Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

10

Analysis

  • max time kernel
    301s
  • max time network
    303s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-01-2025 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe

Score
10/10
lokibotagilenetcollectiondiscoveryevasionexecutionpersistencespywarestealertrojanupx

Malware Config

Extracted

Family

lokibot

C2

http://blesblochem.com/two/gates1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot
  • Lokibot family
    lokibot
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 23 IoCs
  • Obfuscated with Agile.Net obfuscator 6 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 51 IoCs
  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 64 IoCs
    evasion
  • Modifies registry class 14 IoCs
  • NTFS ADS 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Virus/WinNuke.98.exe
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4196
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a8146f8,0x7ffa1a814708,0x7ffa1a814718
      2⤵
        PID:3884
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
        2⤵
          PID:5016
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4792
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
          2⤵
            PID:3968
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
            2⤵
              PID:2788
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              2⤵
                PID:4672
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                2⤵
                  PID:4752
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3588
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                  2⤵
                    PID:1472
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                    2⤵
                      PID:1632
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                      2⤵
                        PID:4696
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                        2⤵
                          PID:2300
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5632 /prefetch:8
                          2⤵
                            PID:876
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                            2⤵
                              PID:1768
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6332 /prefetch:8
                              2⤵
                                PID:3648
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:380
                              • C:\Users\Admin\Downloads\WinNuke.98.exe
                                "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                2⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                PID:3504
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
                                2⤵
                                  PID:1152
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6456 /prefetch:8
                                  2⤵
                                    PID:636
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:824
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5024
                                    • C:\Users\Admin\Downloads\Lokibot.exe
                                      "C:\Users\Admin\Downloads\Lokibot.exe"
                                      3⤵
                                      • Executes dropped EXE
                                      • Accesses Microsoft Outlook profiles
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of AdjustPrivilegeToken
                                      • outlook_office_path
                                      • outlook_win_path
                                      PID:3472
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1992
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2744
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3000
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:700
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3036
                                  • C:\Users\Admin\Downloads\Lokibot.exe
                                    "C:\Users\Admin\Downloads\Lokibot.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:544
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
                                    2⤵
                                      PID:4252
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5644 /prefetch:8
                                      2⤵
                                        PID:1456
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:2020
                                      • C:\Users\Admin\Downloads\SpySheriff.exe
                                        "C:\Users\Admin\Downloads\SpySheriff.exe"
                                        2⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        • Suspicious use of FindShellTrayWindow
                                        PID:3824
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
                                        2⤵
                                          PID:4692
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4044 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3612
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:700
                                        • C:\Windows\System32\WScript.exe
                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\HeadTail.vbs"
                                          2⤵
                                          • Modifies visiblity of hidden/system files in Explorer
                                          • Drops autorun.inf file
                                          • Drops file in System32 directory
                                          • Drops file in Program Files directory
                                          • Drops file in Windows directory
                                          • Modifies registry class
                                          PID:5024
                                        • C:\Windows\System32\WScript.exe
                                          "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\HeadTail.vbs"
                                          2⤵
                                            PID:2248
                                          • C:\Windows\System32\WScript.exe
                                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\HeadTail.vbs"
                                            2⤵
                                              PID:4816
                                            • C:\Windows\System32\WScript.exe
                                              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\HeadTail.vbs"
                                              2⤵
                                                PID:3228
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
                                                2⤵
                                                  PID:3032
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2292 /prefetch:8
                                                  2⤵
                                                    PID:4492
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5700 /prefetch:8
                                                    2⤵
                                                      PID:860
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 /prefetch:8
                                                      2⤵
                                                        PID:3540
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2660 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5056
                                                      • C:\Users\Admin\Downloads\BlueScreen (1).exe
                                                        "C:\Users\Admin\Downloads\BlueScreen (1).exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:3480
                                                      • C:\Users\Admin\Downloads\BlueScreen (1).exe
                                                        "C:\Users\Admin\Downloads\BlueScreen (1).exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • System Location Discovery: System Language Discovery
                                                        PID:4800
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
                                                        2⤵
                                                          PID:2360
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
                                                          2⤵
                                                            PID:1812
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 /prefetch:8
                                                            2⤵
                                                              PID:2844
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                                              2⤵
                                                                PID:1988
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6636 /prefetch:8
                                                                2⤵
                                                                  PID:1372
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4184 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:3436
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Adds Run key to start application
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Modifies Control Panel
                                                                  PID:3736
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:4576
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:2228
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:4628
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:3660
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:1508
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:3480
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:3228
                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • Modifies Control Panel
                                                                  PID:4820
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6184 /prefetch:8
                                                                  2⤵
                                                                    PID:4036
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
                                                                    2⤵
                                                                      PID:4748
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:2404
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
                                                                      2⤵
                                                                        PID:4088
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                                                        2⤵
                                                                          PID:2172
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
                                                                          2⤵
                                                                            PID:2620
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
                                                                            2⤵
                                                                              PID:3856
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
                                                                              2⤵
                                                                                PID:3380
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
                                                                                2⤵
                                                                                  PID:5036
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,3032309997113373861,11466737081301964539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
                                                                                  2⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:2484
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Loveware.bat" "
                                                                                  2⤵
                                                                                  • Checks computer location settings
                                                                                  • Modifies registry class
                                                                                  PID:3016
                                                                                  • C:\Windows\system32\cmd.exe
                                                                                    C:\Windows\system32\cmd.exe /c PowerShell.exe -command " (gwmi Win32_BaseBoard).Manufacturer -eq 'Microsoft Corporation' "
                                                                                    3⤵
                                                                                      PID:3932
                                                                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                        PowerShell.exe -command " (gwmi Win32_BaseBoard).Manufacturer -eq 'Microsoft Corporation' "
                                                                                        4⤵
                                                                                        • Command and Scripting Interpreter: PowerShell
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:4916
                                                                                    • C:\Windows\System32\WScript.exe
                                                                                      "C:\Windows\System32\WScript.exe" "C:\Windows\ifvm.vbs"
                                                                                      3⤵
                                                                                        PID:4696
                                                                                    • C:\Windows\system32\cmd.exe
                                                                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Loveware.bat" "
                                                                                      2⤵
                                                                                      • Checks computer location settings
                                                                                      • Modifies registry class
                                                                                      PID:2364
                                                                                      • C:\Windows\system32\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c PowerShell.exe -command " (gwmi Win32_BaseBoard).Manufacturer -eq 'Microsoft Corporation' "
                                                                                        3⤵
                                                                                          PID:4556
                                                                                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                            PowerShell.exe -command " (gwmi Win32_BaseBoard).Manufacturer -eq 'Microsoft Corporation' "
                                                                                            4⤵
                                                                                            • Command and Scripting Interpreter: PowerShell
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:1592
                                                                                        • C:\Windows\System32\WScript.exe
                                                                                          "C:\Windows\System32\WScript.exe" "C:\Windows\ifvm.vbs"
                                                                                          3⤵
                                                                                            PID:2248
                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                        1⤵
                                                                                          PID:4332
                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                          1⤵
                                                                                            PID:1932
                                                                                          • C:\Windows\System32\rundll32.exe
                                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                            1⤵
                                                                                              PID:4296
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Loveware.bat" "
                                                                                              1⤵
                                                                                              • Checks computer location settings
                                                                                              • Modifies registry class
                                                                                              PID:2788
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                C:\Windows\system32\cmd.exe /c PowerShell.exe -command " (gwmi Win32_BaseBoard).Manufacturer -eq 'Microsoft Corporation' "
                                                                                                2⤵
                                                                                                  PID:1940
                                                                                                  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                    PowerShell.exe -command " (gwmi Win32_BaseBoard).Manufacturer -eq 'Microsoft Corporation' "
                                                                                                    3⤵
                                                                                                    • Command and Scripting Interpreter: PowerShell
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                    PID:3632
                                                                                                • C:\Windows\System32\WScript.exe
                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Windows\ifvm.vbs"
                                                                                                  2⤵
                                                                                                    PID:4300
                                                                                                • C:\Users\Admin\Downloads\ColorBug.exe
                                                                                                  "C:\Users\Admin\Downloads\ColorBug.exe"
                                                                                                  1⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Modifies Control Panel
                                                                                                  PID:3068
                                                                                                • C:\Windows\System32\WScript.exe
                                                                                                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\HeadTail.vbs"
                                                                                                  1⤵
                                                                                                    PID:2912
                                                                                                  • C:\Users\Admin\Downloads\WinNuke.98.exe
                                                                                                    "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                                                                                    1⤵
                                                                                                    • Executes dropped EXE
                                                                                                    PID:1040

                                                                                                  Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Reconnaissance

                                                                                                  Resource Development

                                                                                                  Initial Access

                                                                                                  Replication Through Removable Media

                                                                                                  1
                                                                                                  T1091

                                                                                                  Execution

                                                                                                  Command and Scripting Interpreter

                                                                                                  1
                                                                                                  T1059

                                                                                                  PowerShell

                                                                                                  1
                                                                                                  T1059.001

                                                                                                  Persistence

                                                                                                  Boot or Logon Autostart Execution

                                                                                                  1
                                                                                                  T1547

                                                                                                  Registry Run Keys / Startup Folder

                                                                                                  1
                                                                                                  T1547.001

                                                                                                  Privilege Escalation

                                                                                                  Boot or Logon Autostart Execution

                                                                                                  1
                                                                                                  T1547

                                                                                                  Registry Run Keys / Startup Folder

                                                                                                  1
                                                                                                  T1547.001

                                                                                                  Defense Evasion

                                                                                                  Hide Artifacts

                                                                                                  1
                                                                                                  T1564

                                                                                                  Hidden Files and Directories

                                                                                                  1
                                                                                                  T1564.001

                                                                                                  Modify Registry

                                                                                                  2
                                                                                                  T1112

                                                                                                  Credential Access

                                                                                                  Credentials from Password Stores

                                                                                                  1
                                                                                                  T1555

                                                                                                  Credentials from Web Browsers

                                                                                                  1
                                                                                                  T1555.003

                                                                                                  Unsecured Credentials

                                                                                                  1
                                                                                                  T1552

                                                                                                  Credentials In Files

                                                                                                  1
                                                                                                  T1552.001

                                                                                                  Discovery

                                                                                                  Browser Information Discovery

                                                                                                  1
                                                                                                  T1217

                                                                                                  Query Registry

                                                                                                  2
                                                                                                  T1012

                                                                                                  System Information Discovery

                                                                                                  3
                                                                                                  T1082

                                                                                                  System Location Discovery

                                                                                                  1
                                                                                                  T1614

                                                                                                  System Language Discovery

                                                                                                  1
                                                                                                  T1614.001

                                                                                                  Lateral Movement

                                                                                                  Replication Through Removable Media

                                                                                                  1
                                                                                                  T1091

                                                                                                  Collection

                                                                                                  Data from Local System

                                                                                                  1
                                                                                                  T1005

                                                                                                  Email Collection

                                                                                                  1
                                                                                                  T1114

                                                                                                  Command and Control

                                                                                                  Web Service

                                                                                                  1
                                                                                                  T1102

                                                                                                  Exfiltration

                                                                                                  Impact

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\README.HTM
                                                                                                    Filesize

                                                                                                    33KB

                                                                                                    MD5

                                                                                                    5dbb3658c2237679c7c64376f4991ec9

                                                                                                    SHA1

                                                                                                    6893e8cb7e8889315ce60559e83ca36cd59a1aee

                                                                                                    SHA256

                                                                                                    c30f2b2369ae5de4e54a5e520213c646ff41487ce25577aa6c8a08dd5a927238

                                                                                                    SHA512

                                                                                                    fbccb3f1e06354e3c09b2a0b606b080064abdb8f49ca06bd2ebacdf35531c8e672e9c6a3398a1348e617677dec55d0426786ae7d8f965b888698eed86521db4a

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Lokibot.exe.log
                                                                                                    Filesize

                                                                                                    425B

                                                                                                    MD5

                                                                                                    4eaca4566b22b01cd3bc115b9b0b2196

                                                                                                    SHA1

                                                                                                    e743e0792c19f71740416e7b3c061d9f1336bf94

                                                                                                    SHA256

                                                                                                    34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

                                                                                                    SHA512

                                                                                                    bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    b8880802fc2bb880a7a869faa01315b0

                                                                                                    SHA1

                                                                                                    51d1a3fa2c272f094515675d82150bfce08ee8d3

                                                                                                    SHA256

                                                                                                    467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                                                                                                    SHA512

                                                                                                    e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    ba6ef346187b40694d493da98d5da979

                                                                                                    SHA1

                                                                                                    643c15bec043f8673943885199bb06cd1652ee37

                                                                                                    SHA256

                                                                                                    d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                                                                                                    SHA512

                                                                                                    2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    b8f5d8817d2f5fdf90f0798783fd1f35

                                                                                                    SHA1

                                                                                                    a67cd9c41c1d7ee7428eb8c35c0275077ea9b02b

                                                                                                    SHA256

                                                                                                    723fe98746ef5bcc30298ae3584b30cdfe3ab29f456640c32af48b516c700b3f

                                                                                                    SHA512

                                                                                                    3367d253577459a55e47f303d9a56d0d8cfb3821e7eb44790b815b5f0b504d692694ba229251ed12b61d99316926dcf25729d169ccf7836f96e3fe66bf84ca01

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    87eced250f539c822a023b933c59efe7

                                                                                                    SHA1

                                                                                                    30ebaa418389f6ef0e9d1b81a57f7b9959a6b7ae

                                                                                                    SHA256

                                                                                                    b7f1542fae857f41ad2940623c59bf4337e6ff6c4a3cefb427d0e20db002e699

                                                                                                    SHA512

                                                                                                    d5a2d614c50d648c99427e3c84ef6a0049aa6b3dbdc9769464a9cdc86c52b44c56f2bc9274247ccde1ad3925d7398864426f78ad3490f2008345919b8771f793

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                    Filesize

                                                                                                    579B

                                                                                                    MD5

                                                                                                    ed5f4213c17629776cd75510648fc019

                                                                                                    SHA1

                                                                                                    ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9

                                                                                                    SHA256

                                                                                                    e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87

                                                                                                    SHA512

                                                                                                    71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                    Filesize

                                                                                                    649B

                                                                                                    MD5

                                                                                                    c785f820cfcff43432041a0218a4f2cb

                                                                                                    SHA1

                                                                                                    d19edcba69eae3b7b3734b58ce3a435f89cdfc48

                                                                                                    SHA256

                                                                                                    b67dec2a4947f62c25cfb8cdfa127a658c695e27cddfaee5178b9d42baef17f7

                                                                                                    SHA512

                                                                                                    14daa9cc67e30a4f4da3a23349a131dee984b787dd21dbe7658d1e7f8333a8d8cfa4705e93819920e1f2a7480c969c42b68cc6245aaa76a6ba4c9ff539bae39e

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    114cc0a1e2bd49db8829f186b0d3a1ad

                                                                                                    SHA1

                                                                                                    2c164ae1b083c12127b5176a5d405d773fffd484

                                                                                                    SHA256

                                                                                                    e5981fc7e8c4f04991acce604ce9d30467b2fef6d16ffa1c028940ebfabd14ea

                                                                                                    SHA512

                                                                                                    b83b72dda209b1801313acdcbcb6f818ef6b0a14a9d7f405e062ced9aa3ad210fac46ffd77a993584815d6d112a8c1b11b652a4fbbb5f1e0e5c0f5e6a8160193

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    5cf201bcf97c5a20fad73d0fac46c092

                                                                                                    SHA1

                                                                                                    a21a3c473935614248ab3f066a2f1ceb088ce8d4

                                                                                                    SHA256

                                                                                                    97aa5ba305dd9c7162047da55767c8f8fc7f4c1c4c6bc1a2bba9164ad63ec8bb

                                                                                                    SHA512

                                                                                                    e97d4e3301a7cb5d426a19614a952689b89a402da791ae1429752811ee6f5802ad31d71c3efe8496d6c27d776f63f621368eafb942fa50d544ee23f1bbd20531

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    91cffb352de4d6892ea7f707b8cfa653

                                                                                                    SHA1

                                                                                                    5eb35b57ba50ee8e64877d005553e7567645efa9

                                                                                                    SHA256

                                                                                                    a0264972a093202066412b9c372379b5a6890130878aaa00158239e1124009fa

                                                                                                    SHA512

                                                                                                    5a45d8234bc7c6ee072035813256c550106c6e147fa62406e99e2f9f00989a78ba022a3eb40f142b6e30aae1177905f0339db412aeb1a6a2e15b6f296c6cea8a

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    67ea42e53f408d821ae8b0a800c2dffd

                                                                                                    SHA1

                                                                                                    245a6b4f3e2de3e40e614102596957d99df5a0e7

                                                                                                    SHA256

                                                                                                    df88fa78afaa54df2526e4f11febc987f5c74df7c3ccfb73cad472fcf915a897

                                                                                                    SHA512

                                                                                                    ce0fabacde5484eb3cd60f97248c757d4e41cc9082a373e398167276a311db2c717f970f26f9b4b6c636c847e795e42b4d11908351f0b78c56f3a47d695176e6

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    f397d342f587d4e98e6eac71bcf6e38d

                                                                                                    SHA1

                                                                                                    181331bd45407be754bf4acd42f1c5403f286eea

                                                                                                    SHA256

                                                                                                    a5784e74565add52be10682f47d0c581c5aa39a81f22962aef511ebbac7755a2

                                                                                                    SHA512

                                                                                                    54d468497e7d59df5e8d42be39762450ffcb5229a38204b54a87c2d24e668d80de119023cf971b33c0781f302f3e31acfc986b69a2f6f22889002b6ee617cb9c

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    d4eeeb598cd7b6b5b35e416cb09627df

                                                                                                    SHA1

                                                                                                    5a94e033c01d51e27ff4af4ccdde5f81548e879a

                                                                                                    SHA256

                                                                                                    20d861257e29a92f3fde6dd573fbe110f86f4970255106f58581ca460e6efadf

                                                                                                    SHA512

                                                                                                    7dff1d2ce3c31a011b3e9074d843b69a2fbe660f966676a67f495ee47311c468aec001412c7faf2448c330f954747f9b0a6729f994fa26b946f261d9dc4dcca8

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    84b419bce013a5cced7c276af566efa2

                                                                                                    SHA1

                                                                                                    8e4c5f1a3ef85b6c866d93695a7877d4ab0f369f

                                                                                                    SHA256

                                                                                                    30b6bb5773645498d353be5abbe3254ff155f39d07ab1e3a6f5243b60e5666e9

                                                                                                    SHA512

                                                                                                    34ef07f113556d1db6c6b689bfcba5f01fe9545061bb6d114665c9beac963ce952d7f8df35c6ae0f3c35886b99848f82202b8231c8c937b1df79f8fd2a8623f6

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    4b0300e0bb368c08412456f80bb8b858

                                                                                                    SHA1

                                                                                                    8d0d8280f78df77aa0714fdf9ffe537f11578183

                                                                                                    SHA256

                                                                                                    7224bf11dd1efec4f6ad73f7ac4d0055f59c0f1e3c295bd05beeb209f9290bfd

                                                                                                    SHA512

                                                                                                    74599f672e3d5691949bf884b655a59d66584b407890082db3e2ebf08e31bad4d9b43e2eb3b7205cdd1a21907e92ed600eff7a3c8f4c2444f339c641eb552ce6

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    7a1f5c63b2cb94d0ce1b6985337ef685

                                                                                                    SHA1

                                                                                                    9ff5a2b853d696b6795ac661f499b4d9d42e043f

                                                                                                    SHA256

                                                                                                    8f5acace14afb74c1294d6a1c33e1a1eee50fd599515f1808c23729a263fc0ad

                                                                                                    SHA512

                                                                                                    e7ec025f1eb2372fea5bcc6472656cdfb47367083c8ebd702f8b1b426c30e007bba06d381a18829fdf03901f6f3296e50e9f662bd6b7420599713d9c7e53d930

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    34babe2949c9cbe0b5d9f62e2ac3b150

                                                                                                    SHA1

                                                                                                    619858535e87fdd3aaa580cf1357d39034e73664

                                                                                                    SHA256

                                                                                                    571ae24d8dc8d5aedeb139b6e0c06e0fe2ec1781bafa12dcef2eee8c4ae09a92

                                                                                                    SHA512

                                                                                                    6154102cefa70d0cd52df56615dfc69bb3c1ed7aba19bdef105a89c039bdcafd595bb0ccaeb6e0573bad0de83d4e3c2423fce52e3dffdc8772602c99aaf36ef2

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    23012b4d52c27c4ed0d9117f5a25bdef

                                                                                                    SHA1

                                                                                                    6939cd2ccd0223524d202635a1229596cd17cbe0

                                                                                                    SHA256

                                                                                                    fb2893720b937501df25adf6e8f6134b78833f8207aacf89a2c7a1d9be5f51a8

                                                                                                    SHA512

                                                                                                    8f34899c51c4b9c492cf850183a2eb4dd994ceed4c2ebe2639687966ddc2c3492653237b12e6e79d1f9cda54d2b07da70efed1287a96253dc2c9281280f43cea

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    4f760ae751d68ca84f98aa941e72b1e9

                                                                                                    SHA1

                                                                                                    741fa359ab802a9f44a59584b19f9ca9853ab92a

                                                                                                    SHA256

                                                                                                    ad395168a4594bdaa5a5d4031c09af83c4a364f389693e12f18e932c9418e081

                                                                                                    SHA512

                                                                                                    71732eb9210efa6c22fa8a884c4ab9c7487a2265c9406ff109012e5886930ba622e22469dc63c9e8dcb283391d2778a177d1c8a4bf66c6188a9bc2514abca9e8

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    e5854c43a130a963a03aa28bc12426d9

                                                                                                    SHA1

                                                                                                    89820f0cc504f70499bafaaf40aea2150febcc72

                                                                                                    SHA256

                                                                                                    da8773ce9ff184fb47f44f06c31aa81120ac175e25241237bf8e28ca77537ff4

                                                                                                    SHA512

                                                                                                    f9d496f25d1dc6ca9c50e064e1b5618a9506ae90bf4c57b70cf3b2f59d2836848bf7468e2c9af6c6d99c5664eab6db17741fb7c9742542bc2463a170a0f821f5

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    58ad384a3cc24c30443830e544592c28

                                                                                                    SHA1

                                                                                                    c4f75b4e8b0229d1e2054dfc76516b87fd2f50d6

                                                                                                    SHA256

                                                                                                    5131de5e6660fafcae8e1047bb348cd244d2f78d073f8807611acbe5f373b49d

                                                                                                    SHA512

                                                                                                    e3f8d34e36bc56fd8cf18e3e6912bc3cccbd6ead078f23fab21d96841a9f799f9c28413a813c19237827d7a90b34ce57fc7374e8e1258c19d992c1090c736cb8

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    46ad1708d3c85c0e84dacbbc634fbd61

                                                                                                    SHA1

                                                                                                    735e9c5d244574443e68b646a100047065394f11

                                                                                                    SHA256

                                                                                                    3a216385d74d967ad8b7a0f0e8b98aa75b5ec37f6b32d752e9c5123872e76cf4

                                                                                                    SHA512

                                                                                                    1f0861194d1859f8f0ab14c90fb432ce9dd8a886e89c62f59f56c3e45fe84bd8ae223eab1272a3ad09dc47082914be2d4a18ef17172b510e4e75af5b29386783

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58587b.TMP
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    659d845f6f9d80a2887e0991a7d24aff

                                                                                                    SHA1

                                                                                                    8ee305b40a7c188343f7e6ef1be69e0797dfe811

                                                                                                    SHA256

                                                                                                    4656235a203c6825b1151cc3742567221608e5a6563de6099b886316e0bf35c1

                                                                                                    SHA512

                                                                                                    6ae219162a0e08546da75b64a7321d330d9267d46ba3b849db32b800b8109428ee7a8aa3b14a77c19a78618e66494819e1db974147bf1347ecf253a9bd95b8a7

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                    SHA1

                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                    SHA256

                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                    SHA512

                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                                    SHA1

                                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                    SHA256

                                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                    SHA512

                                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e7384f11-545e-4e4d-83fd-22559185a95e.tmp
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    156901bb5f3725b6bf6cca2a5473d907

                                                                                                    SHA1

                                                                                                    7d2e5afe11f1dfd04ac571b095538b199b21dbea

                                                                                                    SHA256

                                                                                                    e045859693e8fd0a2052ab4d002e0f56719fbf12d086c7fb03a0728936355355

                                                                                                    SHA512

                                                                                                    5df46e6f3f7189e428d0b570f1af047e43e3602140f7071501242f975acfc27c0e08b948c7267d21171a7b9270db588e0d3c6d88caefde2d6fe0b90eda30aaf4

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    ae9da751f8a1cf187c97b161190e49da

                                                                                                    SHA1

                                                                                                    97a3a0f168c46e876ad658cded8e12056657d0b0

                                                                                                    SHA256

                                                                                                    7aed9b63c19787170b039307f30089d4ff70ba88540cbe9531862a2ff3ff0cc0

                                                                                                    SHA512

                                                                                                    17e007cf48b66e27d6c27037dadf1469e138e48f97454eca3757f3ad88f0a7cc12806a96132e216d646bb17cb7721e945b555d9b431e19f084e47de5aae99a75

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    77967171f59ccc3661625186dff1c6f8

                                                                                                    SHA1

                                                                                                    64cdc641a3be1aa2eb7e82a1b3cb3d4205209066

                                                                                                    SHA256

                                                                                                    013f9b230a36eac2738a3bef6aab492330ae037c382ef3c9d4a3597a1aa9f82d

                                                                                                    SHA512

                                                                                                    545895b0966ac5f6f39ab371cc4ec9f18e6454c2434c5307dcb14d5722aec43b162fc5b324e1e8ec71dbb67d5704078445146c5ab14df0c9fe1ee96f1b219c73

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    1a9fdaea7ca13959276c9d684bf3433f

                                                                                                    SHA1

                                                                                                    00ac54c986c706ddbb87ceffc9b57d73319ef42f

                                                                                                    SHA256

                                                                                                    db0ecc0d2ab73d3aa08402b19745b84bd777ba1ffa9e58c58215f1c691bd84e6

                                                                                                    SHA512

                                                                                                    9dbeeaf2a1527c137297a84bd75daa894225a84739df67db5269218f37776fa263c954d95d1de58a4b48a07f204a86acae15bea1b3518fd21aaec893132ed4a1

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    b0519d6b95be69edf616be6da9bf7ae3

                                                                                                    SHA1

                                                                                                    54a947bcf9fdd135ba8d3a8172aefe5bc6f89636

                                                                                                    SHA256

                                                                                                    220f4784dcc9310996dabd857255db16539c5f2f198631632610e610b375c823

                                                                                                    SHA512

                                                                                                    757ec514eb52f0f40e4198404df9b66f3efc0875d99e38bcc2ba91fa6ad233a71949556fd2a99f3bede063c01a9a6e2cb7baac97f6454ef1e0386cd2561638c2

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    20922b29fe2193dc85f6e9ec8a564371

                                                                                                    SHA1

                                                                                                    ba327ef7d35d20f088ed6866142eaa6b3a9f3d01

                                                                                                    SHA256

                                                                                                    7255881ca8243138b0e0dc4b571a7624fcc1d9357f2d53eaec2c55a896937672

                                                                                                    SHA512

                                                                                                    b7026418d94041c98291bd404a5b56f8cfefa36df1e9b65e2127df0b3fe038e05ab4b8901db7d96b717f3dde8dcf65a997a9e8513b059e21e038e90e7700916c

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    b729700fccd0ed2a631362be24f04647

                                                                                                    SHA1

                                                                                                    276d3e40a54ee0f2c08effd4865de4a89faaa9f7

                                                                                                    SHA256

                                                                                                    ed1293e110ddc3745f4f1db9cdba50cb025d9c95d5f047f79c385389a0472fc0

                                                                                                    SHA512

                                                                                                    d4b5a0b50264e39f96acc8cc61f6406637012b3f1b7dfa8efff04078de2a7d7c0dd931ab500433e4a56cbe0a78e90239b8c193ce73794fe97f33327f368a4e1e

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    7345254026acf3cde0d347bb11eee3d6

                                                                                                    SHA1

                                                                                                    357341b0fc49a51ebbdc488a2e8f4588658d7070

                                                                                                    SHA256

                                                                                                    b0c04d97a91b63021dec57d53a7eb8682b55a26211ac216d0f5a1d2e0cdb49e2

                                                                                                    SHA512

                                                                                                    c41831b652abcff01f7dc7abe5b318245e17176003f0327ce712c426a849ee5b93e0bf6c67f20dccbfe1627f6feb82df140328087dcee66d62b701e8dddd7ad0

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    10KB

                                                                                                    MD5

                                                                                                    fba98d5e9de55f98fbb9d936dacac9d5

                                                                                                    SHA1

                                                                                                    27364458e76450d994759871bc235c4a469fd9f2

                                                                                                    SHA256

                                                                                                    33db9900c12b2da1e961d4b82d2da570768ae994a5f630f2f787fa0447bf1e7f

                                                                                                    SHA512

                                                                                                    a3ce732461fc8ab19f747be17d3c90308a7f0e4e8e6eb0e97a0cffbd192a0e0b29b26b4806859b642d3e1d62da43e1c2febe5a648c6de76f46cf7a951a2208a8

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    f387ce06102de09ae19197e5542c5f3e

                                                                                                    SHA1

                                                                                                    52ab875ac96a7491d29b8b2edc330d5c3638c127

                                                                                                    SHA256

                                                                                                    bd6eb7fd0698339eecc0fcfaf0444040974ed1e2b4afd42429e454e658965146

                                                                                                    SHA512

                                                                                                    abacd87b02e2debed5f7bbc96a4b13e55f77d67b513fc1254c350368f69edbeccf4712e005e50b5b05a905ae78c04f2cf654894e831f5dae6699e608ea02f99d

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lqltw4tg.e5o.ps1
                                                                                                    Filesize

                                                                                                    60B

                                                                                                    MD5

                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                    SHA1

                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                    SHA256

                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                    SHA512

                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3442511616-637977696-3186306149-1000\0f5007522459c86e95ffcc62f32308f1_5ab270f5-f3a9-47d1-97d7-bbd50acf9955
                                                                                                    Filesize

                                                                                                    46B

                                                                                                    MD5

                                                                                                    d898504a722bff1524134c6ab6a5eaa5

                                                                                                    SHA1

                                                                                                    e0fdc90c2ca2a0219c99d2758e68c18875a3e11e

                                                                                                    SHA256

                                                                                                    878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9

                                                                                                    SHA512

                                                                                                    26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3442511616-637977696-3186306149-1000\0f5007522459c86e95ffcc62f32308f1_5ab270f5-f3a9-47d1-97d7-bbd50acf9955
                                                                                                    Filesize

                                                                                                    46B

                                                                                                    MD5

                                                                                                    c07225d4e7d01d31042965f048728a0a

                                                                                                    SHA1

                                                                                                    69d70b340fd9f44c89adb9a2278df84faa9906b7

                                                                                                    SHA256

                                                                                                    8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a

                                                                                                    SHA512

                                                                                                    23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 168581.crdownload
                                                                                                    Filesize

                                                                                                    9KB

                                                                                                    MD5

                                                                                                    b01ee228c4a61a5c06b01160790f9f7c

                                                                                                    SHA1

                                                                                                    e7cc238b6767401f6e3018d3f0acfe6d207450f8

                                                                                                    SHA256

                                                                                                    14e6ac84d824c0cf6ea8ebb5b3be10f8893449474096e59ff0fd878d49d0c160

                                                                                                    SHA512

                                                                                                    c849231c19590e61fbf15847af5062f817247f2bcd476700f1e1fa52dcafa5f0417cc01906b44c890be8cef9347e3c8f6b1594d750b1cebdd6a71256fed79140

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 168581.crdownload:SmartScreen
                                                                                                    Filesize

                                                                                                    7B

                                                                                                    MD5

                                                                                                    4047530ecbc0170039e76fe1657bdb01

                                                                                                    SHA1

                                                                                                    32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                    SHA256

                                                                                                    82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                    SHA512

                                                                                                    8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 257645.crdownload
                                                                                                    Filesize

                                                                                                    32KB

                                                                                                    MD5

                                                                                                    eb9324121994e5e41f1738b5af8944b1

                                                                                                    SHA1

                                                                                                    aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                                    SHA256

                                                                                                    2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                                    SHA512

                                                                                                    7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 287561.crdownload
                                                                                                    Filesize

                                                                                                    48KB

                                                                                                    MD5

                                                                                                    ab3e43a60f47a98962d50f2da0507df7

                                                                                                    SHA1

                                                                                                    4177228a54c15ac42855e87854d4cd9a1722fe39

                                                                                                    SHA256

                                                                                                    4f5f0d9a2b6ef077402a17136ff066dda4c8175ceb6086877aaa3570cabb638f

                                                                                                    SHA512

                                                                                                    9e3365c7860c4766091183d633462f1cc8c30d28871ae2cd8a9a086ce61c0bccf457f919db6826b708f0cf4f88e90f71185420edc4756b7d70137e2096f8797f

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 326509.crdownload
                                                                                                    Filesize

                                                                                                    27KB

                                                                                                    MD5

                                                                                                    499c5aa1b21e9029f76bc57de37907ad

                                                                                                    SHA1

                                                                                                    a2552f2bc1f7d10eb409e864d15065ff1cab94b9

                                                                                                    SHA256

                                                                                                    eacce5121ddb3922e6234a3210e9e291028d0520e1ceb7e325d3a093917eb228

                                                                                                    SHA512

                                                                                                    56e9bacfe08f6511ad54c4134f7a051b434e0e3db60a73eebd4d3f12dd29f9f95ed77e54765ec10f4b50894e2ba0ee0de66288c148f1feef9084f61baaa41a50

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 586891.crdownload
                                                                                                    Filesize

                                                                                                    300KB

                                                                                                    MD5

                                                                                                    f52fbb02ac0666cae74fc389b1844e98

                                                                                                    SHA1

                                                                                                    f7721d590770e2076e64f148a4ba1241404996b8

                                                                                                    SHA256

                                                                                                    a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683

                                                                                                    SHA512

                                                                                                    78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 656225.crdownload
                                                                                                    Filesize

                                                                                                    33KB

                                                                                                    MD5

                                                                                                    e0a3ab130609c80b452ee423d3a55355

                                                                                                    SHA1

                                                                                                    f5408df5f8d2765738db8f5080bb88cab105c038

                                                                                                    SHA256

                                                                                                    af1de4b7c65071f490cfd1425c45c9538fd7888cb7dc509304d8ec11cb046649

                                                                                                    SHA512

                                                                                                    9326653d66a9866d517cdcdeb1abdf3fb8fdb2a8bc8c2324c916c10aabc7d5ca417c54c7409f0df6454041ad4c446b06b56510e7cc1eaa2b3cf54ec47cb79ae4

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 935111.crdownload
                                                                                                    Filesize

                                                                                                    53KB

                                                                                                    MD5

                                                                                                    6536b10e5a713803d034c607d2de19e3

                                                                                                    SHA1

                                                                                                    a6000c05f565a36d2250bdab2ce78f505ca624b7

                                                                                                    SHA256

                                                                                                    775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de

                                                                                                    SHA512

                                                                                                    61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018

                                                                                                    Download Submit

                                                                                                  • C:\Windows\System32\Administrator.vbs
                                                                                                    Filesize

                                                                                                    33KB

                                                                                                    MD5

                                                                                                    202a1eac250d555a6e58c12155a5686b

                                                                                                    SHA1

                                                                                                    1f9b2c10d7e1c22f613f7c546baa01164635b4ac

                                                                                                    SHA256

                                                                                                    b1063be60335a912a642a16cf8d6c33613951cc79c99e530f0d2efacb2f99563

                                                                                                    SHA512

                                                                                                    c155ca5813cb423b16077227f8fbbb339851dac2b3f7d1bcb343875424e43ea7c735178d04567199a2f3d5980a322723693920b7426a28916ac723aa52674af2

                                                                                                    Download Submit

                                                                                                  • memory/544-303-0x0000000002DE0000-0x0000000002DF4000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/700-296-0x00000000052D0000-0x00000000052E4000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/1508-763-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/1992-288-0x0000000001010000-0x0000000001024000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/2228-742-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/2744-292-0x0000000002620000-0x0000000002634000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3000-294-0x00000000026A0000-0x00000000026B4000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3068-1406-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3228-767-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3472-405-0x0000000000400000-0x00000000004A2000-memory.dmp

                                                                                                    Filesize

                                                                                                    648KB

                                                                                                    Download

                                                                                                  • memory/3472-583-0x0000000000400000-0x00000000004A2000-memory.dmp

                                                                                                    Filesize

                                                                                                    648KB

                                                                                                    Download

                                                                                                  • memory/3472-426-0x0000000000400000-0x00000000004A2000-memory.dmp

                                                                                                    Filesize

                                                                                                    648KB

                                                                                                    Download

                                                                                                  • memory/3472-407-0x0000000000400000-0x00000000004A2000-memory.dmp

                                                                                                    Filesize

                                                                                                    648KB

                                                                                                    Download

                                                                                                  • memory/3480-619-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    Download

                                                                                                  • memory/3480-605-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    Download

                                                                                                  • memory/3480-766-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3660-761-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3736-729-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/3824-384-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                    Download

                                                                                                  • memory/3824-428-0x0000000000400000-0x000000000040E000-memory.dmp

                                                                                                    Filesize

                                                                                                    56KB

                                                                                                    Download

                                                                                                  • memory/4576-740-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/4628-759-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/4800-631-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                    Filesize

                                                                                                    36KB

                                                                                                    Download

                                                                                                  • memory/4820-772-0x0000000000400000-0x0000000000414000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/4916-1155-0x0000017EEB1D0000-0x0000017EEB1F2000-memory.dmp

                                                                                                    Filesize

                                                                                                    136KB

                                                                                                    Download

                                                                                                  • memory/5024-299-0x0000000005AE0000-0x0000000005B72000-memory.dmp

                                                                                                    Filesize

                                                                                                    584KB

                                                                                                    Download

                                                                                                  • memory/5024-298-0x0000000004F20000-0x0000000004F28000-memory.dmp

                                                                                                    Filesize

                                                                                                    32KB

                                                                                                    Download

                                                                                                  • memory/5024-300-0x0000000005BE0000-0x0000000005BE8000-memory.dmp

                                                                                                    Filesize

                                                                                                    32KB

                                                                                                    Download

                                                                                                  • memory/5024-301-0x0000000005F90000-0x0000000005FD4000-memory.dmp

                                                                                                    Filesize

                                                                                                    272KB

                                                                                                    Download

                                                                                                  • memory/5024-286-0x0000000005310000-0x00000000058B4000-memory.dmp

                                                                                                    Filesize

                                                                                                    5.6MB

                                                                                                    Download

                                                                                                  • memory/5024-285-0x0000000002600000-0x0000000002614000-memory.dmp

                                                                                                    Filesize

                                                                                                    80KB

                                                                                                    Download

                                                                                                  • memory/5024-284-0x0000000000300000-0x0000000000352000-memory.dmp

                                                                                                    Filesize

                                                                                                    328KB

                                                                                                    Download

                                                                                                  • memory/5024-336-0x0000000005F40000-0x0000000005F62000-memory.dmp

                                                                                                    Filesize

                                                                                                    136KB

                                                                                                    Download