172d3971ff2c51a93e66ea3e75874865241e4a76a87c41379c8357b7f5c90b0ae73abc3997b0a9ce6a98e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f397c5b43b6eabc26c9a31463623434f

SHA1
2223d4a4b4f0e0ff55af8339bc8c56bdfda2e520

SHA256
467636d340bdab57faf53d9ee6d2c9ebd687062850c67679ac3ff717f8b1f1c9

SHA512
c929c3475bf9024f55c79c2cd54b8d035a5c0b9faadf847270f4910dc851809d55e3c34b18b1c52dca081c78c64afc55455a5be81b3c68f97396e9cda53275ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
726f17df4e1e9d547b6ca1cfe08d1950

SHA1
f59a95870cbeacd4a96922a1e32cdca6a8f1b560

SHA256
53cce288460812ab27e2f07de8a1831924036afb0a0bbaa3c2e6c54858ca7638

SHA512
3153466e53b3bff97fa3fca0e45f53cc08ab99258133791e6ecc3f4d08cab7b0ed7b8224445c5554d1d03cbeee921b8affb7dd3d890e0b0c7bf6280756bfae02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68761c4d79c00cca1eb8c84d84f2282a

SHA1
8e123473865ab195429799f276e9cb9599e2b2a8

SHA256
4ce7877397be828b019c3657f1fa4e17febca6e983e89f4e1468d860ec5937e2

SHA512
4f53c577ed330846df106b09b296e663ff9dd3509f520ef056fa5142bc227e24e75032163b3b7c3627060824c6c688c73c4d6e7f43379c6ad29f36b45dcbe7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
686834981feff49098f2525a0b05fc47

SHA1
d20eb874d26083ba81560036e8cd373b11f8ce80

SHA256
dca5b6c2610c0e59eda8385073c0c38b16b0215d0571848058caaf37f224527a

SHA512
b7eef9a1702b04654647b1f4fbf54aa84b11b6022819d25521fab090f45402d1bc5dd5c06022b37c5303785657e3d6b8d4ea37dea858dbc52528fe3d9bf8b05b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0fd0f57b7e2cf61d39fd0114424b4d85

SHA1
bc8d3cac02ced90de27665e25c2ec58ec8191cf4

SHA256
a47019af9d122e1cab1e3d62e42b6cd0a9636680d1683635e7361d5c55f4e1c6

SHA512
887ca93ef9206d713beca5169d203ddfc8c7e710cb48d8fc0063c1c403cb838c709c61b6080be0803f5c855cc565a1351285768132733199fb20560267991537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e67343f2d9359dc0b7dd71558d9a03c

SHA1
7bebfc5fa4655d8cd529b7db4f88054b33b0309e

SHA256
814425bebff27916fb3e8de96607cab482d0519702d2a1c7e2714aaf1ef2d951

SHA512
579ecc1027fdbe967bc19da84bac363d07e86fa4bd8f0493f8c75a108b7926571b5367a16c197cd3de51072db0d7b6bdb7d8568edaa813025b7e14ea8f0358ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c136ebbcc6ffc904e3edc0746e525462

SHA1
1badc4cc0e6cb6da230d9c87840639d5948319f4

SHA256
6ce4351b129968ecb04e886ee312a391d7c956ffb0762906f04c054984425607

SHA512
a2b60b115903a95f1bccf50df9d4eb4dc5a53825d2d7695c58957e2470165ce94853792136ff2760f71b91b29e183f6598a06d565bb1dcdbf7259cb83092fbb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d24711aac197f3d6eed7cb2147b7b59

SHA1
b16da69827ff1a148d28fcc71b87fdf7d15c3820

SHA256
137d5b28282b4a37604d3fdcec43511870a81a6f2d9d5e0fe743e81e33989c80

SHA512
4d9f2116873d80d733e9d2f35982fe8afa7b82550521342de472db86787b0e06a88aa6339c5e0e742c09c665ceb8a03df2f30f85968b14c93b059708dfa804dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88b3cd133170d46ab54705596e19be16

SHA1
24536d0682b0e44dcfdc60aa995ece71e938f672

SHA256
5298f43848822350277c9cfe23858e012c21929f8beaa8125fd5c7b5bc4f83ff

SHA512
7d1c030e51f93e4527c52111350ca4f5e9d0e78ba6abc4ad616454be6866f27052d0306e2815216b141746a52cc04608b48ff4bcc2805c7e58fb0def201afb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d6042c67de97289df3225f1d136cd94

SHA1
44e5aeb22ae742f3eca8eaa1c9a6b9479b43f78b

SHA256
227cbf3d75e1d8cba4a8738fe47c127a2e57e3d7dc16222a1582c3e17ea775e2

SHA512
2f04ea7411919e4639b174176ff9a4f55990dc0fd0a2276dc815fca5a04125331cf6c31c24d31b1153d8944908e633823b04ce4a7ed7798aa21ddde9c2d7eb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ccb21689514905bd7ff166f29b31a0f

SHA1
0c2a223e680d7255f94f844ac447385712a51524

SHA256
974ddd4f2898b2d7d1cce82913a3c1e4e0a05d49feb67c4226b8e184defcb1d6

SHA512
00790225f8204b73afeb8f1e1ad4b64b2a3690893d4e32bfec0ace3c22762061fe9eacbf7fb684ed7fe97c6254ad598c10999b34927f9538fa0419c46c0d01bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8766a2ca90055d6453541ea1ddf0b701

SHA1
51d469fbc5d85650a7d68958332f1eddfdc83634

SHA256
c2cb5deae610018d6960de82eb2c93a681191831555b29df48862f55b85e9ed0

SHA512
a23b504a244c629f9dc5c74705ec584e3b83077cc7c656444ec6efb946098b53255e0ccc625404de8dc65c9d4c812ea3c577f1815433109aeada130847e4d27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e3a072d46c4ceaa8278346b423b8a1b

SHA1
ea5d70c0ac6bab49d67e1aaba94c8e939b7c947c

SHA256
9e9006d69409f93f1571772931a3bb92c9f9b6deec28c61afd5138db4fbc57c7

SHA512
efc6fd9006862dae1a2f1dc279218bd719848cd68567bc9731708f2d65c07fdcf8bafcb8555b2bb6e4456b14b0fb384ae249b576eeed0262e12957401e63e460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7b65aafd61f486969675278cfc75cf3

SHA1
8b9e4b8cef7c929a501832dcada8eeb2b6795796

SHA256
f7296bb7b17b8d0d6e7c9d244cdc1b656361fd765a112c0d1e2fe176d485bfdb

SHA512
3e7c4712bac607b0d4c298e60c93b60ff01c4f45b1e296340b61cfba5229e8ea176a293b20fec172037af46a76b3947016177e7dc8e56830282707c0f9686028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ec34475cec14a1c241e67400ffb730e

SHA1
6adf0b44ca6a885f3e7104f123e3c77980af0969

SHA256
b71360def72852619e0c79161d08a95cd4fa3f21a2fef5312a811ffe53c13e7d

SHA512
f4f22a452fe79450a5d65a48421a20fa1994fe84648184a649d2411860ea8721cd4a7b0504c90f0a23b447b0ecbfc82bbbcf70174c74b1f2d619e86716f90140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2eaebb9067c50f8f24dff97b37434dc

SHA1
483bc71f6f6ac07ef5ee03a0b46595c78948eb46

SHA256
00f80645f7bba00eb6a232f30b0e9d052edb5ad3613b4ce7c86646727ce1103c

SHA512
d16dbea56c61b06765c4e84ab5f6bb9d7ba1e89085312f1a2876567d0e3ecaa5e47c88e0f61e959fafad0f6534552bfc5d12498c5b77e03e20aa1b070b465a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a1a6f675bf59699dd2f74c76b5a9504e

SHA1
bc697af714a3e1f1ce8d2b90e62c09dd424a3326

SHA256
1ed926b504d2b12a0be4e66fd829b7385099471717e48698a685bedaf987aace

SHA512
eb56178bc43293a1c8e4cab309f2daaeb5a6fb69b3e7e84db8b62fca9ee29a7a0eeb7e199fea2aaf7b5c95e3aed0a37716613e73cb06b0d79d38d0eacb6512ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc1118aa454e44f9fe6342b6fc462af5

SHA1
3da73fdad4451e5fb87d802ad112549d66c762d0

SHA256
031b272fb53b20a5cc46df3e0c2206676388187abf0a6c930eca48ca97bc8214

SHA512
af9c97cd1957614429e8c3505b281638ab03f4f1ee9dda1478a8282dfbca8247e59b5fc58114f14c85b37bfac7854b1c06fb8bae9308eca82e1027e9b682df3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2fb14139844d6a1791747c50107c87d0

SHA1
ea82f650b4d62f4902199a4e4c9911822aff0f99

SHA256
356c23f2ab81e3e31a228d757316c77584cfd13ac1b37075ebcd3baea7a38188

SHA512
979e197e19091d54b82c3b2775c17ec23a9b1aa6352dcd8a7812146508e8a318096558a94e86d6c226d566089ee03a827dd521cc94bf2bfa2799d5799571a8b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
f5d9f7628d3154da16c38471f1a73c8f

SHA1
87a79b056e3f3351a604d69d4e3652dfa076d143

SHA256
aa60833580e0661082db9ff86bd68887b5b64bd6626f87a6a0fc80bad95ada16

SHA512
45c2c976ef4b9b528981984476e10c8a90098706512212bc8779486149fcdfda389bda5a3fe7d7302bc909fd7d9adf99cc46c86a1ba5a07e38124adda2b18264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e517b000822e1d7c834344610a243718

SHA1
e9bb983738c0ca1c466a615131647b2284afb350

SHA256
a2852c4b9f40f86c5ee4e0f42ab09c3edcbfa82c81d902eedd167322c3766c87

SHA512
e0e915488ebde150c663bcefb25e9679f25c9848e96344beb792b6cb631b5bb74ed8f9f90b9b820edd2ebe147fdaeaa5d3fe46d86fbfe055ae0ddf3e2ab3483e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5845fd.TMP

Filesize
874B

MD5
ab07ff339bb1f9f959be57e4f986f698

SHA1
0a2f32b7b200e400e7ddd883628d40dd926b0441

SHA256
179e2c9acb7499cacb71af0a15001cb55050698bde972dd47382b924dffc7295

SHA512
3651d1933b8d19b41a018acca1871ad259624599797bc5b08199f558a7021a1be3b563329419d8db6044c1db4bf805e0c6ec13ce198803ee28f0f75b9602652f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ba9d722750e0ecb731d24c184ff77202

SHA1
2af79521b659ab2a50891a55f0e0a44967e9f92f

SHA256
9e726bff6ef1a3d7ba1cbb11ccb566da12f8b171301aa472f05743a074ac5a2f

SHA512
5d542ba67e252046241057c04a529bc4db86322ab61d23f6e6c935bb1eae0c1f64e4c6c4a6bc1404664561754749be5e6c46c8cb6fef290338e9d3e929a6f2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c10209b1a8e701ea8d39e5d71ec72488

SHA1
a84762671664f3906e156f8888fedbbe01d5049a

SHA256
e4fe1657617b1cd76d64db6a58f4aaa3e5d1964a9cceb4c899051091371dfee4

SHA512
0172eebaf9998709c21f28a53457765e29c2859e75fe8e29702bee55b613d0165bdaba1bf0659f79360427a44ede02c9cbe11376e5eb78731c9ca1ca705144ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf985e5686f2c33014f59bf2df2c729e

SHA1
fb73546c499e0f1e9b4123bc1d3f7637891ad790

SHA256
a3ff4dafb8f5b47afd598ce0574cbc233dd6a8256e82a27d7f1a2ee9e8ff0989

SHA512
2ea7d9833d68ecd1ac6733d2b86b4bdf7c32abcc0563cc90dc916392c9bf30876c97d1a955010bab6732d83623b0c45804245885b53a0af073b31aa9ee3a605f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ba8aed955110c87016965648372e4d8

SHA1
e3662e560d920b05a0f2592316637ae5e242222b

SHA256
3a906a31db70f08f5bb11126d4083f58175f5355f44d850f065250296ab66879

SHA512
8327c2235d755909f52caa1b963b68ce593af4c409ab1e9f0019d26a2cd22d7a9d2ff41ba59c3bc728efd9410563075522d1e384d61959693f84b65a247c2200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7baeff90025356b44085e198dd2bf3a6

SHA1
525816872021d5bc51d4a2853f6ca0ba14236ee0

SHA256
9ea8804b942a8c9107cc1ba0a92c37c7646441858d2ce25e0f62bfac400765e2

SHA512
30d49ef69d45346cda553c8eefffb3694f0c5b3a1c6fae89488f9b6a0e83a81059ddbda8192ba6c550eb20356b7e92ea25947b57b0241861f928037f5c74561c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d53edf44-798f-4ee3-93ac-2e967dfb04ce.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2528_427060671\46bd702f-622d-4fde-9908-c0cbde714bf0.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2528_427060671\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\ChromoxideTrojan.zip

Filesize
634KB

MD5
d871bc112a01bd38fbd60b3e7665b872

SHA1
f22a8059a0cfda8c4ab11c05b1a5db29c2d0bf40

SHA256
2878da8a47d2f0a72515bef3826f35f7d9d90619281624881e0d3349aa57f258

SHA512
278ca6edee6f0df67d0c40bf6b9a3d91c66344be1af2a4ac219cca999103e1a400fb14912fe457fad1e4ea7f8c62a2310dc8350c40da9354218981c22d40c11f

Download Submit
C:\Users\Admin\Downloads\Floxif.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\NoEscape.exe.zip

Filesize
13.5MB

MD5
660708319a500f1865fa9d2fadfa712d

SHA1
b2ae3aef17095ab26410e0f1792a379a4a2966f8

SHA256
542c2e1064be8cd8393602f63b793e9d34eb81b1090a3c80623777f17fa25c6c

SHA512
18f10a71dc0af70494554b400bdf09d43e1cb7e93f9c1e7470ee4c76cd46cb4fbf990354bbbd3b89c9b9bda38ad44868e1087fd75a7692ad889b14e7e1a20517

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 410142.crdownload

Filesize
532KB

MD5
00add4a97311b2b8b6264674335caab6

SHA1
3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

SHA256
812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

SHA512
aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 549686.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.htm

Filesize
165KB

MD5
c41d6fc085dd151f4fef17cca9b05d31

SHA1
dc71f6b7d3c3941511d4af7519ca7b045b368302

SHA256
e0557a26e9dff21b4ac23e064d0de73095a8f77f8ecd85602de925d110842dbe

SHA512
5c6c691674f91280262a032e745d63cc4a8866cbfd4cd4a2f384aa1bbe207abfc8ac91d775df5487db2aa86eac075168b511a540f9a0ba6988466ae3bb6e37a8

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.htm:Zone.Identifier

Filesize
186B

MD5
704e20b8026f2f339adfdbe0562e05ae

SHA1
73cd40a202ba833fda889f0eee58d778fc11fa80

SHA256
690755ce40eec4073356b51cd1c750610bddc6a7d26d20c949a78f877a17dfdd

SHA512
a8097b18f038dd3e5768614d63bd7dff2bbe988edcd6a2933b22f5e714265bad8e1d247241f9fc2b318d40e6ef3a2b8892886606499656225cac023eb6f94518

Download Submit
C:\Users\Public\Desktop\῰⌏ẎⴘᏩᨫ⌸ࢶᑣ⨘ྒ⼅֕۸ູᨗᐛ⳴⧦ᥰ⊽ఙ᠉❾⠚ݾಖύ⁙ᢆ

Filesize
666B

MD5
e49f0a8effa6380b4518a8064f6d240b

SHA1
ba62ffe370e186b7f980922067ac68613521bd51

SHA256
8dbd06e9585c5a16181256c9951dbc65621df66ceb22c8e3d2304477178bee13

SHA512
de6281a43a97702dd749a1b24f4c65bed49a2e2963cabeeb2a309031ab601f5ec488f48059c03ec3001363d085e8d2f0f046501edf19fafe7508d27e596117d4

Download Submit
memory/788-1680-0x0000000000270000-0x0000000000293000-memory.dmp

Filesize
140KB

Download
memory/788-1679-0x0000000000270000-0x0000000000293000-memory.dmp

Filesize
140KB

Download
memory/3228-1687-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3228-1689-0x0000000000470000-0x00000000004E5000-memory.dmp

Filesize
468KB

Download
memory/3228-1691-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3336-2444-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/3336-2624-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/3840-1698-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/3840-1696-0x0000000000470000-0x00000000004E5000-memory.dmp

Filesize
468KB

Download
memory/3840-1695-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4908-1701-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/4908-1704-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads