cf09c4bec1494405fa4c5c2a499cb8e17ac5bd8e31a65e0612c13c41ad8ab457

Resubmissions

05-01-2025 15:41

250105-s4qhgaykaw 3

04-01-2025 17:05

250104-vl4ngsyld1 10

04-01-2025 16:52

250104-vdkkmszpbm 10

04-01-2025 16:51

250104-vc55yszpak 1

Analysis

max time kernel
259s
max time network
261s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-01-2025 17:05

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

redz hub.lua
Size

110B
MD5

e64dc7639631f60e56ddf2ee462c73f3
SHA1

797012686a77f6b68860e26ab692fb5e5dd56190
SHA256

cf09c4bec1494405fa4c5c2a499cb8e17ac5bd8e31a65e0612c13c41ad8ab457
SHA512

b74992a1da0260565a52f5a7daf93a48199efdec57db36a8e08e1efb06aca815ef1cfac19928ec25127fa8390fce09996a407ed8dc5dd210ef49c9de942d6fdf

Score

10^/10

defense_evasion discovery evasion ransomware trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
1996	ScaryInstaller.exe
3088	CreepScreen.exe
2428	melter.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
9	camo.githubusercontent.com
48	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp"	reg.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000024fc2-1286.dat	upx
behavioral1/memory/1996-1326-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx
behavioral1/memory/1996-1367-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx
behavioral1/memory/1996-1384-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ScaryInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CreepScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScaryInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
4244	timeout.exe
2800	timeout.exe
4564	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
3776	taskkill.exe
4616	taskkill.exe
3904	taskkill.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "14"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	cmd.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry

T1112

pid	Process
2936	reg.exe
1140	reg.exe
1308	reg.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 603955.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ScaryInstaller.exe:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
968	vlc.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4952	msedge.exe
4952	msedge.exe
4316	msedge.exe
4316	msedge.exe
2452	identity_helper.exe
2452	identity_helper.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
968	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	3776	taskkill.exe
Token: SeDebugPrivilege	4616	taskkill.exe
Token: SeDebugPrivilege	3904	taskkill.exe
Token: 33	3600	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3600	AUDIODG.EXE
Token: 33	968	vlc.exe
Token: SeIncBasePriorityPrivilege	968	vlc.exe
Token: SeShutdownPrivilege	1268	shutdown.exe
Token: SeRemoteShutdownPrivilege	1268	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1984	OpenWith.exe
3088	CreepScreen.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
968	vlc.exe
1704	PickerHost.exe
2336	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 2276	4952	msedge.exe	82
PID 4952 wrote to memory of 2276	4952	msedge.exe	82
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4508	4952	msedge.exe	83
PID 4952 wrote to memory of 4828	4952	msedge.exe	84
PID 4952 wrote to memory of 4828	4952	msedge.exe	84
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85
PID 4952 wrote to memory of 1208	4952	msedge.exe	85

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\redz hub.lua"
1⤵
- Modifies registry class
PID:2588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff82f683cb8,0x7ff82f683cc8,0x7ff82f683cd8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,11062206434176746537,3445448605615833380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Users\Admin\Downloads\ScaryInstaller.exe
  "C:\Users\Admin\Downloads\ScaryInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1996
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\16D0.tmp\creep.cmd" "
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:3492
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im explorer.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\16D0.tmp\CreepScreen.exe
      CreepScreen.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3088
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5 /nobreak
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\16D0.tmp\melter.exe
      melter.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2428
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 10 /nobreak
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:2800
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im CreepScreen.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4616
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /f /im melter.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3904
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\16D0.tmp\scarr.mp4"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:968
  - - C:\Windows\SysWOW64\reg.exe
      reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
      4⤵
      Sets desktop wallpaper using registry
      System Location Discovery: System Language Discovery
      PID:2628
  - - C:\Windows\SysWOW64\rundll32.exe
      RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
      4⤵
      System Location Discovery: System Language Discovery
      PID:4088
  - - C:\Windows\SysWOW64\reg.exe
      reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:1140
  - - C:\Windows\SysWOW64\reg.exe
      reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      UAC bypass
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:1308
  - - C:\Windows\SysWOW64\reg.exe
      Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:1452
  - - C:\Windows\SysWOW64\reg.exe
      REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:2936
  - - C:\Windows\SysWOW64\reg.exe
      reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d "1" /f
      4⤵
      System Location Discovery: System Language Discovery
      PID:1652
  - - C:\Windows\SysWOW64\net.exe
      net user Admin /fullname:"IT'S TOO LATE!!!"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4888
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 user Admin /fullname:"IT'S TOO LATE!!!"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 8 /nobreak
      4⤵
      System Location Discovery: System Language Discovery
      Delays execution with timeout.exe
      PID:4564
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown /r /t 5 /c "I CATCH YOU AND EAT YOUR FACE!!!"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3600

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a2b055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
9f96d459817e54de2e5c9733a9bbb010

SHA1
afbadc759b65670865c10b31b34ca3c3e000cd31

SHA256
51b37ee622ba3e2210a8175ecd99d26d3a3a9e991368d0efbb705f21ff9ac609

SHA512
aa2514018ef2e39ebde92125f5cc6fb7f778f2ab3c35d4ec3a075578fda41a76dbd7239fe2ea61533fb3262c04739c6500d1497c006f511aa3142bb2696d2307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
366KB

MD5
e6940bda64389c1fa2ae8e1727abe131

SHA1
1568647e5acd7835321d847024df3ffdf629e547

SHA256
eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699

SHA512
91c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
37KB

MD5
56690d717897cfa9977a6d3e1e2c9979

SHA1
f46c07526baaf297c664edc59ed4993a6759a4a3

SHA256
7c3de14bb18f62f0506feac709df9136c31bd9b327e431445e2c7fbc6d64752e

SHA512
782ec47d86276a6928d699706524753705c40e25490240da92446a0efbfcb8714aa3650d9860f9b404badf98230ff3eb6a07378d8226c08c4ee6d3fe3c873939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
26KB

MD5
73fc3bb55f1d713d2ee7dcbe4286c9e2

SHA1
b0042453afe2410b9439a5e7be24a64e09cf2efa

SHA256
60b367b229f550b08fabc0c9bbe89d8f09acd04a146f01514d48e0d03884523f

SHA512
d2dc495291fd3529189457ab482532026c0134b23ff50aa4417c9c7ca11c588421b655602a448515f206fa4f1e52ee67538559062263b4470abd1eccf2a1e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
58KB

MD5
6c1e6f2d0367bebbd99c912e7304cc02

SHA1
698744e064572af2e974709e903c528649bbaf1d

SHA256
d33c23a0e26d8225eeba52a018b584bb7aca1211cdebfffe129e7eb6c0fe81d8

SHA512
ebb493bef015da8da5e533b7847b0a1c5a96aa1aeef6aed3319a5b006ed9f5ef973bea443eaf5364a2aaf1b60611a2427b4f4f1388f8a44fdd7a17338d03d64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
39KB

MD5
a2a3a58ca076236fbe0493808953292a

SHA1
b77b46e29456d5b2e67687038bd9d15714717cda

SHA256
36302a92ccbf210dcad9031810929399bbbaa9df4a390518892434b1055b5426

SHA512
94d57a208100dd029ea07bea8e1a2a7f1da25b7a6e276f1c7ca9ba3fe034be67fab2f3463d75c8edd319239155349fd65c0e8feb5847b828157c95ce8e63b607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
88KB

MD5
76d82c7d8c864c474936304e74ce3f4c

SHA1
8447bf273d15b973b48937326a90c60baa2903bf

SHA256
3329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8

SHA512
a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
105KB

MD5
b8b23ac46d525ba307835e6e99e7db78

SHA1
26935a49afb51e235375deb9b20ce2e23ca2134c

SHA256
6934d9e0917335e04ff86155762c27fa4da8cc1f5262cb5087184827004525b6

SHA512
205fb09096bfb0045483f2cbfe2fc367aa0372f9a99c36a7d120676820f9f7a98851ee2d1e50919a042d50982c24b459a9c1b411933bf750a14a480e063cc7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
16KB

MD5
5615a54ce197eef0d5acc920e829f66f

SHA1
7497dded1782987092e50cada10204af8b3b5869

SHA256
b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26

SHA512
216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
b9cc0ef4a29635e419fcb41bb1d2167b

SHA1
541b72c6f924baacea552536391d0f16f76e06c4

SHA256
6fded6ba2dd0fc337db3615f6c19065af5c62fcd092e19ca2c398d9b71cd84bf

SHA512
f0f1a0f4f8df4268732946d4d720da1f5567660d31757d0fc5e44bf1264dfa746092a557417d56c8a167e30b461b8d376b92fbe0931012121fac2558d52c662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
331KB

MD5
4f3a4095cd2ed6eb0a2ac8c06c5342ce

SHA1
5b00470c40f858035bf0792f1897a6fcd5204d6d

SHA256
5f2ed572cf1af719f42de6397584dfe326083f9daea13f705cc60e6a723be9be

SHA512
6d42a82c82bd7bd4d744c0094ebff05f3e6d2f54c994dbbdbe34fc1709b92f2f59f3400bf281306704e275fa3f603548e79fe89d63ebde6cba461bb047d64d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\387d1c1009f96627_0

Filesize
14KB

MD5
3f5098ead1e78e9abb07b391681ac00a

SHA1
00cbe3df3285a3b04c8f6cd3ca4a0361df1f62c8

SHA256
e5bbf02d2d46226180f9966b44965db5a39298bff6103e14de60509ba151f76f

SHA512
01942a6cdfc9c8947495333343c37187cad9ec625d2741bebd28fd8ef7aeb54a183ba187f56c45132028ccbb642d3cdd305adf798ddaec27667937f4f88f0485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8f9fd988dc5ea5bd_0

Filesize
8KB

MD5
09f9f3e512e949608871761541bbe27b

SHA1
e4b2fad050a5acac8f43c43c47bc2a2ad0558d9a

SHA256
898782431136bf0b97d84cd741c6e854c442f2407e21161b1860d7acbaa73949

SHA512
9df6aa0bbfc976c993fb99773c0d2eec35cd35358b8f64e8b104233884d548251d22ed4ce237a4c83fe88b176d0aaeeb7e977597240e7300ad1b20eb21ee1d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
de245901f3740e408b864e497fac8cff

SHA1
a9f9dc0c21346d2fd0d936e15af4d7e524c9f618

SHA256
adefda0b4cc9a5bfabb01cbe7dec582596785a1c7cb9ce3d9822425bf744b69e

SHA512
bcbe60f2b4f04b953b2832950ec63d9c4ddfa5406b7e30929d0dcdc1042019a50d927df33cee97d858892f2b85bd96a618438f0a2433a1332a40d80e2135a606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
09b611075dc4f172e3ec8b0115a27f5e

SHA1
cbc577b24f35bc255f6f21933a52837f3bb2625f

SHA256
b05cc481a21edd918ff5176ec382d29e230477a907fbde52a54d511bb49c181f

SHA512
eb0243310b003fe9e20edb41f139eee96b661179bf2fc181bc8bd73a7fc754f456242faf35d1a2b4cf335fd9662ca70e6feb9075c05a3a357a87c806a421108f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e09fbed21d347a0dc2bf73ede870502b

SHA1
949e548e4ed90198de4249e4f6fce9f103105374

SHA256
09a4238159b0fbed99f146f4ce889fce5634400a05a31981e7db8f00fa8e3a49

SHA512
c6677674355808e30811a63aa11d5cd58eee8dcc8539181e1952883351e72e4fca4b5e7d2f57f5e0401ea7580b50c09d70f59cdfcaf3432811e74f0ca70d0aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5975b90d51a408c41b0da94880219c8f

SHA1
bd64bb625b3772ec18139638d5da8b5e9c195a82

SHA256
d9b537bf0bd520ce42320fc2c5ca76ff7de6b99e554463bb9ecc51d4e8f6f7bc

SHA512
3354bb28717b9dc57d1f5a73225157f2f82f4147114169e0ddb8fa86a4dac2e20b5dc5dc8cf1e19bde42a761d8785147ff87b0af4ae8df4b984220a8eee2d0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3a3b5f35392c4e7f16d1d6749c377480

SHA1
d12495cbdc9a933e1a4e1c03c81805e2d725cbbf

SHA256
329e04e10b3429d95de55e884cb86a5eb4f0939234c8e3230e909b84b3fb5926

SHA512
f5aee018df27ac0d38c19e4049ead06fea7c0cddc4541548ba95d32ae8fac30f516b35d8ba0fb6c7afce09bb3f822557da1ecc8676f8d621008d1ac582a1380b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
959B

MD5
258d676e7b467a5b80401ba3a09ba137

SHA1
410b1031f6bce14573fdc41909b27a35b3990ccf

SHA256
83eb4ac981b31167905fde83316c96078baf3903326113aba66ffba36784b7f0

SHA512
304c546910a0e8e184d9aa0f3db5f884f36b7517810e68c4ce3209664b98cfa8d04cfcaa03e9675144decc256c824647aa26ab8219c4596da5b4c3cde7445731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb0c6790f8ac30a03aa6c0ee316686a7

SHA1
0b010d5a282b0628ecdb779b5405fddcb8f08284

SHA256
d992b1c6f82e7e642b0ea933168ad6147691458bab3806a8f276f677099d8ff5

SHA512
5a2d4b21de966441dfb17021add3dd20a5552d36c4e3fa992a3565f53fbeac35faa84764c970178538b0ed3a653bcc99c04a2300ad287ed3966bcec7a7dd3af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6a026958436d319fa12114e3f4520cc

SHA1
5ef22ff7746e7ea111cfd72727cc18718fb1d76c

SHA256
2c740131d9f0b7bb0fcc9ef0214b03ee458fec4671af4afb94220d057956191a

SHA512
dbac02bcf2aa4de8aa76300890fb6a3665f2e4f4d4ab8e9d7df55dac37b21c5f72604e4d72e68452aafad2583b5e0b7f9784479bcdecf52fd8c9a39ad85da4a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
42f478a72d2b7c257da160663b051d8b

SHA1
5f3a9f11a3e9dff202404b5b02527f9f3dd05dfe

SHA256
7f653039fa798d4b72f13ff75f7c14b0a14d72d26d7ca0f13424e96b94738be0

SHA512
d18757672de17006e64464deefb0c365dc090ee655ccfb31540343b9499f10a982e49f7e005eb2829b57bebdc60f11ba87adb7d93235cbeb58c9bdf9aa1bbc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7bb92d8b6fb407649464404efe14547b

SHA1
07684e2986636cca9cdcba82d7852e38f4835718

SHA256
fc7305cf4cec554fd5906790cfd64c0dc8888b2b42f53252471eb8621af3a627

SHA512
f7bf4e38f59d6eb6f6072b344d1a854b3293c8ca469a4b1882816ae232ec3dd6c914636d6494c96ae8a3b931cccfd52bb8dae8f2a9fd5549058e26a7280b24be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7893db9a915e1e183106b7111480752c

SHA1
ba5839da4e54a4046d958c2fe81aaa24a78136f8

SHA256
dd09ebf4417b5d33904eb5e14a0c24af2492c53f1e948db483a95e0e3e61a190

SHA512
19df9d50a4cd2ef6e4dccbae6a9a496a04cdf5572160cac90e0d4e802392ad5518b2c1f860fc4d6a4852ed6f94507915386c28054cf34d736ae49f8bb365ffb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
983c51b68bb4a3d024bd16a3899e350b

SHA1
26faa5f1af9ea41fa9a6b6b5f279c8d66ddf3635

SHA256
f095aa0db9ae85b6662bdc83ad041cb704285cab384f5e287524e29a7c290c34

SHA512
771424755ce8768692b0aa347a9a36580b752018f9549d1e929fb922d41cf5a6ea486619423481006d4da40792f9ca98f83a02505e8482523d91479fddb2e1b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49ddb4c4fa82534d16d43c0b5bc063c7

SHA1
5c6fe2277bf2b0654472f57024fca043bdc9ac0a

SHA256
f9e434dfc2262ffcda03b4ee9be0472cbc170c0d976adfcce354cd8e240c728f

SHA512
9776a8709111fe242f4bd2bb276bacace8a327a722413516af3ced9fbb4d948d48d40061b633a7f62d585c8e7eb4fd5f20c3cb8b2a72a617c899d9e586ff5e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64428585e6e30ee782dbdb87bfc1721d

SHA1
5b5327920a391a13fb706f7ac1a4d04c70710982

SHA256
54e64de26f22dd0cf1f44d2f47498c494a76e9ea042ac8704ecfecffca2de900

SHA512
1aff6e2c07a0ae89f22b5eaa4c1fda6cbc84fb4c421f54be9888c62ca0810ebea4a131c11f573734c2d308e7ae5f7138a9d9b2aa4d827c34e5dcc7a9207924e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
68610a89699b546cc03e184c72189e7b

SHA1
a6cebee49fa9bd0c18ea40136c20fa1f198350bd

SHA256
20be85d6290d3a4bd8916c0a3346f7e296330a308ba84fe79eea9c8462c76600

SHA512
2e7f580b3caf1eaec7d18932663cda68e030a122626f9fc2fdbf84489b682189bee95fddce2a4020d6f4ed50a80405d435d7bef56ea6b9b6a5f9de4e10d9d68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e66bdeb79c0e92cf552837b53bcff855

SHA1
a23d6fceea88453bb31285fce1d6a820e268e65a

SHA256
cfa3b1a0f1b31cc4cbb63849d38cfcfd29504d6f732c039f47d1514e6784f437

SHA512
f0a6aa5f7ed284070631e2658ef930333407ae7bbf1a19076d66c3334d7afded7785b38ebbf6c4c418eb761c5d09227b472c504ec7d82546ebb9f00ef5542531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac5f0b433cc8edca46b0373f9a6b7f93

SHA1
699648f4058575da648811bb496697c97cb16261

SHA256
a0ffda002ae50577d80da53b6341e1d7ba9fe7d0306e07ad50926a56d390ddd4

SHA512
ca6ec43aac87c6be83d6cb2aa05d2e3b379e82c94522e2ba14a6ef063e8cfbd860986cbde6b49eb242981a4ac306518adbca4bd1e8dfc19b89ed428b935be9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb52ae0d78d51103aa0412faa2ad6633

SHA1
bf57965ef51cd21bb3045e413d1e3f35ca8735fd

SHA256
4bc1bdd08300da8baf2470d3db5ef553012447698934fef87e39fb1e550e0a2b

SHA512
ab25399e110006ea2f293e9393ffa6b32a0d867ee391b8339ad667bdc2d561b7635f7b5f0356f65b6ca37ec0d5fabbe72413a80604e738bc6f7cd64a43ebfadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa6765b01af2cfb9887624cbde0b82b5

SHA1
d9007c9081b16311e89605a00fed48204ba0e565

SHA256
9cbb98e4e6aa8a14df52606fdb721ec6815a714be0b38c35ca1d0d9212af8cc0

SHA512
659d5c59618cbd6b03bd9e7f839e54890644af35c9704ab2f89902e4f47de5574f387b8a18aab493b8be82b23f987ba6355b9d07dd594ca84981c5aa137a2076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8746a8a5688d5d9a148718c1bdcb1317

SHA1
a6df26e4afa778256787a2ce1c272b60bf66a42e

SHA256
f3e002fa1bb2e814c0cc50cfcf8913bd70810d886a800bd879194b7801792af3

SHA512
235e8d3788b95b0594c895cd108f00c32328490052a527b7ff1c562c2b1670f20b2c30a757851fbd7d25969b29cbf1b35ebeaf5df5934c202b5d89904c1314a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bf52cd85517bd9ad44530c2825afb19

SHA1
b73837f8deba1d1ba91f76395ab44e4a9d335dfa

SHA256
4501f82d6ed8231b389d3ed6229157d5bd973203e96b89c80d425be7adb38a44

SHA512
c1a8eeb99736ca1f4d0a80ffe8f1904b06e56ea4ddf1af70bd381ab0cb308dc4ffaf0467bf76aaac3590144be7d558cd4595f48d699ffe47da3fb1dfd02f8faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5d2add42f2b89f9609328306f9425f4

SHA1
ab63de0f66ab656828e8ac04e1d1adf559c63f6a

SHA256
50c8c78c57e40756927b071c7a2021afde3bef27b43ba73ca895199135cd48ff

SHA512
40fdf101c4fe998754ce8fbc6d80135a57bf326e612df396c6f81ff2b5d3d25a62c24511900e9fb44f1cddff87f192bc8ff50c6ecedb20fe342f2153b7e4877d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a945d573a1daff8288f6ef16d38e26cd

SHA1
a438958158a201ec30aab66c712840b086bf004b

SHA256
4241b6755681293f3bd2511e1b56006473e2b045f33380b16a8721c8f700914b

SHA512
f8756edf4b7cd464c4e043ddc4ea0c1e1eb5db6d9ded6e1cef81e925dcc031fbd2966fd83b6aa2a7c747ee35b01d4a2f556ca1f5e025489a0e6488774d515656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f646c8aaea9f3e59fd1594f59e72afa

SHA1
3447df8326ca12ae571019b9e0ab953d70b5a468

SHA256
2ef3f53238d045a8f95e2c413dd0a903a8a558f9fe3eb02d3da469995e6dc510

SHA512
356e3f592252bdeb21a4f13f1201dd243b7dd774e131285590e9ef543a265e3ce64384286a9ed8a4d91374821dcc7c3fe71c4bcb65e6f35af2e03cc083c529c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae00948fe6941597ae3e01244a27c5f6

SHA1
be30afd1a9ea5cd77fc721f17fffe5e7bce9e55d

SHA256
24029b8b66782f2dcfe76bdce3301607e582978d4a8294912a6d8db1c3a0ef59

SHA512
4c2f55be259a4fd87c5e8814ad25d179f70b6fc3e64e242baa086a0bf790be77b4cc363ddcfeab96c4a47ee07d9431ebe194dff4330176544aa678ea9ed090d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5887d8.TMP

Filesize
1KB

MD5
ed8f7d99ca88498351f97c9168a842ae

SHA1
1f83d77ed4dfc45dc16303191d237a6f9cfa3303

SHA256
0a18beeba5b4290887c1086de2fc08e6fafb5cbb4a08f974a16b92e00a44e2fd

SHA512
af1826d5f26214f9370f3d2193e6ac9c809627483522ddaea96edf932ae85891cdaeb95eaa179f20af12ca2c0c2668d4f5a2011403acec13afce13743b21c900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\c88f9b1e-6395-489e-9aa0-d9d2b2b634ef\0

Filesize
16.5MB

MD5
a725357eb37e4b43a65b9dfb50202c1d

SHA1
3308690577f8186444eeb242bb4e75cf45a6a4e8

SHA256
c760b5f8e5dc948db88e266ad5b44322d210d2d5f54a0300d17e19c3f5d3906c

SHA512
e1e8ea6e907c5afb29e392e02d93b2596839583aff3cecd7097611705496c7509b268d0c3340e819985715ce7b3cedb32972367f431ab9d21d7dfcf83e9766d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a241d3760d29402368c9cdb602cb071

SHA1
fe34518b76ab00967f5ab432114d9fecfe252680

SHA256
92d9a6474ddfed58465793644ae5a9f336e01fbb8f8f36ae1e81f9d6da6e6d87

SHA512
fe905a50cd492cace837ab5c83cf39a85f12098e51156588a666a807049c13211d2b6a185f3deeb52cef869e0567feafae20354b4b010fbf64099d321797d5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
35cb9399b6188ca8dad6f42cd65d0908

SHA1
5766c4b0c66b9b84191b32dae594a921b430aba6

SHA256
da6c938a030c63a85ffa2ae068da5ed27fda71a9e2fc1ce0e506323466355c6a

SHA512
57d87c1499d2d206a2688e7a029fbc75b4547e8cc6309e4009d6b8e1864f8abd95e2c9f716d4ecb80617137aedb6206c25219b6494ef5ed0b9df5a8b0b1715f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d63060cbd25105aab555bed823e023ba

SHA1
e1beb3d10689cf4d720614960851e7b7f7ef4475

SHA256
a953b02563afc6e8ec0bac1dcaf1f6e8ae4db8f9034922cbbf72f72394f9e960

SHA512
4e20ba14cc7f58296018a5ecc0bb9f34980bd3d536f47638767f94e038ed4c4310217c17e117aaa509cfadae459e2f8bb7d5b1f9d542549e317d5be8e83294bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\16D0.tmp\CreepScreen.exe

Filesize
128KB

MD5
4ab112b494b6c6762afb1be97cdc19f5

SHA1
eed9d960f86fb10da90d0bbca801aea021658f02

SHA256
ec778e79c7a3c88eed2a6931a9f188d209791f363fbe7eadf0842efdbfafee3e

SHA512
4f7a92834c576fdb55c3a5dc4990c4aa719083ce64ebbb70139d03ba485e7ae0d249afdc6c9810ddae3d106a0bdfc35b8fddb4fb40ad692f21c5c8ce3bbb1b49

Download Submit
C:\Users\Admin\AppData\Local\Temp\16D0.tmp\bg.bmp

Filesize
5.9MB

MD5
463e7914d89b7dd1bfbba5b89c57eace

SHA1
7f697f8880bcf0beed430d80487dd58b975073fa

SHA256
fd62ecf096773673d834f1ec598e0a3898a69c14bf159ba4e23b1caf5666923d

SHA512
a112d4b0fafaa273fcfa012cecb1aca93f6a352241064137ef8bfb0437f88683cec37f97cedce9cfc944228399e9e481e7be6a6f65b50d523014200974c87562

Download Submit
C:\Users\Admin\AppData\Local\Temp\16D0.tmp\creep.cmd

Filesize
1KB

MD5
e77d2ff29ca99c3902d43b447c4039e2

SHA1
2805268a8db128a7278239d82402c9db0a06e481

SHA256
1afa31c6764bdb1d9d7e6c61bf7a6f2607fbc5061e7a0e5a56004694a2fd6f4c

SHA512
580e3550c6751c58db5874eacde15aa80743625bf920d1191589c2aa7211896b378956dbe7070dcfe2f78a8028d92a8e6dceda8a8d2415b2600fc69f52833f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\16D0.tmp\melter.exe

Filesize
2KB

MD5
33b75bd8dbb430e95c70d0265eeb911f

SHA1
5e92b23a16bef33a1a0bf6c1a7ee332d04ceab83

SHA256
2f69f7eeab4c8c2574ef38ed1bdea531b6c549ef702f8de0d25c42dcc4a2ca12

SHA512
943d389bea8262c5c96f4ee6f228794333220ea8970bcc68ab99795d4efd24ebf24b2b9715557dfa2e46cfc3e7ab5adff51db8d41ef9eb10d04370ce428eb936

Download Submit
C:\Users\Admin\AppData\Local\Temp\16D0.tmp\mover.exe

Filesize
548KB

MD5
c1978e4080d1ec7e2edf49d6c9710045

SHA1
b6a87a32d80f6edf889e99fb47518e69435321ed

SHA256
c9e2a7905501745c304ffc5a70b290db40088d9dc10c47a98a953267468284a8

SHA512
2de11fdf749dc7f4073062cdd4881cf51b78e56cb27351f463a45c934388da2cda24bf6b71670b432c9fc039e24de9edd0e2d5382b67b2681e097636ba17626e

Download Submit
C:\Users\Admin\AppData\Local\Temp\16D0.tmp\scarr.mp4

Filesize
19.0MB

MD5
a504846de42aa7e7b75541fa38987229

SHA1
4c8ba5768db2412d57071071f8573b83ecab0e2d

SHA256
a20d339977ab7af573867a254ca2aaee4bcb296fa57cd1d3f1e7ed1c5855dc89

SHA512
28b9f6a0783b82c4a28c52bc849a3886df7dac95be488253fc1ca5839600ac7ce79ef97f7da0a18d7474fe02748e7078bf4b823ced10c4dc0f8352fc7b1d7dea

Download Submit
C:\Users\Admin\Downloads\ScaryInstaller.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 603955.crdownload

Filesize
21.5MB

MD5
ac9526ec75362b14410cf9a29806eff4

SHA1
ef7c1b7181a9dc4e0a1c6b3804923b58500c263d

SHA256
5ae89b053a9c8e4ad9664b6d893998f281f2864c0f625a536400624d4fbd0164

SHA512
29514a83a5bb78439ee8fb9d64b9e0885f4444fb7f02cefdee939984bb80f58493b406787c53f9a4bf521b2c03af4c3e3da4d5033eee8095b2ab0e753534e621

Download Submit
memory/968-1390-0x00007FF838190000-0x00007FF8381A8000-memory.dmp

Filesize
96KB

Download
memory/968-1434-0x00007FF81BDA0000-0x00007FF81CE50000-memory.dmp

Filesize
16.7MB

Download
memory/968-1401-0x00007FF82FCC0000-0x00007FF82FCD8000-memory.dmp

Filesize
96KB

Download
memory/968-1388-0x00007FF834F10000-0x00007FF834F44000-memory.dmp

Filesize
208KB

Download
memory/968-1387-0x00007FF7B0C80000-0x00007FF7B0D78000-memory.dmp

Filesize
992KB

Download
memory/968-1391-0x00007FF837930000-0x00007FF837947000-memory.dmp

Filesize
92KB

Download
memory/968-1396-0x00007FF82FD60000-0x00007FF82FD71000-memory.dmp

Filesize
68KB

Download
memory/968-1395-0x00007FF82FD80000-0x00007FF82FD9D000-memory.dmp

Filesize
116KB

Download
memory/968-1397-0x00007FF825C20000-0x00007FF825E2B000-memory.dmp

Filesize
2.0MB

Download
memory/968-1394-0x00007FF832980000-0x00007FF832991000-memory.dmp

Filesize
68KB

Download
memory/968-1393-0x00007FF8329A0000-0x00007FF8329B7000-memory.dmp

Filesize
92KB

Download
memory/968-1392-0x00007FF834EB0000-0x00007FF834EC1000-memory.dmp

Filesize
68KB

Download
memory/968-1389-0x00007FF8270D0000-0x00007FF827386000-memory.dmp

Filesize
2.7MB

Download
memory/968-1411-0x00007FF82C520000-0x00007FF82C531000-memory.dmp

Filesize
68KB

Download
memory/968-1413-0x00000227BF970000-0x00000227C11DF000-memory.dmp

Filesize
24.4MB

Download
memory/968-1410-0x00007FF827740000-0x00007FF8277BC000-memory.dmp

Filesize
496KB

Download
memory/968-1399-0x00007FF82FD10000-0x00007FF82FD51000-memory.dmp

Filesize
260KB

Download
memory/968-1404-0x00007FF82EC00000-0x00007FF82EC11000-memory.dmp

Filesize
68KB

Download
memory/968-1409-0x00007FF82C540000-0x00007FF82C5A7000-memory.dmp

Filesize
412KB

Download
memory/968-1408-0x00007FF82C5B0000-0x00007FF82C5E0000-memory.dmp

Filesize
192KB

Download
memory/968-1407-0x00007FF82EA00000-0x00007FF82EA18000-memory.dmp

Filesize
96KB

Download
memory/968-1412-0x00007FF82C410000-0x00007FF82C467000-memory.dmp

Filesize
348KB

Download
memory/968-1398-0x00007FF81BDA0000-0x00007FF81CE50000-memory.dmp

Filesize
16.7MB

Download
memory/968-1400-0x00007FF82FCE0000-0x00007FF82FD01000-memory.dmp

Filesize
132KB

Download
memory/968-1406-0x00007FF82EBC0000-0x00007FF82EBD1000-memory.dmp

Filesize
68KB

Download
memory/968-1405-0x00007FF82EBE0000-0x00007FF82EBFB000-memory.dmp

Filesize
108KB

Download
memory/968-1403-0x00007FF82EC20000-0x00007FF82EC31000-memory.dmp

Filesize
68KB

Download
memory/968-1402-0x00007FF82EC70000-0x00007FF82EC81000-memory.dmp

Filesize
68KB

Download
memory/1996-1367-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/1996-1384-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/1996-1326-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads