emotet | 2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13/02/2025, 01:26

250213-btppra1pcz 10

17/01/2025, 20:14

17/01/2025, 20:12

17/01/2025, 17:25

17/01/2025, 17:21

17/01/2025, 14:16

17/01/2025, 14:12

16/01/2025, 12:52

Analysis

max time kernel
366s
max time network
369s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/01/2025, 17:25

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Malware-1-master/32.exe
Size

1.2MB
MD5

568d17d6da77a46e35c8094a7c414375
SHA1

500fa749471dad4ae40da6aa33fd6b2a53bcf200
SHA256

0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615
SHA512

7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427
SSDEEP

12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

Score

10^/10

emotet banker discovery evasion ransomware trojan upx

Malware Config

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet
Emotet family
emotet

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
1100	CreepScreen.exe
3088	melter.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
134	camo.githubusercontent.com
138	raw.githubusercontent.com
139	raw.githubusercontent.com
195	raw.githubusercontent.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp"	reg.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral6/files/0x000500000000073f-1444.dat	upx
behavioral6/memory/540-1498-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx
behavioral6/memory/540-1539-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx
behavioral6/memory/540-1564-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScaryInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	englishthe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CreepScreen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	englishthe.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
5016	timeout.exe
2412	timeout.exe
1020	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
1112	taskkill.exe
1176	taskkill.exe
3208	taskkill.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "226"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	cmd.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry

T1112

pid	Process
4972	reg.exe
2612	reg.exe
3988	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 11089.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3452	NOTEPAD.EXE

Runs net.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4808	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1020	32.exe
1020	32.exe
4400	32.exe
4400	32.exe
2544	englishthe.exe
2544	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
2924	msedge.exe
2924	msedge.exe
4324	msedge.exe
4324	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4824	msedge.exe
4824	msedge.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
1244	msedge.exe
1244	msedge.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
4856	englishthe.exe
2396	msedge.exe
2396	msedge.exe
1352	msedge.exe
1352	msedge.exe
3632	msedge.exe
3632	msedge.exe
4856	englishthe.exe
4856	englishthe.exe
3884	identity_helper.exe
3884	identity_helper.exe
4856	englishthe.exe
4856	englishthe.exe
4892	msedge.exe
4892	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
3212	identity_helper.exe
3212	identity_helper.exe
4856	englishthe.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4808	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
3632	msedge.exe
3632	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4400	32.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1112	taskkill.exe
Token: SeDebugPrivilege	1176	taskkill.exe
Token: SeDebugPrivilege	3208	taskkill.exe
Token: 33	4344	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4344	AUDIODG.EXE
Token: 33	4808	vlc.exe
Token: SeIncBasePriorityPrivilege	4808	vlc.exe
Token: SeShutdownPrivilege	2852	shutdown.exe
Token: SeRemoteShutdownPrivilege	2852	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
3632	msedge.exe
3632	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1100	CreepScreen.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe
4808	vlc.exe
1192	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1020 wrote to memory of 4400	1020	32.exe	81
PID 1020 wrote to memory of 4400	1020	32.exe	81
PID 1020 wrote to memory of 4400	1020	32.exe	81
PID 2544 wrote to memory of 4856	2544	englishthe.exe	84
PID 2544 wrote to memory of 4856	2544	englishthe.exe	84
PID 2544 wrote to memory of 4856	2544	englishthe.exe	84
PID 4324 wrote to memory of 5100	4324	msedge.exe	91
PID 4324 wrote to memory of 5100	4324	msedge.exe	91
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2848	4324	msedge.exe	92
PID 4324 wrote to memory of 2924	4324	msedge.exe	93
PID 4324 wrote to memory of 2924	4324	msedge.exe	93
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94
PID 4324 wrote to memory of 3104	4324	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\32.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1020
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\32.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\32.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  PID:4400

C:\Windows\SysWOW64\englishthe.exe
"C:\Windows\SysWOW64\englishthe.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\englishthe.exe
  "C:\Windows\SysWOW64\englishthe.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdbe3646f8,0x7ffdbe364708,0x7ffdbe364718
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,10177857523560528903,3874998449649497080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UndoClose.mhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdbe3646f8,0x7ffdbe364708,0x7ffdbe364718
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7147530473521380130,9939337366440391258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbe3646f8,0x7ffdbe364708,0x7ffdbe364718
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,13804525897647321301,7997366445701236326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\readme.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3452

C:\Users\Admin\Desktop\ScaryInstaller.exe
"C:\Users\Admin\Desktop\ScaryInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:540
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\AB4B.tmp\creep.cmd" "
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:3456
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1112
- - C:\Users\Admin\AppData\Local\Temp\AB4B.tmp\CreepScreen.exe
    CreepScreen.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1100
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5 /nobreak
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:5016
- - C:\Users\Admin\AppData\Local\Temp\AB4B.tmp\melter.exe
    melter.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3088
- - C:\Windows\SysWOW64\timeout.exe
    timeout 10 /nobreak
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:2412
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im CreepScreen.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1176
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im melter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:3208
- - C:\Program Files\VideoLAN\VLC\vlc.exe
    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\AB4B.tmp\scarr.mp4"
    3⤵
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4808
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
    3⤵
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    PID:4716
- - C:\Windows\SysWOW64\rundll32.exe
    RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1560
- - C:\Windows\SysWOW64\reg.exe
    reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:2612
- - C:\Windows\SysWOW64\reg.exe
    reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
    3⤵
    - UAC bypass
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:3988
- - C:\Windows\SysWOW64\reg.exe
    Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4740
- - C:\Windows\SysWOW64\reg.exe
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:4972
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d "1" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:228
- - C:\Windows\SysWOW64\net.exe
    net user Admin /fullname:"IT'S TOO LATE!!!"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4660
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 user Admin /fullname:"IT'S TOO LATE!!!"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3412
- - C:\Windows\SysWOW64\timeout.exe
    timeout 8 /nobreak
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:1020
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /r /t 5 /c "I CATCH YOU AND EAT YOUR FACE!!!"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x300 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4344

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3902855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\melter.exe

Filesize
2KB

MD5
33b75bd8dbb430e95c70d0265eeb911f

SHA1
5e92b23a16bef33a1a0bf6c1a7ee332d04ceab83

SHA256
2f69f7eeab4c8c2574ef38ed1bdea531b6c549ef702f8de0d25c42dcc4a2ca12

SHA512
943d389bea8262c5c96f4ee6f228794333220ea8970bcc68ab99795d4efd24ebf24b2b9715557dfa2e46cfc3e7ab5adff51db8d41ef9eb10d04370ce428eb936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae8b244ad448e26c6f273f215a8aba1a

SHA1
d6f5fc9b5b867b7dcfccc82c88ae85400e657cb0

SHA256
15748669b0554666a19b8b3eaa7dc83dd6272626884315eb23e3df706fb2c78c

SHA512
5c2c65fa1efbe4fb20be98ae4f1edecd7968deb5ec8922ef235c63f1bce34c61c0a29aee659c5ddc8daa1ad5de579d7d6da8b6a7b969039ffdeceb5e4eaea3b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab5d70d7916504393b98af9ee4f5629a

SHA1
f1f702a9e8f7c3f78b53a36c65da990ae2b70dca

SHA256
f0542fa43f4a723ef7088fe233f5ab8a1ac0faf3fef622f873c9466af5075420

SHA512
d5ee3cb37210ed83ef213d4f626ace0ef37199270308b4ac4561d6d2af8060e43d51010fc23b5ca3bfb16a081cd0a30d10eed4f0b357b5c26dcb7898443fa256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
dd0fa63d7a6164ee38a2d8c56734dae5

SHA1
e64d22f6fd29c7a77466659eae1478e0fa65ce91

SHA256
10ae3cbea6525955edc9ac5d8b90ec4f50990edc15cf52d132b67a23fe0eb8a6

SHA512
262d6846bbdb5286cb80a78b2dbac31bc10bff30fdc5ff7c2bd2bcc7748a4fca98b20dc30ba5960f31307163b82857544021ccb9233257885289d17707f8b9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
d458599825f1991b12515799ea5c21ef

SHA1
473f5e31b20136c270cb4c53b4ccdc8ea75b1afc

SHA256
095bf74a4d0ea0c8abbb03e1371ed4c85d26e49d7218796934b784a08138e90c

SHA512
dccc6fe06a766f706441638487424e5d11648b2fa549dfd0f2282d5d2dfa554a2e4190de01397402c49c4e394676afb8a3a3def150ea066fbe8b86d3a7bd7e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
93f60210782f5ba5d810f01db9d85861

SHA1
c07755c498ea202707a5357a5250fdc0afded242

SHA256
ece8d03317dac951140c24c422abbb4d0a6994a3f9826c1ee24791762aa27fec

SHA512
18d0be1a219c9b5751cd14274a2867101fb74afe4aa65b55ad2b498532715f1397ed01ae972115eb9bc6072ae36c93666bdf52344b95c357f62885d48dd8e2a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3c15ec894aa96a3518a7705af3aa4910

SHA1
a7af606594fca365a622e4bf79fb9ac3f1ffe97b

SHA256
536501ed797d1445d653e18199f5cfa0621143d3fa24920a7acdd1c6dcc83c93

SHA512
19996b6c5782195453722c6562903ebf770f95c0c0fb0d79dfbe2e482b31fdb5dfbeec85748319d5ea0dd244e3e659a3ebbc6878088bdfdd62d9bedc75b1f042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5db33a98670c753ced8e9a62bddbbfea

SHA1
a1e04cc7e9de000323b2d0df83c0921116b3bf6a

SHA256
64a16102c6247e8e1beaba42067f4182710c18244b3e7478fa42f84965d35579

SHA512
4f2a47c3df064b0a76b565683dcfeb5bfab54e12f28acc9fe62c71e783e0f22a44dd57b7ff6ff444a853714145ddf36b632433456d5dc75801352e21e5ab5ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b521bd8b73a0740cbd7513294d630224

SHA1
d16f91292d8128193b801060f0354aa6142b7a20

SHA256
850230a1aefd32ebf3d4e5d30b1ff0d9f07b1b585c01336163db2262aef93eb0

SHA512
3b0010c2aba067f94ae1efa4f81f03fd3d700346b0871f45030047e57e98abd4051c6d0df4d307564ee7d3ff67be45c41c85cecb034fe11f80a0a1fd90e2ac2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
a9ad18dcded119924390bf17affc2eea

SHA1
0150401c6aa430076eb10622e69463b01f6e553a

SHA256
8863eba2e0866326311b5be1e29ed15feee1f07bd0025d844662b02917d10306

SHA512
8cc8802897e57fc64f9fa0aa2bcc8d913b7fda538f69dff0c8abc4c97750d2604ee1b0a0ce338aa4ab164fa10a7c0eb0abb6f0d62fb98b4359a246b09b8acb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
53b02ae63324b9a97b6d5d737b22cf56

SHA1
3247fba41f2d1f277d022e28befa8a207ba61554

SHA256
e3fec39a34de06986b53d08f6fd13557a0f8bf43cf19f9bb74de1626c598e036

SHA512
b538157f962381c8160c19c17f95cfaffba5db9c65cbf32572abe8b512fe7fb59a02ce97b8fb4d32aaec795843f7007d80f0c96ca6ecc1508a1e1b3e66f5c96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e6a9fca114839c60b9e7c2c550fed8ca

SHA1
99e7832c58f47c9151d97c3edfb6c78e5bf88b1a

SHA256
5ce7493f70ba3c3b10905669367f03e68afa2b38f6bf0ddb3499e6e69096ace6

SHA512
7e5b6d43a2942c300d843958e09e1e04ee25f087d517bd866b5079775db4786d158334de1e5380c32984cf97c5c1b6265b65f64edeeff95af285c7619ddf40b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2aa7e078d7ecf7a742febf9d715b5414

SHA1
bc3da08d7478cdfd05ad02f21a4ccd99671a22bc

SHA256
079275b48395bcc4e9e829a7743651e1db8e7b232606fc0930a81beacb1f546e

SHA512
2543664f42830fecd161811dcd153a1c6c3509ab1b250a7d813e07c1732328414aafe4ff8fcd48b2e5f7a92ea9db0f5c18cb7427efa39749827eed6757b7b6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
8KB

MD5
95f1a355d2c258aa2e8480b38e344e1b

SHA1
6723586bfdfc806ed8b064c90a68da87a787afc6

SHA256
e1f35ae67f72fbc8436771fc84c15b5bb5fbf1a75d840078a8c3bcce5434cb44

SHA512
f1b7eb9b08ae1d4dd7a1530357739071a30cc4da92132dc88dc9c352e2d507794a6ff128c3bb70e29a284e34d55a199e065a4ba79b15d05069d4993ea07a755b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
24KB

MD5
01081625c21e1440793680d8fa76d015

SHA1
210e1e064a31f79ec6e250dcc018554cc8d6f6d9

SHA256
f77680af521bd8be8200528a0280e9d883c9c71cd10a67891bb5a81d10858178

SHA512
9e6b325765b93c8c29b5166a08cd16035acadc4397f6e0877039f042f1aff402cac1271ac4a0f538ba1a6c85176c3346e6daf0c932216e824bcb9062150f6954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
821945559d2b9f848c2d3aa1d165ba1b

SHA1
4eadfa0bf9ada4d455a10dffdc1497a15891df08

SHA256
f50974d604a754aeeb9d98e56106aa6b854f0b25e0026c65f4575bb65bd72d99

SHA512
fa5f2ec7e649d385764abb98cc365f284a5c17d477921a0684b814c68e9d3f962b77e842fdb73344c6b7d9291f6c825e185d47e47be3d0a655eff6d044447159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bbdd315f3a5a69a9bff501fffb66806b

SHA1
b3ba406df5f7d987c1ef942595d7266ee55361af

SHA256
ddf76b110acda5cf545489f6b1f511878f1ec9272bf398ac259dd74f61a13816

SHA512
937cd6de940e046217f1c9bb132f79ab1725b33ba2964bfdad810d92fd3ebebdb540ce4c0619eed98ede6c3ba091aec0152af60ea3f46a226792fd4624db042d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b70277506bf1483be94f87c5027e19ec

SHA1
a03f4881b817c09c7ba793ab01d8e765f98d18e2

SHA256
156fba37a8f780c74b2df1b587c67ce9bf0001ef9b649f1be66e058990720773

SHA512
5f7804ea7e6e23372e7311e6e0d1f9395ad9d10441f254be717a4dd7b5c1c346fd6a3a7a897094901b40eb544b9ce85c02b0ea7ceb85961d35108ba7fe7ccb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b1ed835188d64210709e3857728ab8e9

SHA1
e991089f3febb251642e0a08869c98cd7ce80fa7

SHA256
1e0e3bc826adb12bd5e21abdfed2987bf131f9a69b9c82e67bb5f883d602e447

SHA512
9f3990f83fa02f92805f29270ba2f01ebca48f8c5e6e4573d7878e8d12f38b68761460facd5eb724977fb75e4d79c3584e3fcf9cdb442bc1a7f51752b70f5692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
707B

MD5
4284b43798d42593947469b98181fd38

SHA1
0df27be805c868b2bd8cc691cba5ce73bc04cb78

SHA256
7f8d15fe5e8c55f2faa57fa5c6e6ae5bae3c9543feabd866022633f2657a8b33

SHA512
dfdc4e222ca7fc2a32dc96024f3f8deaf555626462b74620fc238af271a7ee3a46b0115129da34f750cea3c7d65e8b464d2ad5e4b15403aabe31adc1453a0b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
857B

MD5
2465728757a233b61c26da03fcee854c

SHA1
65a6e3ad1b9db62abc47b4474e872f014357a69b

SHA256
198d58b843689a19b4ae66aa6becf205c38f11ab72fbf5bfc667dce0ab549f7e

SHA512
986d4dae5c20def0d4b7d5fcf5362c1ca1ad68c8ea27fe7f3b0e5643b5a125169f4d6aaf9b7de341b6d855c36837d93eb5e3197fcd80447a0100bbf8246f7492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
90fcac6ddc4114a6b73f08a70ffb5020

SHA1
3d31860793afdbddf5e41549b4be3b0c63c8eaf4

SHA256
02f3f6c499ffa11653c861cbf1eb6bfd7d96f5d2fb184bb0e56752b634ec09a4

SHA512
074ce5ded40d86ade7d3aebb9a819a66f7dcf0d0cd22d754a3bacd6883a9011663610d0b6ca6c61d106f1b71abe05729361347980ae8fc877d2af0192c8d1385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab7c861a00b9a04ab7f07dd70447c044

SHA1
44787420d8a16b475870101f1c2062231d15398c

SHA256
d59dcc103659f4bca1c7fb3e79c6113ee6552ef8402a6e205193c5c620988a1c

SHA512
10cb413d66e371839b49a7f84831c3a51c81cd76afb050e81f68129d4191e502391db1ef9e59400d1e5bea49bb849544843289b5d3d9f681c747109bc9783865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de4af669b9f2ad61babce00122bde024

SHA1
92a0850a1650c58084344be7aff002f01f21fa7e

SHA256
3e0d22b98c0e176fedbdff62d2a223d6feaae293c1936bbb09c25db98ab0da5d

SHA512
d79d77bb8eca217c35bf1239df2b244efc21bc86d72965016fe4183145bf37a1dd1a34d89861a3f7e8cf9076370efb614c12dda581e1fa35f8910f5486b60f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6ae4c32a566f5f13129662472cc271c0

SHA1
80e22d6e92f5fc8a9fac6bb6be07328dc2525518

SHA256
5c5af1eb83dc225b149fc3247376764f283fe0b1b72569e11d9cefc460cc4241

SHA512
f39d7146c48281d3a05d13bb6248351b82c92520c5b47e6cfd40490e74e3097944692f96843ecdd35d71592a734d2e46cbd230bd1d98d89a7929cf4bd2eb5ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12e449b8a956183e11ad0ced24d2977c

SHA1
d702f686af919d71c0176ae8fed1e60582ff7586

SHA256
efa24f6886559da906ace2015cae3c1856eb67c7cdb10e00911b702892c1f965

SHA512
f883501bb939a985d9e3cbc29c072c6b2a02ad59c4416594f9be3372438f678f452f0f1e7ba15351b198ffedade40ef745c0bc523ed3c11edfa4445073ea2262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58d63955ff742e6b1388ac42c627c0cb

SHA1
aeb956d54ed20d1547df16c94cc15a76141ca2dc

SHA256
5fb560701f73819bc2d110c490da03784b3b598b55d72427170e10e84d80e093

SHA512
c9fbe7ec475f91699758e81115beb5b898b590e84c292e22e3ef6a033304b99af65bbfd361f3cb8377729d7c85cf4404e3e8fc4a1b433ed445b9ad4e3d6d88f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5cb4874302449b9ee14decc983fd0c8

SHA1
a0b136ff1d99f75d9680e0e6924c087849d15823

SHA256
4d61ee811c566bd9b35163c888bf8b46e9ba47d459a17a7b112657a26779a21a

SHA512
2ed96011d0d89402711227622e2003ea2abc5dfee200102ff0e32430356a6b4573ab509afb8ac1eefa843382494c9f16f0c0b56fd2e129396bed194eb2b7c390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b56d4dbec01b130e0e11ba84b4d5ad4

SHA1
f2615f2d0eb844234d81dc728800a57462c7a5b5

SHA256
2b740ead80c234a2b57d884e5f2bc59f9de166d1ef7eca7e5e7acd66db84291f

SHA512
a13bf658e4d755c097c4d8a1e35331f232808dc3af532d9bdea9f37fb8895c05d5911eadb2687e26db824eac417f330ef6e66c88d81b6abeb2206104d6a872ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e34de22a3579189bec1e1ad29ea860cc

SHA1
1a5308410774e554932621d08fb3bd802d624a59

SHA256
b19aebe2f0c2682c2a146f0eeb1e903d04064a2287091b0c1a5737602380ecd8

SHA512
d3b9e7ad81aa0ede2ded3a3c48be79ae9111527c3237c2e9a2d0c9ac4f7c935504a03cfcf4211c0c5658bae80ded9b3d505cc1b859ab36b4f14333ea9a8dce8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd046eff7794b9116f27d47fef823c7b

SHA1
a008a02123bf0d0f501a43a5b7633d1a6ee47bb3

SHA256
31cb668ff8911c644d17836035279a285e9db5836525ddf893682ed2227a48df

SHA512
bd2ea069677196e2996698d689051d0e60c72e920b02814ed63072e7b8a9997d25d2092aae8a0282ec16d33c8436810b6ba4d514ae1ba72cf182ad330801083a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b134172905e73d18dcca803fa91a6c4

SHA1
d8147ec84b9e472de3711d409832fc320a047e83

SHA256
79e76a1661bab2b73e41e06e16038c13f1f10d7f29f99383c7366464378523cf

SHA512
7d570da24c94b17b3a406824e1e3d2b7995d6d6c94d8f7ec5addff448b010fdd22832606a847e5a57cf2582f8d020272d366fd555d82e39a1674d6e1626a114d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bad05e8b4c24b6b165130cedb08b50cd

SHA1
54e6306041a05c5eaa59266fc87fa65ae1aa4669

SHA256
65ddf064dcab202d2990bc70bf70ee124c0229936645e9b36e5f3e7a8bdb4a5e

SHA512
bc55bbfd8ba879892c6b17f9d4971f52f93da65886a30f579db49eeafc1ccc0d275778edb7cec2329541b10555d54d85a77c603f6976a76ab217848606cbac96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d47bedd139009524ca13623084705c6

SHA1
dbd9c807950092d11a4bea99ab7439262a8c421a

SHA256
66a8a0be8d66fa46e15ad217cd56be615083ea29cd30e8fddcae5ecd90f94538

SHA512
99c738d8dea6d2b455ea616334ef8bd35a2c6f6bf25628b470e7fad1cd7be1132d39fcc5f907821ce479c84fe7d4ae42f06b1252bbf8e331bb8f2b8a88da5777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8ccfc5b2a57aa8b38f980469a044c3c

SHA1
5a640d18f3c2c6a119c4c6ddc30529c037d6079c

SHA256
193b891b639ff34f9a56a77196fcb7d1c98c4382d6a20cfa691afe1d7c8f1a01

SHA512
4542bfe1ab70af025d3ae01015b108722ae01fb7924751ef9b8e730e64f1ae70c08e7c49a68b0bb722e34c6e013988724fb59edbb40818b829bb5adc945feba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2a522eb3602c29d9559e03b34b54769

SHA1
f0f4889881be43b42a88200b3b83dce21f2843bc

SHA256
edde79e4d1ce429a17cf07a13d1364da4fe3ede945c38591b0e62dee9b70dbc9

SHA512
20837b22dee414db325210d2de5d8ca597de98e964c6831fbbe21b45e0791bd397d00dac87e483bce21837fb84dc18f7cba9797df172f2585be0491886954874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d058a0c8a4cb82e6449161a73d91211f

SHA1
9f3385cbc44ea654faaae3d0c026be9ef0f34fdf

SHA256
60f7119d1f0ed8a015891d3be349efdc2bf88cb4a225149590c68efbf1bd32f7

SHA512
5b97897b5847b6e5831629588ec24a2442e0b5c984adb5239c98921facb8effcd3d55974292430791d47a24d5d05aa4c75e4e934cf3c2e3ceb387d66e13b78e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
c62ad4541b66449be12d25f51143e123

SHA1
3f35a34cfd4d58aac15925974d1813b8db726bc6

SHA256
637346c7063bd9ec935124fd8e057d2d36ce820acd2a652a49eb95435cfe9a8a

SHA512
a10f0e2ea709282c8be85c2247d978a92788989d5a4ceb97f03f5f0242daf5c234c39d2ad60d935a8a28b72cbd4b6f0b13a05ef559939dbb8227b20d47865bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
141d4f7b494a2c78fbf9b6476bed5c2b

SHA1
469873ad82d73d6b454375361187b0631bdf9544

SHA256
f01b7f950d77e0bd5708d783e45c6947c5da7dbdb00bc3d418ea5692c0ce619b

SHA512
27580a40f2b570454fea5e2fdce4c9a7c43eb1aa77cb898385c16ef48ab3651233763d41cbd251f8cd3ef0e9cca14ce41dc4731861b18b4f1f0c2113b1847cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381608368370549

Filesize
30KB

MD5
17ba2d08b047a283b2aa77256663d20e

SHA1
6eb299edd66cff147265d444bdfd8382f9520459

SHA256
b257e751a1633ca3bb1d63681106c393051bf3d01b61112f394f781cf6248010

SHA512
fd86a3b230a05bd4a948e7d513a797440f70854a6d06859e993011a161074fec4ea2513ca74099e8457cb1832c46d598538cbf053c40ca81f97b96718d96f085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
250B

MD5
cf45bdc4c111dd2f69c8229b29a5a37d

SHA1
ba761ce35295fb20af46c7a8902a49358611b72b

SHA256
1bdc59142d0fd886a706e2f4a6644696639616dfb337c948bc4c6d0939c8eecb

SHA512
07679f489b588db97e8c643e58deb0886ff6276c4210d293057f12b1aaef77e8d15473424a2e0831e00ec928e58734adaa9e59c6a9f494648e83fff11014359d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
36012d0be2edda56f2c23484c7c235bf

SHA1
b5eef37ea95a79bca8530b3b3f5c6e8c206daa78

SHA256
72815c7fa2ac617f6276c5f1534fc1d5b41740e953f7c417ffaebc87747f2c8d

SHA512
ccc6d7444c8cd9ca910bea3a0499140f6c183cb0a6a18533939d945458e3fa73976deeacaefba3b78bc6806e6b68fe9a6d1c37390db8ef8b1329b01052d34dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fb709c634a42c5c6e8cd1e6410a7f4de

SHA1
f98464feb77606b15c8ba533178e01f7f2971eb9

SHA256
c7f45dc30e542a6e1d14634b8c80562853e835971cf73329bd2700827cd31ea4

SHA512
f1b8c976b692a62c792bfd00d3a771aebf80a25341cf57e0776e666ad88f295a54c3f0c6ebe3a7284b6d82aad92f393484f81ba1a2fef4fbcfc9cee6cf6ec2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e447446bd8f15c5e7785147fd4d037e7

SHA1
e1fa9331feea82644fb471980455b9b998e37d62

SHA256
d9779434ee32858127b77ba6106a1462770d1b9c1cc27778bb2c7cf17b81b70b

SHA512
84127b1d74b616d046c9aadb26df98fd3a9a95bdf159317e4125cf242b36c87d21e95b1d6b3d4d794aba4a80a06a31af20f6ac774752c95f3829f94a6be927d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47a5cbff1b4134629c523890a9dfcc22

SHA1
975073f9574edce6e3257af80c328d7f411b7eac

SHA256
ec3216c6a0f4efc44e85cfc8c61b4ca1982972bb6da3f3d93a5160d136253a9b

SHA512
ebb410ff6b5e9eb1107ca552af8838492a1b77f19dc29e4a0576fbb6fe30ab79d47f416497eeadbe6877e0984e622d552a1bee38cc43475ad29cbd8ac65d599a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1fa45d67a31b7c23726fb4394113a96d

SHA1
9e201fccb7573706082756959ec1421d14e7ffe7

SHA256
e4b90c85a5ed79b9bb8ca37d6245f83a7ff2d39b0a2a0fcf41fa998f7378234b

SHA512
80713baaa4b1641942ef4b73d4251e697abede2298faea0640749cfe57345a23d530c64f8c7a2d5edfa0ce78cae27f0b4506748b986b8959b8050b5a09a3bbc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a57e70158875c549365c6b4f2529c6ea

SHA1
0da4952b85eab6e98f30748ad079f554e1f0baa9

SHA256
0bd3f5044eb01bc2197b36820463fcc411be7024d0fcce66cfdba6a8fc0cd5d4

SHA512
573d31189c6d791ec8cbd6a1106aba7e2aa5e86309b982077bcde0c8b4f40b268cd596bb4976b63892c09fc3de82953e2ce3cf8c886a9055b4f1bbc96930fe1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d453ff50fc7281a4535247ac8d1877d5

SHA1
999c5c9ccc723ed2f035ccbb7a7e0c94b072fbfe

SHA256
82b156d35b1a1fd802a3917973e44308dc316c721502c26d6214c74ede8dd4cb

SHA512
42f50a77a026b43ddd61ffa67440cc82254d4b5f928b8934cb1c71d07254fb93344f1c91d2c17ce63195615ac5acaf26b43cc6d96be6e8b0810fca2221d2a9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2a4c08b9ed152eb655c628baace7049

SHA1
876865fb8b364d062c4b03545f36a97d5e97ad41

SHA256
5db5029e97d7ad5267317931eb1fd4660d97e4c59132840ad4a9f385961bedb5

SHA512
bf58fb4908d612f6eb8949e4c5946732114a376adcfd05e5a597844fb0b0c8a8ed5029ea29a6566885a24be53f91dd84d2966bab803cc48fd3c8142cffbea2c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cce827a4aebea457f0b075d3b687d5e

SHA1
c5f7eb8184f386b58950bf1882ad837335d3fb44

SHA256
c65effa8c15cd3a211173cf0bb3759e1c4a38d22e81b695ad80f36464a29e646

SHA512
d553f3087a27c4cb366e95fd51de57e97985de8794cff0cb8571a748db60f8676b3f5a7f6869d32a44a79d19a530234a89ea7a27451d10570a3044291e39e50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34076c0e04292febfdb2192734f11989

SHA1
eb6a58d82a6fc616b125677069c29aa7c84e287d

SHA256
d4c38f9fbf2fb8ce00c03682f4bf13700cc1d2b6bd4d998d566bbccbfb71901c

SHA512
5365d6f51314d299c64a8c29d2796ef5f212fb338d83674809b8173091b4a9463587d240f6de171f14543e24688d77fb57194be88b811fbf9810651f40f13619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af0e563cda504d449628686d4e6ab196

SHA1
40936fe5e0730e301d8674d95ade7d6c06bd7e49

SHA256
11d066704754d3071a9bd7b5abb1e9ac8f99afd58d675b6771955f2b507f91a7

SHA512
b4869015cd885aada0ebd5f21d8302762e7b7059742428d82b2d7f06a91c6dc753b78428a40d28e20bed82b144cf9c75e39b1371984532133339d4f3f9c8a8e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9fe482de73cf21f29159cfbdcfabb17e

SHA1
b85074c6fe386f286eb0e765904d96c49d23615d

SHA256
2b81e329c208dfb65e3130d8134bf11ef1d7760a71270e46284a2a2f19feb2d0

SHA512
f254468ac41debbac79011db6bb7d500c61bc8305c527f62fffd4275e1f8ad0acbb7bb709dd91af1650073c9432c2b430e023013f36194a9e389a8b356f3b51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa55c66c9916060ae3f8751a2ad3cc05

SHA1
8ffee5f237eac2c439a3e96c1d90d0be7386448d

SHA256
da8598b5b52df1f98bd894cd99d6df7ef7eabd9c5adc9cb09b860f9f7d4b215d

SHA512
dbe066075742b4af4d97234c5b64294d157066e4b327498aab0deb39f754d3d59a258510ed978db392b864b66010505a59fa413c927f025ac04d4c21c7c74d9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c28fe0897693834208e7785f55486f7e

SHA1
1000c2c3f4e7c292c2576d4f372cabcf46c57d0b

SHA256
78c6477bca15b41d50813f980d4754de67f57d178eea40a11db71394f3eaf6e1

SHA512
b1b572975a049dfb2a42eb4a1601b66874e4933fd0b002e38902b1eca41e56c47b2425f506c9ef1b0dccc1b5baed19986d30e9cae8787537c41faa8fd3cb6df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c4f1.TMP

Filesize
536B

MD5
7e8c1babb71d41ad6e63b2244f07cf57

SHA1
7330e2372d6f778f8972adafb56a1207463b944d

SHA256
5e847071215de09f56fedcf27fe9162841d845b14cdc8a3d91e713ef16279d59

SHA512
24d4254847c4b6b6593d378bd42bb638ca565b7634fdff941770204551f2bb8d2650f37449ddbd4a0252b6656dcab7ef3c61ea51c83adf97249a77c38227c4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
25e9c15e2ae951372350cc401412ee5f

SHA1
407856f6d00fba8970d465be3d413d1f21ff42e7

SHA256
c8aaa6cad7363639a736dc9a9bc2993264d5b6e20cc601241f4328f7ce76a021

SHA512
cf24c2a01cdebedbb2250ae69fc5aeeded4c6b2dd63ada63273be8f27a24d521e9107bdb07e4e3e90ce821267eb31bf4174c768a249d35ae093606ef59d4673d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
50d8f75f11531ef4d8314cf7903ff109

SHA1
b6aef437c13a500fd3162112225d380ea287ca51

SHA256
dadaa6a081ef9caf74ecc8c12076852fba172723d4fda970e091868238070a19

SHA512
381884b914c44e5899830b093d70db8b95f7ca2292842dc71c97fcd38b8ab3cf2e04d2651c7558e1dcd0dc4c64d79b17e81e8a8180e352b816de110bc6d72365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\8f7d71ed-e8b8-49ec-95bb-0c7b27bb69f7\0

Filesize
16.5MB

MD5
a725357eb37e4b43a65b9dfb50202c1d

SHA1
3308690577f8186444eeb242bb4e75cf45a6a4e8

SHA256
c760b5f8e5dc948db88e266ad5b44322d210d2d5f54a0300d17e19c3f5d3906c

SHA512
e1e8ea6e907c5afb29e392e02d93b2596839583aff3cecd7097611705496c7509b268d0c3340e819985715ce7b3cedb32972367f431ab9d21d7dfcf83e9766d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fd4ff1e1-968d-428e-bc40-1e09e89c77f2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
f1522ae3b03dcbaa563a18377052b5f4

SHA1
ebe9de304b2287641b04ef374c1a8fcf9b769da2

SHA256
340a8efea88c80e464f8c1b7e479056536f3c501a8718bf350a8d139e7115ddc

SHA512
d7204fd054b472780d4303d878ce2c71fba4d6c04f6c001f273e266ee8a79a6c16782d3ac2d75ba97d4b0d6275ac9fa3e25399b46834f0955101ff926ba10050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
8KB

MD5
c469a0837166b5747c92a33511155243

SHA1
eba287b4c047c14b00de0349e8629b6916cdd502

SHA256
2a26407bd20cada3696f4959973b8dd4939822051c751cc03569c55308f0b3b7

SHA512
dfef911535e0cbdd0c74a3af6e1b8964593d93af26e59868fcca28221f5abeb92cce7ed1839a58aa760c35709e879aa5874b15a57b35530eb4e5e9282c8ff874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b42d905ced8a1baa64ba5b2677c6bf09

SHA1
e9995be6ef2e798121be395ed94d39bd1857bd51

SHA256
e3e92a4eb0090ce4453e3008acb92004c695a343081ee97328e1f845061c4edb

SHA512
77f9501f6f8128b999945d80ee8c2216ef432f3619b0492f35ab6d151400f1fc5428beb7a0bebd52d7a90153b97dc381fc6b438e5daff867d78177439af3ad46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
8fc8bcc3a83ee63d32a11091cb86e929

SHA1
8b42fb59e53ccc82529083234e2381e7664a4c51

SHA256
5621526c8397ca159267a5462f043974c17a5c6f8793c09efcf3a2fd69deb1c0

SHA512
6711be4086f3b02dad873741a994ad354f30fc4328e909de2412241fe94d66d8c64aa522038ec0af7d9076891097d84ecfaaa778bb11d25f99dd7e91c9c9fc4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
0cfbe8172884100f8647b601d0aea601

SHA1
1622d42090ade3f9b00857df114e506995f15262

SHA256
a5c2330496d801d7e819be6cdfab2aab6b4c0a4bdc64e65ebce6b072bee10768

SHA512
13de103d065e0532270a011719511e0ba438d875c1d54c7e80bb545e3ce40920a09eceee4db9ad78210fc4c32f95e9392dd7382202cc6782973be48b0ab100a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fca412a592775ed504c34991ad73da8c

SHA1
2e1379af2c6ae62aea3af61c62a8f69b64e2ed76

SHA256
6f1c4b739a9121e37dad8cfce50ac7de67363477d08aa5b873bd8a22934d3e25

SHA512
eb3d870429a26dd6878a0091e6526063fba387c98cd24e22c5840ae4e3512d9574a51e47d7d08906ee83ac00eb1b486710f10aa6e653418c8a5bd9ae27f49426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
eacdacf556636fbee313555d1042c700

SHA1
df1ed7c175e09a67d250f51adfd68a9c940da98f

SHA256
5ed172fff5183d2c429f0bdafe301f88d7a0df4b55503b17ab8a59d5d22a90a4

SHA512
b5c30b96d4361377bbd563194e16751691da2420553a5179cc985097281c271e81ef3e31269f34638db08739fa0db6ccbf89619c6f6874874bf32d02c3156daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2353de6dce62cfbd61506f098c6c8c9

SHA1
4d55b553e52ad97e7462cd7012ea7d38b6f08dba

SHA256
d443cb9bf8ce541e1cd359b52dc585dd2cde537c91ddee53d1e773e6adfcd6b3

SHA512
426236ca6711c27e9930e0e91d7fa7a3506c6d5fd504688fcd8b38ad257aab4c063ceea5e8f4f6e1c4af2704fc6ff3c8e1b9148b3dd75a8cf289a7292ee3f8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d9d32442fcbb7f1703a8c8188b0e6d0

SHA1
1a22451e0d9edd5d56908ba33d3fed8970822a02

SHA256
da56360a65ebb28980a7d87fd70a46fa77e57a096a97706fc22aea7ca1230512

SHA512
4d927ba143139a09622f528cac62ab4c6a5c96d6c45ef7e902a27e927ba7e0a011bb364bfdcffa87c4b6f279231c1255d3c3b2ea497f8b00c93dc0a8a7fdf7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
11ebda2fce09779770b3eafc6beb25be

SHA1
4fb3137dbea7cd304c9a81b36d713b8bf01a3824

SHA256
67ab324d374f0d70fd3ebd0c827b05a1e23523efe624a249b35093c36a2a9d9a

SHA512
8bf54ac630f337a261ea8ebecb57a388f20df77cb6f962d3440641626dd2d0232b27f0ace975186fb798336d9384b656d0c3109f21c36c18aa055dea0d7e2e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25e78d6b965ae6704a2b043ec97212ee

SHA1
0f47e7d690009a5816fc8a1ae74bab2c84b2b4df

SHA256
f40fc62a59288b8a4906a8e08f7f0510bf7a410ef0bd4d2c48181dfdd9e0720f

SHA512
b2fd97658ca0b2a62706e355b0afbb267dfac783b9b2898ef5f9ca5b11372dfa63d4fc45f25ac862e2d4425c640a6b7e39a4d6db215e91250a307ed2a2eba671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70ac15a5210b013893362ae04de6fda3

SHA1
fa07dc671959d79875c74b7e04bc34147098b83c

SHA256
70550ef9baa6324cdd19956bd602e22c9be615303e58baba91497c8bdba228b9

SHA512
0f6427973b43d0aaf5c5bf56c2195d52c7c89c8e19573edbb95b3b14fa56989e3d09909f57a6656e84e6bff0b98bcd7dc3b8c540461002874b5eb2318d7c2ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
57e1963ddc565a00baa2f76e34468195

SHA1
391054004e75a0dec3a6e5aae53bf3ff68c480f7

SHA256
79b8983e2896b103328b349de3dcaa86ec347b226b03991a15900b7f0f1e78b7

SHA512
ed253fcb2ec9e1a1d3f143884e35a63f25e95d9a913345d49713dc64d03eaba51473dffe179cd520c90795d22c6307a724f7347cee7ca5aa55946c9aba820532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df50651fad8ba285af4e295a3499f1ac

SHA1
39cc1f0d8e4e5ee0ab15a327a620a436fdac7e8e

SHA256
e76546446698f6b22eb3ffb55b47d21d39e9fdf903c69e34813cbb3b0c730b38

SHA512
24e5397c5c95f19aaf5a7d34404a7b64af66548c23348f63d3a99e2842228c9175764404a9c057622367e4975c2549237ece2484ee4079568cdfee1c55e123d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7e9d14d281325f82374b1cbe43a6f0b1

SHA1
e1386ac13279c534768f9cfca9376449bd134651

SHA256
b81b08fea70a007047332ef905f1e4241eb372e167e32369a924c805c0a7f591

SHA512
43886d3ec10513e1c79dc503e98137d2541a600eb1d236114559fd4edd30bf4b9360005ac97ef219fca8a4d8d23bc1149dab69ab9394e4db7d36e7d450c51157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
2433b5ab796f17897b59a820df38524b

SHA1
6c0c29ef11b870fb2fa89bb2fb0e2760d94a20ef

SHA256
46951e82624fb8eaf705e2794e32fbf30608f1631e7639ffeff6e7dbe0815642

SHA512
a6fed847fa6cc5991d36e77469fe82df557c2eff4803c229aba46689e89dc16387560e9093b32dd7a3b6d2518e6dd12303e056f44352bc2972cb0e16ab16b082

Download Submit
C:\Users\Admin\Downloads\Locky.zip

Filesize
528KB

MD5
48d2bfea5c786b3465f323de5eefc75d

SHA1
17096df01cbca548607ae4440b3c0503912e7969

SHA256
bbb86b0fcdfe044d98f6631a899357a98895c85a6fcc44ba454cc81e8bc4c7dc

SHA512
c967c8f1247d4a2646424522f9aab60e753ac8c62ccebc929e6ba5fbaad6af47dbcce84bea5261ad2c268ba806cc7e4af4ba3c44c18126893a76cafbe4d10f38

Download Submit
C:\Users\Admin\Downloads\Monster Ransomware (second new version).zip

Filesize
28KB

MD5
f2171aabde6ef4ead5ddaf1da1258bfc

SHA1
101c0ff130eece7002bd9e5b58b8d4c79f9c4d2d

SHA256
780e6930594c42ebd3a98020ab3b7dd31952c04bda0968d08b8a0c3a8cdaeae2

SHA512
6007843a50ae457f0b8ca42048adef931aacc5697f79b9cd8472ca1406f39fc09e45ef9e52aacc43f0fea7e22b29e8bee70215be1070f262a3c163947a75e3a8

Download Submit
C:\Users\Admin\Downloads\Monster Ransomware.zip

Filesize
510KB

MD5
960153ee2982721d18aa889180f95c94

SHA1
e420bb0428a7cecb93eda3e27e3272d5b3179b00

SHA256
d74a0cc21f0171fc420713c15ca101ee5101dcffd572040db9562d33dbd4e908

SHA512
b5bfdaa155eaff2ce238a23f06f7ce57147ad2062e651dbeeaff675474446fef18d1288251d7a9b32cd0e036dc932a2a4787b05a9e30c747c7addce1cc1793af

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 11089.crdownload

Filesize
21.5MB

MD5
ac9526ec75362b14410cf9a29806eff4

SHA1
ef7c1b7181a9dc4e0a1c6b3804923b58500c263d

SHA256
5ae89b053a9c8e4ad9664b6d893998f281f2864c0f625a536400624d4fbd0164

SHA512
29514a83a5bb78439ee8fb9d64b9e0885f4444fb7f02cefdee939984bb80f58493b406787c53f9a4bf521b2c03af4c3e3da4d5033eee8095b2ab0e753534e621

Download Submit
memory/540-1498-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/540-1564-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/540-1539-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/1020-14-0x0000000002290000-0x00000000022A9000-memory.dmp

Filesize
100KB

Download
memory/1020-1-0x00000000022B0000-0x00000000022C9000-memory.dmp

Filesize
100KB

Download
memory/1020-0-0x0000000002290000-0x00000000022A9000-memory.dmp

Filesize
100KB

Download
memory/1020-6-0x00000000022D0000-0x00000000022E0000-memory.dmp

Filesize
64KB

Download
memory/1020-5-0x00000000022B0000-0x00000000022C9000-memory.dmp

Filesize
100KB

Download
memory/2544-19-0x00000000006B0000-0x00000000006C9000-memory.dmp

Filesize
100KB

Download
memory/2544-21-0x00000000006D0000-0x00000000006E0000-memory.dmp

Filesize
64KB

Download
memory/2544-20-0x0000000000690000-0x00000000006A9000-memory.dmp

Filesize
100KB

Download
memory/2544-15-0x00000000006B0000-0x00000000006C9000-memory.dmp

Filesize
100KB

Download
memory/2544-29-0x0000000000690000-0x00000000006A9000-memory.dmp

Filesize
100KB

Download
memory/4400-31-0x00000000006D0000-0x00000000006E9000-memory.dmp

Filesize
100KB

Download
memory/4400-30-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/4400-7-0x00000000006D0000-0x00000000006E9000-memory.dmp

Filesize
100KB

Download
memory/4400-8-0x00000000006F0000-0x0000000000709000-memory.dmp

Filesize
100KB

Download
memory/4400-12-0x00000000006F0000-0x0000000000709000-memory.dmp

Filesize
100KB

Download
memory/4400-13-0x0000000000710000-0x0000000000720000-memory.dmp

Filesize
64KB

Download
memory/4808-1581-0x00007FFDD5AE0000-0x00007FFDD5AF1000-memory.dmp

Filesize
68KB

Download
memory/4808-1577-0x00007FFDD75A0000-0x00007FFDD75B8000-memory.dmp

Filesize
96KB

Download
memory/4808-1633-0x00007FFDBA270000-0x00007FFDBB320000-memory.dmp

Filesize
16.7MB

Download
memory/4808-1623-0x00007FFDC6230000-0x00007FFDC64E6000-memory.dmp

Filesize
2.7MB

Download
memory/4808-1592-0x000001EE57930000-0x000001EE5919F000-memory.dmp

Filesize
24.4MB

Download
memory/4808-1574-0x00007FF74AA20000-0x00007FF74AB18000-memory.dmp

Filesize
992KB

Download
memory/4808-1575-0x00007FFDD75F0000-0x00007FFDD7624000-memory.dmp

Filesize
208KB

Download
memory/4808-1582-0x00007FFDD5AC0000-0x00007FFDD5ADD000-memory.dmp

Filesize
116KB

Download
memory/4808-1583-0x00007FFDD5AA0000-0x00007FFDD5AB1000-memory.dmp

Filesize
68KB

Download
memory/4808-1576-0x00007FFDC6230000-0x00007FFDC64E6000-memory.dmp

Filesize
2.7MB

Download
memory/4808-1580-0x00007FFDD5B00000-0x00007FFDD5B17000-memory.dmp

Filesize
92KB

Download
memory/4808-1579-0x00007FFDD5B20000-0x00007FFDD5B31000-memory.dmp

Filesize
68KB

Download
memory/4808-1578-0x00007FFDD7580000-0x00007FFDD7597000-memory.dmp

Filesize
92KB

Download
memory/4808-1586-0x00007FFDBA270000-0x00007FFDBB320000-memory.dmp

Filesize
16.7MB

Download
memory/4808-1589-0x00007FFDD4DB0000-0x00007FFDD4DC1000-memory.dmp

Filesize
68KB

Download
memory/4808-1585-0x00007FFDD5A50000-0x00007FFDD5A91000-memory.dmp

Filesize
260KB

Download
memory/4808-1584-0x00007FFDCDC10000-0x00007FFDCDE1B000-memory.dmp

Filesize
2.0MB

Download
memory/4808-1591-0x00007FFDD35C0000-0x00007FFDD35D1000-memory.dmp

Filesize
68KB

Download
memory/4808-1590-0x00007FFDD35E0000-0x00007FFDD35F1000-memory.dmp

Filesize
68KB

Download
memory/4808-1588-0x00007FFDD5A00000-0x00007FFDD5A18000-memory.dmp

Filesize
96KB

Download
memory/4808-1587-0x00007FFDD5A20000-0x00007FFDD5A41000-memory.dmp

Filesize
132KB

Download
memory/4856-26-0x0000000000710000-0x0000000000729000-memory.dmp

Filesize
100KB

Download
memory/4856-22-0x0000000000710000-0x0000000000729000-memory.dmp

Filesize
100KB

Download
memory/4856-56-0x00000000006F0000-0x0000000000709000-memory.dmp

Filesize
100KB

Download
memory/4856-28-0x0000000000730000-0x0000000000740000-memory.dmp

Filesize
64KB

Download
memory/4856-27-0x00000000006F0000-0x0000000000709000-memory.dmp

Filesize
100KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads