Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://tria.ge/dash...

windows10-2004-x64

Resubmissions

10-01-2025 17:24

250110-vynssssrdq 3

08-01-2025 12:21

250108-pjezfszjfy 10

08-01-2025 12:17

250108-pf8glazjaw 10

08-01-2025 12:14

250108-ped7csyret 8

08-01-2025 12:11

250108-pc5ars1qbq 8

08-01-2025 12:10

250108-pb6r7s1phk 8

Analysis

  • max time kernel
    48s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2025 12:10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://tria.ge/dashboard

Score
8/10
discoveryevasionransomware

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tria.ge/dashboard
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff998d246f8,0x7ff998d24708,0x7ff998d24718
      2⤵
        PID:4928
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:2088
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3508
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
          2⤵
            PID:4580
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:5012
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
              2⤵
                PID:5024
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                2⤵
                  PID:3920
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
                  2⤵
                    PID:4160
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
                    2⤵
                      PID:3360
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
                      2⤵
                        PID:3260
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                        2⤵
                          PID:3384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
                          2⤵
                            PID:4240
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2020
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
                            2⤵
                              PID:1556
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                              2⤵
                                PID:1400
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                                2⤵
                                  PID:1600
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                                  2⤵
                                    PID:1992
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                                    2⤵
                                      PID:5020
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
                                      2⤵
                                        PID:1988
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
                                        2⤵
                                          PID:4536
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
                                          2⤵
                                            PID:4176
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                            2⤵
                                              PID:4012
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5696 /prefetch:8
                                              2⤵
                                                PID:4700
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
                                                2⤵
                                                  PID:1988
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,1781167649293895252,9658100215053870281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:532
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:2020
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:1308
                                                  • C:\Windows\System32\rundll32.exe
                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                    1⤵
                                                      PID:2564
                                                    • C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\000.exe
                                                      "C:\Users\Admin\AppData\Local\Temp\Temp1_000.zip\000.exe"
                                                      1⤵
                                                      • Enumerates connected drives
                                                      • Sets desktop wallpaper using registry
                                                      • System Location Discovery: System Language Discovery
                                                      • Modifies registry class
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:2948
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
                                                        2⤵
                                                        • System Location Discovery: System Language Discovery
                                                        PID:1652
                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                          taskkill /f /im explorer.exe
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Kills process with taskkill
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:5132
                                                        • C:\Windows\SysWOW64\taskkill.exe
                                                          taskkill /f /im taskmgr.exe
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Kills process with taskkill
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:5200
                                                        • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                          wmic useraccount where name='Admin' set FullName='UR NEXT'
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:5268
                                                        • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                          wmic useraccount where name='Admin' rename 'UR NEXT'
                                                          3⤵
                                                          • System Location Discovery: System Language Discovery
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:5520
                                                        • C:\Windows\SysWOW64\shutdown.exe
                                                          shutdown /f /r /t 0
                                                          3⤵
                                                            PID:5628
                                                      • C:\Windows\system32\LogonUI.exe
                                                        "LogonUI.exe" /flags:0x4 /state0:0xa3953855 /state1:0x41c64e6d
                                                        1⤵
                                                          PID:5736

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          fab8d8d865e33fe195732aa7dcb91c30

                                                          SHA1

                                                          2637e832f38acc70af3e511f5eba80fbd7461f2c

                                                          SHA256

                                                          1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                                          SHA512

                                                          39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          36988ca14952e1848e81a959880ea217

                                                          SHA1

                                                          a0482ef725657760502c2d1a5abe0bb37aebaadb

                                                          SHA256

                                                          d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                                          SHA512

                                                          d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                          Filesize

                                                          215KB

                                                          MD5

                                                          d79b35ccf8e6af6714eb612714349097

                                                          SHA1

                                                          eb3ccc9ed29830df42f3fd129951cb8b791aaf98

                                                          SHA256

                                                          c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

                                                          SHA512

                                                          f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
                                                          Filesize

                                                          3KB

                                                          MD5

                                                          19dc3fe8478a9e2b2e085e5153acc4b4

                                                          SHA1

                                                          e2486b881fba8d8fbba97eb8be319af5efbae37b

                                                          SHA256

                                                          ba855402d33d68119601db5bbe9028cc953c1db2a4c2cd30993f18d5725756e7

                                                          SHA512

                                                          3a0ff41b3461c0f775f9e02a37fd0f025b28b19ec5ed130f23efa033a54f8f5edc3c80c584ead79c027f015f3258cc41e0594d424194370547080c85cdff4ba3

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          8318101f7af9658b10b047f4fc816754

                                                          SHA1

                                                          2a7ca9b014c5b1bcd26674bd339bb6e904c556c6

                                                          SHA256

                                                          a0cdc078878e14f0eb393ec6fb59c131dc89caee0ae338fe19d997d79ef28283

                                                          SHA512

                                                          e5c758c65b0ead60f1c64495337a7287ede48c54f36045e57995a7d0ac73675de2daf55eb0702d8442ab881af538fdf3cded6a80c994988d9fce828ed4949c6e

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          07a06c9c9e1bec3d40167cb8891ca18d

                                                          SHA1

                                                          c5e8d2c02f6110a80e5c196469266aa8e5cc5867

                                                          SHA256

                                                          4fda5abeeff1eb892202d9004f051ce2966b2c6d3a01c86befaeac84398e6b67

                                                          SHA512

                                                          731480b66af3adb3bdd1188bb1c00f568a68a93a7bfb33a189d8123fb4b9d864faf4b90cf2765e2a14d99f1e0649f994e6e38cc1fd69b1901acfecdec2f22e20

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          60a859721f5571ff0c939aee1d6c54e6

                                                          SHA1

                                                          cb087ecc1af477e13c8da4775a4e8f091c6a6740

                                                          SHA256

                                                          27144c4493d39e5805bb5b36823621d8d6f028d176aeb35c8127c35123283086

                                                          SHA512

                                                          2d90f0128436d5ae4fe7014b1a13be1489ab48b716676db3ad71f16414c13a9a35c3b69fefa6e31ead67f4b360361d18cfac65afef6b8ba95f64ea1b69643b65

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          5500b328da9552cd747f99e6ca58a0f5

                                                          SHA1

                                                          095777e7d8eeafb179c32ce917026bd16513dc2f

                                                          SHA256

                                                          7d25fba9f08690053784c187712e166224fd84f3783704bc9b31ca1d4ffd3f38

                                                          SHA512

                                                          bed50397610f289a0d4c248c1fbb5616d9f7487b5d14450a20db4b6eb88ebdf9824eb466653ceca1d02b7f65dc48fe5c7c0c32534ab60903c026a5687917f7d7

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          78bd234c82dab9418d4dbb8a4bf702b2

                                                          SHA1

                                                          75558fda27a0930c51ccc4a07250adaab28bc525

                                                          SHA256

                                                          f3e064e7c4054536fe94896ef2efada5dce6bf1321427794cca734538c717037

                                                          SHA512

                                                          094ac55cedacee0dc3e24729ca6ea3e0350c7ba546213ed4ec10c17f25fc4afd104cbe446ccba07cc3605dba7b0af911efba4bed04ed338cbad1723f8ecd923a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          706B

                                                          MD5

                                                          9523f3c701f5936db07dd6339f4ddcc0

                                                          SHA1

                                                          ab40182bffdfb255ec1edd8e24728aa4c4d226f9

                                                          SHA256

                                                          d0036e7c70a2700583636352e5474d1da441cf39a4244f01a327d9e01da620c5

                                                          SHA512

                                                          5e230667ec2bbfd2685891c5287859db16ddbe04ed8be9b1b3860a3e8ce07bb70dba99a45310a39659ae803c4888c9f7679955ff297a6f37bbcdf308fdd26f8a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          5528d9b4dbc56280d2922ea26a04fcc7

                                                          SHA1

                                                          4c9bd9d07217984a75f4bc5501d741a8884ebd12

                                                          SHA256

                                                          45739ed4e667a43feeb85bb56aba02f706120dce97e1d131718d898c409c295e

                                                          SHA512

                                                          411e5272fa7dd1bd499458b89f5c5eb76b2cb99d4fb0544ecfbcf3d1b9fc1332d76b2a2f4188f631205d1197f840c7f5355afe9b8a2d65f1e4a084f92047d539

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6b4.TMP
                                                          Filesize

                                                          371B

                                                          MD5

                                                          a684997003e1156ec178c16bd3b2cbaf

                                                          SHA1

                                                          7f9d7808ba14b5bc3249a3c29f4cadf907894bae

                                                          SHA256

                                                          f9e7876bedd378a692fb17f653f74d116adc8b549a7a3f2a90e7fabe6057a08a

                                                          SHA512

                                                          488f26c3e64ff837cb9b828bb31c6b65a26380cbccc15a97d3e998394a0e04f0affdb5b33529a442a81ef42f2dbf6afe541481e54e308805cb9f86b1ad636f39

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          e72d0336e038b980a77cc4f2cac9cc31

                                                          SHA1

                                                          21d42bcdf359bb4551602d455818defa8a8a171d

                                                          SHA256

                                                          db3e965986898a6540417b696fc13549f9d00b55cf6d8a40b2c89b57121a8f57

                                                          SHA512

                                                          e4a20a525be0d61a9d9f3195d1d761c48133766b5e00a0a579152b173c588a87d0609c73ce523d8d0853b31702f8a569e4bdf0cc46a0a6da7d42c73340a71973

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          0b31e78b776f81dc9cc16569f98ae356

                                                          SHA1

                                                          38f0fc4f688e08d0dbde1c3335673522aac9e85b

                                                          SHA256

                                                          cc05db5b8669e44fd5c628f84f432455da1f234645b30a0ce9fe601591c218bc

                                                          SHA512

                                                          7f8449ed6e2f9434708e350bdd3c74adfff2c1e007bcfb4004aa4bffb107467bf8d2f4d71252b7795bcd8accab924fa50b26f0928f33808c35ecab9f8b9ca430

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                          Filesize

                                                          896KB

                                                          MD5

                                                          51b943af7e5acf89cbf421d1790a7c3f

                                                          SHA1

                                                          1dc3ecb405e479c1e1e29b45fa2d714643d1da18

                                                          SHA256

                                                          4e2f9c324d62d9b85b5f7f19ac61656b24d2e75a105d120121c3f1479e96a98e

                                                          SHA512

                                                          621458aa5c1ad23b646d5a727e0116093ab90f8f939665980315431d649c212856caad4fd1919dd8cd07574ca1db38bda2ba2c532978e478b0ece364a74482bb

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML
                                                          Filesize

                                                          9KB

                                                          MD5

                                                          7050d5ae8acfbe560fa11073fef8185d

                                                          SHA1

                                                          5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                          SHA256

                                                          cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                          SHA512

                                                          a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\one.rtf
                                                          Filesize

                                                          403B

                                                          MD5

                                                          6fbd6ce25307749d6e0a66ebbc0264e7

                                                          SHA1

                                                          faee71e2eac4c03b96aabecde91336a6510fff60

                                                          SHA256

                                                          e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

                                                          SHA512

                                                          35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\rniw.exe
                                                          Filesize

                                                          76KB

                                                          MD5

                                                          9232120b6ff11d48a90069b25aa30abc

                                                          SHA1

                                                          97bb45f4076083fca037eee15d001fd284e53e47

                                                          SHA256

                                                          70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

                                                          SHA512

                                                          b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Temp\windl.bat
                                                          Filesize

                                                          771B

                                                          MD5

                                                          a9401e260d9856d1134692759d636e92

                                                          SHA1

                                                          4141d3c60173741e14f36dfe41588bb2716d2867

                                                          SHA256

                                                          b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

                                                          SHA512

                                                          5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

                                                          Download Submit

                                                        • C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
                                                          Filesize

                                                          396B

                                                          MD5

                                                          9037ebf0a18a1c17537832bc73739109

                                                          SHA1

                                                          1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

                                                          SHA256

                                                          38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

                                                          SHA512

                                                          4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\000.zip
                                                          Filesize

                                                          119KB

                                                          MD5

                                                          f5d73448dbe1ec4f9a8ec187f216d9e5

                                                          SHA1

                                                          6f76561bd09833c75ae8f0035dcb2bc87709e2e5

                                                          SHA256

                                                          d66c4c08833f9e8af486af44f879a0a5fb3113110874cc04bd53ee6351c92064

                                                          SHA512

                                                          edbdc1d3df9094c4e7c962f479bb06cdc23555641eeb816b17a8a5d3f4d98f4d1d10299fd2f9152d30e3fa9e5b12c881fd524e75612e934b287109492ee1520b

                                                          Download Submit

                                                        • memory/2948-386-0x000000000C820000-0x000000000C830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-387-0x000000000C820000-0x000000000C830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-388-0x000000000C820000-0x000000000C830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-390-0x000000000C7F0000-0x000000000C800000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-391-0x000000000C7F0000-0x000000000C800000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-392-0x000000000C820000-0x000000000C830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-393-0x000000000C820000-0x000000000C830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-394-0x000000000C7F0000-0x000000000C800000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-351-0x0000000000CD0000-0x000000000137E000-memory.dmp

                                                          Filesize

                                                          6.7MB

                                                          Download

                                                        • memory/2948-389-0x000000000C820000-0x000000000C830000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/2948-352-0x00000000064A0000-0x0000000006A44000-memory.dmp

                                                          Filesize

                                                          5.6MB

                                                          Download

                                                        • memory/2948-373-0x000000000C6E0000-0x000000000C718000-memory.dmp

                                                          Filesize

                                                          224KB

                                                          Download

                                                        • memory/2948-374-0x000000000BD50000-0x000000000BD5E000-memory.dmp

                                                          Filesize

                                                          56KB

                                                          Download