6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
513s
max time network
525s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
13-01-2025 20:00

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

7^/10

defense_evasion discovery evasion trojan upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DB.EXE

Executes dropped EXE 4 IoCs

pid	Process
3456	AV.EXE
4404	AV2.EXE
3148	DB.EXE
4172	EN.EXE

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DB.EXE

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\P:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1664-1608-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/1664-1610-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/files/0x00260000000464fe-1655.dat	upx
behavioral1/memory/3148-1656-0x0000000000400000-0x0000000000445000-memory.dmp	upx
behavioral1/files/0x00260000000464ff-1652.dat	upx
behavioral1/memory/4172-1667-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/3148-1665-0x00000000006D0000-0x0000000000763000-memory.dmp	upx
behavioral1/memory/3148-1664-0x00000000006D0000-0x0000000000763000-memory.dmp	upx
behavioral1/memory/3148-1661-0x00000000006D0000-0x0000000000763000-memory.dmp	upx
behavioral1/memory/4172-1704-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e00c7f2d-7c36-42e8-8ba8-f068420fe1f8.tmp	setup.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll	AgentTesla.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250113200132.pma	setup.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config	AgentTesla.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AgentTesla.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Nople.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Alerta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArcticBomb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ana.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AV.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AV2.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DB.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EN.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3463531801-1484541064-3495084620-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3463531801-1484541064-3495084620-1000\{6C02BBD3-4E7C-4D42-AB3A-D0047839E581}	ChilledWindows.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2780	msedge.exe
2780	msedge.exe
3840	msedge.exe
3840	msedge.exe
3472	identity_helper.exe
3472	identity_helper.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
228	msedge.exe
228	msedge.exe
3148	DB.EXE
3148	DB.EXE
3148	DB.EXE
3148	DB.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2312	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	2312	ChilledWindows.exe
Token: 33	3536	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3536	AUDIODG.EXE
Token: SeShutdownPrivilege	2312	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	2312	ChilledWindows.exe
Token: SeShutdownPrivilege	2312	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	2312	ChilledWindows.exe
Token: SeDebugPrivilege	3148	DB.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1884	AgentTesla.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 908	3840	msedge.exe	78
PID 3840 wrote to memory of 908	3840	msedge.exe	78
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 236	3840	msedge.exe	80
PID 3840 wrote to memory of 2780	3840	msedge.exe	81
PID 3840 wrote to memory of 2780	3840	msedge.exe	81
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82
PID 3840 wrote to memory of 4000	3840	msedge.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x104,0x130,0x7ff8547a46f8,0x7ff8547a4708,0x7ff8547a4718
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff754c85460,0x7ff754c85470,0x7ff754c85480
    3⤵
    PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1200 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16837475917012221358,1189052087619480947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1080

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2680

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\ChilledWindows.exe"
1⤵
- Enumerates connected drives
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2312

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x4d8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3536

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\AgentTesla.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Nople.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Worm\Nople.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1716

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Alerta.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4828

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1664

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Ana.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\Ana.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:272
- C:\Users\Admin\AppData\Local\Temp\AV.EXE
  "C:\Users\Admin\AppData\Local\Temp\AV.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3456
- C:\Users\Admin\AppData\Local\Temp\AV2.EXE
  "C:\Users\Admin\AppData\Local\Temp\AV2.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4404
- C:\Users\Admin\AppData\Local\Temp\DB.EXE
  "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3148
- - C:\Windows\SysWOW64\dllhost0.exe
    C:\Windows\SysWOW64\dllhost0.exe
    3⤵
    PID:3824
- - C:\Windows\SysWOW64\cmd.exe
    /c C:\Users\Admin\AppData\Local\Temp\~unins2046.bat "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
    3⤵
    PID:560
- C:\Users\Admin\AppData\Local\Temp\EN.EXE
  "C:\Users\Admin\AppData\Local\Temp\EN.EXE"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4172
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EN.EXE > nul
    3⤵
    PID:2528
- C:\Users\Admin\AppData\Local\Temp\SB.EXE
  "C:\Users\Admin\AppData\Local\Temp\SB.EXE"
  2⤵
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c2eb126a03012e4645cbf12fa576adb

SHA1
f4fc0dbbe2fca0aab23014eeee6d533aad91b5fb

SHA256
ce9774b847a66f7dce4153518d56469986dedfe78acbcca8e97a64d21df5a1ec

SHA512
40008285483a37d186c6feaaea96e92f8d665193eb2cd4af0ccd2e77544fa2afedd8aa89b8f09e49e1d6960cbe8543389151d2413c8be408794b70da0eb122e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
501a25f290332c25255eaaf70ee6f240

SHA1
23cba10495d7098ad6de6936cf31c1b0eefd1246

SHA256
420c031363bcb69b4cc540b0afad7180d21b4957a2d6eabe23a40e669aeeebcc

SHA512
84ba813e4036be7d9fa08d5fab885421017d008f8fe8d99f56313b54f490c9151a27a67734bb17101691df563efef7e5379250f476e869a848f225786a913081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
48KB

MD5
dd0fa63d7a6164ee38a2d8c56734dae5

SHA1
e64d22f6fd29c7a77466659eae1478e0fa65ce91

SHA256
10ae3cbea6525955edc9ac5d8b90ec4f50990edc15cf52d132b67a23fe0eb8a6

SHA512
262d6846bbdb5286cb80a78b2dbac31bc10bff30fdc5ff7c2bd2bcc7748a4fca98b20dc30ba5960f31307163b82857544021ccb9233257885289d17707f8b9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
09b4a8101cdc44df8d6397f734cb56f0

SHA1
3bdc1b556fa3a8cb1b6e792c5caa146bd806bf8f

SHA256
297573c6072a6bf6c9e0965fe9fc810d239437a9152b582c98b502520d97bd5a

SHA512
bcce80b0cd49d720b9f7c8bef374cf66b872fae06907550300c7afd02a603755da51f93b273b2b2bc77b7a60a913652fcb972887c87760e7daa71d5075cecfd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a914eb5fc51fb84_0

Filesize
5KB

MD5
28b00f8657d9e046dc6641292100af7a

SHA1
832184abc2edfe5332918d5d98fc06ea5d51df68

SHA256
47a8a0e9645616a290f1833a5767b3d3c7d586a7e493db05389ef014bc54a18f

SHA512
e9d619d4ef68e9f618c02bf7bff3cad0dc49d0ecea4a54502b69a39b5ed5f3873e8b6b5406d7873d96a16c6b993fea7ef13750a6af0ef601b1692fc1967b9e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
f755625a99cb202c6fd22f5b8a3c0b3a

SHA1
69e0c4466e521c3bb8ccfbe9d66b6d00d38bd1b5

SHA256
9a01e0854e54707e0bdc227c2c97e87bd20507814a709e7d08d50a3dcfb25914

SHA512
9fde1e49348c1b6d2148271afa7a0debf49d9a97e092eed3df97524d1b6e3ea2c7850f4392b717340aee44bdd59513571aa4b4c9735ebaf38b2a22ac5ead1b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2692617678c042d9_0

Filesize
3KB

MD5
5ca9b99b3ff1b29cd83ed4ef3e90f459

SHA1
ef2ed6cf4f4d7b210418ce94ab7724b36f847b2b

SHA256
4d69bc5694bcb7c4babea4ddc4da4bac276f617c33ce8afae661bab72ae075e9

SHA512
e4a4b45631d66c260a427349bc47583f6d6362034980308c752ea1c5c989f2a362b42c08449997d0e17bf49e618f672b10932772b81024b8f15b8c03827ce727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\37afe38eb817b647_0

Filesize
27KB

MD5
d53ffd2b0e293e55d841fc508e26a52c

SHA1
30e876c9bb1975c1b5d442d07580f9a2135852ac

SHA256
56dce61dd90daac8dce43203f313c46858134aec7a9d97c894df5a8aace39cd3

SHA512
4590876d549dad8d5ea11286b9bb521ddc5bbcaea78ee30807226e3a16bcb33cb7b44eb6252eaad3aaf0e1118279f07b7d14dea95f192793e4ad83d3c5c88e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

Filesize
6KB

MD5
26175d05ebc4ebdaf5bf1738be8d86e9

SHA1
667decb50edbc1d1021c29dbc152c6a1314045b1

SHA256
4084b5ae62a039f522b45beeb377f18540d054e119055f64a430bb33c550a00a

SHA512
4685a62abb9ce243f8942b69bc7967770057804397ee0515c6e45601b4bc1b3832643592e521026952a13f11b622b788d1db92753b2b3cd575060e03dc524221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
779441d53575f849199c5e87ab433de8

SHA1
d59c6537e11910203a5f916ef0873c3ba50f0c3e

SHA256
7dccc049ef6c984fea8d98772f556c45ba6375a0c618c5673e09728969686596

SHA512
e8a8aa7427a9c954e644b2f22bf824616f63cd91c2b620532e6b4c9e8df382f3e03d067e0e7ba9873ecd14a8126d7e6704fe479e55804ab2cc46edf1e79dfddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
61b69c02035770f89ad0d78fc71bfcb6

SHA1
ac9cc99bcbefa74e7d31dd71d4b4f7e142af6826

SHA256
4b325055f171e7dd8b90c174ea86ea8140304b60c365999093f8dababfef1678

SHA512
72a4fa5d2077000cac03ff750e2d793580b85ce94259c2f38a4d54c04b1423799772191e9b5417d6110706547ac0450f4291b21d47305ccea6d03013d213d597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
7bd0edbf4a199f9877ef2398fb51d024

SHA1
c060d0a603a0a175a1c52164e848240cb6a1dac2

SHA256
c3e157db4e725ff6918d2863b94df14d2937a0d9c1461de41a3cc25026c2056c

SHA512
3804e507988700a9905012ec732af72aed9792262faae7e6bc6cfe8c4b96e59b2ec094355267fd31008f912625bd6b4c2c0097788746ac42e43ff600c365b212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
772ea03100b50a4bc0c5cf40827fe496

SHA1
f57a76b37d79c9aa72eadd8cc841ce1a7ae836b0

SHA256
67c27fa098e26d012eb4461433e19279e960cc41bd49d2883177cf3e71b1c579

SHA512
fe512750fc60c2fd358c3c04ad64fb2ffd926aaef5a4d78a3c71a3ce9b841d9f8c17f40be76fef099275ac14e7093b494cbbccbb9cc550e7d7a9c0f3ec9dd13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
38aeaeae3243c956d39597c221979286

SHA1
7046df5d677f03b816a9e0dcde4269039ad0b0f4

SHA256
878a4dbe397ef2ebbffe30f2ac2cd73e8f7b581d7e4eaf19bd8e2a7911eca343

SHA512
f522a88461fa0aae27b36ed84058bf6a53a7ef2e87f483b4d2870d3c169312e5794659ef49cedd23acf9dbb4db739de73bbba8095190758c1a530300aedfdad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

Filesize
262B

MD5
42da42c0cef4b3988fa4db44acec21d9

SHA1
236538608c8958d14f6d0f62648c7b5616cf794c

SHA256
32290c8da2e891787006267a396c41b6a8a8ca0d53d12af49b53ba7a22132135

SHA512
90604a3dc050f438f39aabbc2233cbdc20614e626bdd37c656f8ba0817827e5bb0206ab2752ecc232310be4e6aa1ecfe3edcfaf41bce9c1a0142aab41904a788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
e9c4038f2b4d8c2fd19d814274f540eb

SHA1
c6201f8ff166715f27fd5043080963659db090cc

SHA256
d77cf033af183023dbd11e3602089ec24c25e41efafbc7ce85f8f14a9e18bec6

SHA512
c1eb3bfba598435b56ac5f21cc6e459af8c761a0d52d489f48265ec4e0bc4dba54079d8569e03c428461adf3aeec993f5268d2a3ea24fa047066cb542861027f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
820d41d7917b1021d6feec9cb71b7602

SHA1
9dd47a746e51fae0de0fa41ff8e8c4c2259566dd

SHA256
64912f768583fb0e3537526f9d3800c99807e19f3ee528602002245936014816

SHA512
5d103235139a714f55b488f9cfae2da908099a2fd43ccaf588161b8a4a0eedd37829a097cab9040eaeeb273b199bbd3b30d6cf97ef8a5f509ee0b7c91301e1ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fbdfec926f64c0dc_0

Filesize
289KB

MD5
ebbfba6ef37ef94bd96044de0f7a75fe

SHA1
096b71a4c705ccc9bbe72c2077858977992d8fcf

SHA256
480bf80259a467d0bacaf835daddd6170484b3ec37c20c93c3fa86828de39ef0

SHA512
5e2f582123b86159afabaa88c2570628bbe458cbcb59f9e64035df8da8ef1d960f2592b99518a88abd8d02ab3dd9ae7411ebe622810269ee5ab42b8c8249bea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
21f05cca35532aaac338aaaf71600b6c

SHA1
d7d55affe0f83524971229584aa9498d2ce0a143

SHA256
5fb27ca7d794a1f396c315df78773b43e52576dc6fb079aadf95e9c7600d345e

SHA512
2209a71bf917bf8b3ab68760fde838a9461a4465bf4bb4dea74052762bee0a0927f9db765e2cadd5519138cfbeb869d2c4748969190f665ece1f270212ddaf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c10aeb25889fe5a456f333287d28e36a

SHA1
78d165dc895fe2b26fcf98c50de9d090054633fb

SHA256
6c084f524bd0f0776ac6139134274122dc35f6842e7d76f1cc4d6af080351cf2

SHA512
a9c297e365d503af48e8276a9e39b37e665c76e120c586e0838e65870409431a5c28bf0280261d9d3fa8befac02a21cc7abd126d5bac809c42bc85ccc0b58d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5221a2e20f704532467eb8006c3926a6

SHA1
b32016bbb536fc9ba56ebf5f98ae4ee706b5b42c

SHA256
98a3d5dd32390c6e3c5b6a9330ebad42967f552ae371d2ac35474dde397afea9

SHA512
bd90e1cfb5aab1da9fed110de079c62ebd723ff284bd17b0864ae917dfe998033367da9f3d1bc8c1ba60b5de0ed8c114b098f572edd614a7d2e65999984198a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0807021a22e07167e45e1b8b9040c701

SHA1
bf650a75a0fd46706b87fe74bd6c8fd694431fb8

SHA256
5af38d6cfb6dd6745722bba22c0222a73cebd05357d95da97c0491ef86e7175a

SHA512
5232e664d1d8ef1dc599ba986643c1c16dd7dcf4d2d607328a69a1cfeef0b6fd42a42f0b2d08c2145882aab3bce2498a5a4f60056a9302b35b0a017743f218b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ebd5dbfb61a8193fa88f9e74c2187370

SHA1
1d8676197c1ad89ecc5c8d23a6be7e4f536fd393

SHA256
2dd7737aa66a854c11ba445aa5ee5ed1f8c31ed2b8ed2588b7546359fea99375

SHA512
afe6bf120107300ae0509745363f368b12bedc85e53cfe246249427d7a20e568bd4b9feec37a2014428f9c3ae2fa23c85034d71a1a26c4ff8b52ad202dc5e72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
54c1d311012f48e50ac72e9b0d6b8e71

SHA1
2a7569f5395a1efd20d031ed5e65c424b2e89861

SHA256
a69b42b2df74adb169138aab69eca376a5148930e440e90d8a57404069b6f38a

SHA512
9d1fa30376fa78197ae987410687c80463b5dbf518b7b789de8ec6809f58d3800033cd5c55a9573fcd842d656e7ead6ffb0f63841374e058558ae3ddc7f762f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
1ee93f542a2c6c186a7a09172d25daf9

SHA1
73c66a05a57e3614ef56ba552bbeb7c024c2e177

SHA256
3f38bbc5535d380cc280dd2fd6dac617d73bcfcc77d9b4c725947bcbbef69d93

SHA512
3686a021d03e3bf6582c6e29c73ef2467a5ed10bd271e0e7481d512ddaa044f216f36d0313b958760e3b5c601ae11134c4aa1f4a548fd6f45e8b9099e8aae70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2cc3a1145df463e65cedbad915fe92cc

SHA1
21d92c01c37fa1e410d381f30fb58de9033bb5a3

SHA256
7d48bab81b9a06664da348beca923106df8f59b139c963bb5a251d9fb993c247

SHA512
d9a3531df8f5a32f2d904a45a44c1bfb78014f10fb6e35b661e97414ac15d588e8b65dfb421385b9076977fe21fb4e4f02b7de1681b3d6d2211366b93ca0557f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2efc3d663fb178eed09f1345e74c5509

SHA1
6c90bab3e9833d07b6a958af847fa996a15f19cf

SHA256
9cfe48d5cecac9c3835ab4ad8851eab28b0e119cf6e5f5df808aed5e39a35392

SHA512
39bc68457bd90229351a9c785771a52c271f0b8a335eb1e47a9e1b6d932a67313fe360fbd7e98656bc37ef5d010f139664187ef425602a217e5ee2c7e1bbe5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5946e3.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13910716549472b9a431a4030a55b422

SHA1
8a81a6359c68a99d529df6c869fb87387ee40c6d

SHA256
98fbeca1f546dc7e743e26c5543d9d2845fb99c39a48e7e2b8b9879cc461a6d7

SHA512
b107e528185362151b0d3813be2247011af5155d4a0ddf25d10f8da51d5163b88f59443131d6fa4db855390b3313d4bc6327ac27c3e72dde75d6118d8991cf63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
730384cc8f44c1e48be1d2a80f3fab9d

SHA1
fe1257370ac5c2acb6c8084569fd3b87658842d6

SHA256
f5ca2b32483ab504f874b63528987c97773b970eb0114832fa812066ea7caf96

SHA512
ccbeebec52ccff028a2e900ffbf0429bc77f1db18e8ca377f4f9d7441f96c7fa05e63d78f78c4017438907c8129d13604e2d02de2bac03f0dd96b2f6029c6617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78e90c6f090d363ee3a9c76766a8ed00

SHA1
ff1dac02bda1d654fcba34e1d2c93f0ab0644a00

SHA256
c0f641f35dd657a6d9a3807a7254fa1d2a5852cd36fc16ccea2a64dfde3c7fad

SHA512
e63ad45b3203b5c5b30107fcc2e9c4aee2e61e7d8c667d20563639ec306356f67c0717c15fa6efad67886c87721b23c811a50ca170cfa9c3471ece926e61c1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60d6916670832c0f82ccbeea3db9deb5

SHA1
99649fd4da40177727e11a83c639f2d7add2b687

SHA256
89d776c1e1f18af61da5dc4d0c94d8345bd459334626b1a150b457e80167a8a0

SHA512
990584e005be29a77a41f5c3e28c46a4d7f10dc55e1435a1909b7b66dc93a806cb8780fc71ff38453e819ef652c85ff14d28388eeb169567c929a352c5d7aeb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5f6bc037c178a5e933b925b8eb82f6fe

SHA1
0de26a18959a663f4c94332d0d0567d9cf4f5890

SHA256
7100a429816b575e115c0b7a58f3fd93bd9ba4610fe3d22e9522d3a6245ff8c4

SHA512
97788236eb90e5598cc3ec122ebbb0ef53c97996be42a784cda2d38ae8690334758d2a12541ae1182532f5fb871dfeaffc246a2aa7cbc2c07d2752ab452b0b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26d28f94a229b18a85f75a8eab739ae8

SHA1
bd97317207ef5f99fb8ff748dc66d96981756b31

SHA256
a639fb1cf426d50cc528572a16f2d73bbf2fad290e97284e41dff0dbe84a03bb

SHA512
828351402a8acafd21a3917994492c341a2ed52ec22492087e7924c3999ba39dadcef2d8d62dcdf7f0b8374e46bc7bb0cb7e425d246c97d0db82793c6afbf006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76267febc0bfcc46f4bcee0915aad84c

SHA1
4c21557c57563b602815a81d06a3c2a76c630e44

SHA256
558879ffd3c909da87a023439b59eef65401f3f9f0fe31d8d6a690515358c95d

SHA512
9f01e3f280d0a55802a1a8205f464a3bbc4fb234f5854c70a862b0a71dbc3e6fa8407d165dfb6b7bbd3ede4ea7e25be3239c16a7211932e569e8d33b1f092d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8aad1a98a8effee16d70eec2099faf5d

SHA1
c48d414af0381e99455ed29c2334c16d92d86fec

SHA256
8ebc291689d1ea007f7de004a1f8ed283c6fa7a9be723971fc4e76c7d27e9f0d

SHA512
a24ff52f2eb2fc2dd25f2782cce54d8a919be73c44a7280e609d883002ad0bf338a51c2de58b4747bcf634a2f719a98d44d8fa9ea006218b7555251d3ec23fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ba0eb284b42f65505b7e7318acecd12

SHA1
431ace7a9e6375041db1dd80c03d8c49b5cfc983

SHA256
a204d9fb9687530825fb1a6af45b93e234ea1ab166fddee1093904fc94a0f1ce

SHA512
7531ed5c13cc989a579ad10d4137b85f33896b4ac1935b015ac709d9a4ce925f74500d054a1437ef7d3d6081aefe6bd46f590aa0e809687912bb3f8ccb5b0473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de1a8bad2c1d157a21f58555a2adeca0

SHA1
54fbef4cc345e87cd0f2d49b8d0e75ed6d80eafd

SHA256
f784745d1c4eb413943f2eda7b8aa40a9276b16fbd8feb603e86ce15b02e03f6

SHA512
53b4d41d2677f71c1288caa54ffe67bd1a480ceaf90d3aa3b436a4bb8b0642202240c8d5d5c435feea3544417f26122eb02dd9c5800cadac7feed862e335b9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9226393d36ee9aeef5f7c0ba4d4638a3

SHA1
febacf73630f97249c5515f4e5dd3e3da680a59a

SHA256
77bb9090fec9d478bf4f2f7a68bf6bc187ee1a649ab6ace93ff262cecc341440

SHA512
1929260e60e91f52c81207cc1663403d2251affa07aa6211ba2b818f9db9a870a0c7283b31e97146a756e3a851ddf83113e46e269e370a58c548fa73935ef255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
94ce4b2ff0abce6d838ac24a1b0f4e73

SHA1
02f4a956ed4f2e2e0ca9c4b75bf8e7245a1cec88

SHA256
06180545891f02875414f56a2a8ca3f21c2f415e03644674cff1c9674cb9b222

SHA512
b3bf05777fa4abbd7c475657dea5ca9c00600ab6226843150eff563837c3232c3b513afc0ac5ff1976e35979a51f34710ab74582d1316282bdcb67cc17493c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ef30b5850d78b050b13ae82ee13c6b28

SHA1
25bcd922ab2c62d47c9bfac3fafcca08317ad8e5

SHA256
dfd732ede1af0d6dc560b9fbef26f92f9fdf83a72da3e6910cb39843be4fed30

SHA512
f9bdbddff6fe99cacf3a670ab5504849668c9049053eca2a4b51f74eb050ea4d60629ce29a571223b1cf293101d646067f9f00e4fb3039738921e1c042419f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26bb17962ffe36d06eb688cc9a79b6da

SHA1
16bb3072deb388d9ba24824994b92787aaee0d27

SHA256
ad25cb1b0a332978e51f4eff693e18c118d38154a69cfccc31045a905b09933b

SHA512
35cc66bc45d4612a9200da3e4e4f0517c71b9424b6eb3a11b1ebeb64464e25f9dc8c26566a2d724f7a6b05247d6c5b976d04f464640302f33658b86232597ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58ef331e77637fed3b5b0f64f6639772

SHA1
136052521eded687e6f86115183d02d79225333a

SHA256
50f44dadfec3a5967993a0dfbac4c239f52d7d1a7f3e749037e289a501301dc1

SHA512
ce11907654f0fe48c4af63bebd606afa24d51fc795454387b2dacdb2e6cd209d85f23b4b8f080a05147efb070857b1c7acf0f666e61b1dde0f017ad502f17f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dcef32fe9f9c408add0e79ab09769302

SHA1
1ceb12684b8537d593b7cb501ce8d169c4c5c392

SHA256
e1d8adcc58f16970bce141bd1f22e04a89123ab7b3baa00c3a70a9f2f751947b

SHA512
fb2a76b8ab174928595de99453f72306435c0a7170be201d982b2f4315c774577ca035b8dded19413e9acbf915b7e7a7f6b6a823b452724b0affeb2ca55f120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa86168cc1dee2cc6cdf195a4f3bcb01

SHA1
0a520fabaa71716fffacc876150e517aaef20c33

SHA256
aadb5413c77ddb934cefd312284a374939f078baa6dc6ac6272cf06d5ad7e8b5

SHA512
72c61ebb2a406e93769e563cf123ca51b230dd12469484263f4d7e72d7cc168b64f9227b702f8b55035bff588f68694111a5b0d1d6e1aa28071292c4809bd913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e6d7815bb7c3051e0bf267657033c517

SHA1
6eff6b42067570d85be9f3e7c32c551082e07cf1

SHA256
973a0aa1a12c091f74603e4c1985569a986c5689b2b3a55d7a2e3abc9d132fc0

SHA512
466fce9ebe70688deca927984101d4d1dc3bebab6daac000947f8edc8f8d1fc96b8059c7b7977acf545d2e6415b04a90e785d4f9d1a0b237bbd6bdce78d40e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d5c5d088c68467cf60887d3c596223d

SHA1
5df3d32ad52e1f6f3795c8d1e8132806a8fe5e41

SHA256
b0fbe8458576dd129a252e131297b9370ece50d96dea88e135ce46794e65494b

SHA512
48025510fa5068a3de084a65316457d9c9170c7e1219c98beb3232843391a0cb9bd31d29b46680faecb2bf546d679ce5c20a4b055bf044beff75f445e7df66ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e390.TMP

Filesize
538B

MD5
bf59701f5f6c949d077eb7d10fadb212

SHA1
584f405ed304bf8b6df7ef8fb6368de65646b426

SHA256
02972427d555183aa941161adea5646a8d2f4a987f971017664403c12487ad57

SHA512
7fe3262ef013eb5e9aacec46de8da8ebb871cc2aea349f696acdf22bc471aa802e08bbc9fb5036db3a9c43845202c0f3a708b1af92dec32be39ad77269e3fd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bbe9d738-ac37-4ca8-bdbe-8bd44604b14b.tmp

Filesize
6KB

MD5
3c0f224d1c8b500430454075ab3121a9

SHA1
3416cdfff782951a2b3c8c9b904ff14b87090b76

SHA256
ee9e22692f3f9502a01a249b1cfaed613eb349027a11b9d8cdde1f08b16833e8

SHA512
b23d5b331476577e89351abd8640047df52245779131b8341b01882c57d952899c7120839b83dc193272bf7f4bd80deeac56f26dc86f6a3ff02b2a08b529dcbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6d56781b3311db7d47a25b15895e615a

SHA1
3d7c3b10faf6a65aa1b4cb629061468902c027d4

SHA256
0b490103372d9d28b8f509c7fbdd356af5318de3840a934aa8ae6e5923c1ec4c

SHA512
4fee3593999252d742d991a3ef7f4b94ff7f7cf9e24b376dc1ef0f02ef37cf9b6559733c07fb84b838fa43fcd802a436d0e6344001fb5f538ecc16be58d254ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13d97dea30ef345f9686dd87898d3dca

SHA1
4fc985cdf8a4004dc411c39cbac63329ea0170d1

SHA256
ec7560125a85c7785f4d2584608054c8089815efeaff92ac92877a653cfedb08

SHA512
7a4601cfd099ab6d05962d95b928149af3d2afdcc94a7ba7397a5754f2101d328a9a8ed8e6c5ed8274c0b4688a9feece45bbc4ad10824e3862682e0ac8335013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
640KB

MD5
5640d1bf5fb12a5b61f833d9614c334f

SHA1
7fa496ceca454c207cb9040aa4259f43d1f64d59

SHA256
b4b5e8b66ec82a428069524ef3a87dd88b49604ec332ffadab1a350e5b89e097

SHA512
2ce958854e6d299a54939481cf01508b5c50957b0c56b893dcdeb754c26ccb28d169d434915bd887a51f85c48de1e491fea2de3028f3c9e3c95a190e79eb3766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE

Filesize
1.1MB

MD5
f284568010505119f479617a2e7dc189

SHA1
e23707625cce0035e3c1d2255af1ed326583a1ea

SHA256
26c8f13ea8dc17443a9fa005610537cb6700aebaf748e747e9278d504e416eb1

SHA512
ebe96e667dfde547c5a450b97cd7534b977f4073c7f4cbc123a0e00baaefeb3be725c1cafbfb5bb040b3359267954cd1b4e2094ef71fc273732016ee822064bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV2.EXE

Filesize
368KB

MD5
014578edb7da99e5ba8dd84f5d26dfd5

SHA1
df56d701165a480e925a153856cbc3ab799c5a04

SHA256
4ce5e8b510895abb204f97e883d8cbaacc29ccef0844d9ae81f8666f234b0529

SHA512
bd5159af96d83fc7528956c5b1bd6f93847db18faa0680c6041f87bbebef5e3ba2de1f185d77ff28b8d7d78ec4f7bd54f48b37a16da39f43314ef022b4a36068

Download Submit
C:\Users\Admin\AppData\Local\Temp\DB.EXE

Filesize
243KB

MD5
c6746a62feafcb4fca301f606f7101fa

SHA1
e09cd1382f9ceec027083b40e35f5f3d184e485f

SHA256
b5a255d0454853c8afc0b321e1d86dca22c3dbefb88e5d385d2d72f9bc0109e6

SHA512
ee5dfa08c86bf1524666f0851c729970dbf0b397db9595a2bae01516299344edb68123e976592a83e492f2982fafe8d350ba2d41368eb4ecf4e6fe12af8f5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\EN.EXE

Filesize
6KB

MD5
621f2279f69686e8547e476b642b6c46

SHA1
66f486cd566f86ab16015fe74f50d4515decce88

SHA256
c17a18cf2c243303b8a6688aad83b3e6e9b727fcd89f69065785ef7f1a2a3e38

SHA512
068402b02f1056b722f21b0a354b038f094d02e4a066b332553cd6b36e3640e8f35aa0499a2b057c566718c3593d3cea6bbabd961e04f0a001fd45d8be8e1c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GB.EXE

Filesize
149KB

MD5
fe731b4c6684d643eb5b55613ef9ed31

SHA1
cfafe2a14f5413278304920154eb467f7c103c80

SHA256
e7953daad7a68f8634ded31a21a31f0c2aa394ca9232e2f980321f7b69176496

SHA512
f7756d69138df6d3b0ffa47bdf274e5fd8aab4fff9d68abe403728c8497ac58e0f3d28d41710de715f57b7a2b5daa2dd7e04450f19c6d013a08f543bd6fc9c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SB.EXE

Filesize
224KB

MD5
9252e1be9776af202d6ad5c093637022

SHA1
6cc686d837cd633d9c2e8bc1eaba5fc364bf71d8

SHA256
ce822ff86e584f15b6abd14c61453bd3b481d4ec3fdeb961787fceb52acd8bd6

SHA512
98b1b3ce4d16d36f738478c6cf41e8f4a57d3a5ecfa8999d45592f79a469d8af8554bf4d5db34cb79cec71ce103f4fde1b41bd3cce30714f803e432e53da71ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
fc31418f9143ae9199b201467d9b9c53

SHA1
a00b82bc6933811b4496174668e4f864a32e97e3

SHA256
919fc5a706d1c8c61e1f3112d020815b5cc95da71bcd91b41e68c82415384318

SHA512
4d271be9a2a117a9add7a3ad355176c56b657274fea9d6ffc03030b15f0fd6b81b12d6f4fcc24a4ce0179c198b9934f1dd3e90041c33e109a63cda6b86277886

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
81cc145caba380d88173720d9e9d1a42

SHA1
d3eb0c7880ef43e298d062fdea0196b70b89c8e1

SHA256
fd70078d5a728255c9f32726b8918835deff4bbb8e06cfc40d81a1198e821a86

SHA512
6930a491651091e7dffcb5b18b260e06ffe42d2791bdc7df802e518a116aeca56fde50665ddda55b70251491229c8372856647bbfd063276c6764970ef8db837

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
6cf45cc46bf5e8c852fc2578aa059ca5

SHA1
78c7ef82d51a12b5efaa4d455f3e23de88f92606

SHA256
8941649030d5f4d3f92c33b2c2e8eb71d7402454de7933ef61b2863480cb6374

SHA512
66f4d3b570770da87eca5e10eba52f577b860301d4863d4146a18601ca565ef4edd049ff6de1728af00fb0081de60b4722312934986969d08afe514fadacb322

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\tsa.crt

Filesize
1010B

MD5
6e630504be525e953debd0ce831b9aa0

SHA1
edfa47b3edf98af94954b5b0850286a324608503

SHA256
2563fe2f793f119a1bae5cca6eab9d8c20409aa1f1e0db341c623e1251244ef5

SHA512
bbcf285309a4d5605e19513c77ef077a4c451cbef04e3cbdfec6d15cc157a9800a7ff6f70964b0452ddb939ff50766e887904eda06a9999fdedf5b2e8776ebd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 564738.crdownload

Filesize
25.6MB

MD5
6c2f694eac0716e86a4088b499b75547

SHA1
d004c0461658e9cbc5ec96bea320d5088ad58ff6

SHA256
b46c4763e9218c8f24872247819171d9b3c4616a35564f12070b915ab0142fa2

SHA512
efae1b06514e4e7b7aa63e3517a651d7f1bc482d61c4e3b9d7b635159979c6e3d0bbd31d6c0f6efe9ecc804d58b78c081d0f8ab6369e36ea34ecd2a3435912db

Download Submit
C:\Windows\SysWOW64\dllhost0.exe

Filesize
101KB

MD5
3aa014ea76588fa01334b9a649029f93

SHA1
bd10e3ea6b172e89afce62e73f365d179a0089ee

SHA256
dbb51420b3ce8d345a11dcb4cde898e801580803f7a45587a61642795a3b2fff

SHA512
6ed83f8335e7f93a2c338fa78fca2b26b492b47aad7b90c93e10a58260078e8039dd4323bf34774d03d7e54750dce1ac390a84864529b0c328a02a3e6f96c33e

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
1KB

MD5
def6145b0bbbc4ac9defa1910312f7d2

SHA1
06b52011ec650d10389808395f9889581402a6cd

SHA256
a0189643725002123bc648e1e9bf571b06577db9b8edea3cf54eab2d779df5f3

SHA512
3c39d1bfec076c6aa6d3a0787c78742a4c4259a018069f02a3842606fb85518b95067320310756881ab0d7f5b0305325402b10902497e01e5431384f0e6f0b75

Download Submit
memory/1664-1608-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1664-1610-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2312-1548-0x000000001CF80000-0x000000001CFB8000-memory.dmp

Filesize
224KB

Download
memory/2312-1547-0x000000001CEB0000-0x000000001CEB8000-memory.dmp

Filesize
32KB

Download
memory/2312-1537-0x0000000000C40000-0x00000000010A4000-memory.dmp

Filesize
4.4MB

Download
memory/2312-1549-0x000000001CEF0000-0x000000001CEFE000-memory.dmp

Filesize
56KB

Download
memory/3148-1665-0x00000000006D0000-0x0000000000763000-memory.dmp

Filesize
588KB

Download
memory/3148-1664-0x00000000006D0000-0x0000000000763000-memory.dmp

Filesize
588KB

Download
memory/3148-1661-0x00000000006D0000-0x0000000000763000-memory.dmp

Filesize
588KB

Download
memory/3148-1656-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4172-1667-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4172-1704-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads