Overview

overview

10

Static

static

1

URLScan

urlscan

http://roblox

windows11-21h2-x64

10

Resubmissions

06-02-2025 13:08

250206-qdp3xavrgs 10

06-02-2025 13:05

250206-qbq77avrbw 5

Analysis

  • max time kernel
    218s
  • max time network
    245s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06-02-2025 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://roblox

Score
10/10
cryptolockerdharmacredential_accessdefense_evasiondiscoveryexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Signatures

  • CryptoLocker

    Ransomware family with multiple variants.

    ransomwarecryptolocker
  • Cryptolocker family
    cryptolocker
  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Dharma family
    dharma
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Renames multiple (556) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Disables RegEdit via registry modification 2 IoCs
    defense_evasion
  • Disables Task Manager via registry modification
    defense_evasion
  • Downloads MZ/PE file 6 IoCs
  • Manipulates Digital Signatures 1 TTPs 12 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 5 IoCs
  • Executes dropped EXE 16 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
    defense_evasion
  • Loads dropped DLL 8 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 8 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 59 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 5 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Interacts with shadow copies 3 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Control Panel 6 IoCs
    defense_evasion
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 3 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • NTFS ADS 13 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 37 IoCs
    defense_evasion
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa21533cb8,0x7ffa21533cc8,0x7ffa21533cd8
      2⤵
        PID:4552
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
        2⤵
          PID:2156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:4780
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
          2⤵
            PID:1308
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
            2⤵
              PID:3396
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:4316
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
                2⤵
                  PID:3164
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                  2⤵
                    PID:3728
                  • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:3848
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
                    2⤵
                      PID:4584
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                      2⤵
                        PID:4800
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1760
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                        2⤵
                          PID:3844
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                          2⤵
                            PID:1596
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
                            2⤵
                              PID:3752
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
                              2⤵
                                PID:3460
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
                                2⤵
                                  PID:4156
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
                                  2⤵
                                    PID:1164
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
                                    2⤵
                                      PID:1352
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
                                      2⤵
                                        PID:2540
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                        2⤵
                                          PID:3252
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                          2⤵
                                            PID:1860
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                                            2⤵
                                              PID:3272
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
                                              2⤵
                                                PID:4736
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6960 /prefetch:8
                                                2⤵
                                                  PID:336
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                                  2⤵
                                                    PID:32
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7052 /prefetch:8
                                                    2⤵
                                                      PID:2336
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
                                                      2⤵
                                                        PID:4664
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                                                        2⤵
                                                          PID:4444
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6992 /prefetch:8
                                                          2⤵
                                                            PID:2288
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7232 /prefetch:8
                                                            2⤵
                                                              PID:3384
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
                                                              2⤵
                                                                PID:3460
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
                                                                2⤵
                                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                • NTFS ADS
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:964
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
                                                                2⤵
                                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                • NTFS ADS
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1652
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
                                                                2⤵
                                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                • NTFS ADS
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:872
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2464 /prefetch:2
                                                                2⤵
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:17356
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:24536
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5076 /prefetch:8
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:17272
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:8
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                • NTFS ADS
                                                                PID:12116
                                                              • C:\Users\Admin\Downloads\Bezilom.exe
                                                                "C:\Users\Admin\Downloads\Bezilom.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Adds Run key to start application
                                                                • Drops file in Windows directory
                                                                • System Location Discovery: System Language Discovery
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:7680
                                                              • C:\Users\Admin\Downloads\CoronaVirus.exe
                                                                "C:\Users\Admin\Downloads\CoronaVirus.exe"
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • System Location Discovery: System Language Discovery
                                                                PID:12660
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:9124
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3988 /prefetch:8
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • NTFS ADS
                                                                PID:9248
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:24812
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2816 /prefetch:8
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                PID:24968
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
                                                                2⤵
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                • NTFS ADS
                                                                PID:25096
                                                              • C:\Users\Admin\Downloads\Fagot.a.exe
                                                                "C:\Users\Admin\Downloads\Fagot.a.exe"
                                                                2⤵
                                                                • Modifies WinLogon for persistence
                                                                • Manipulates Digital Signatures
                                                                • Executes dropped EXE
                                                                • Impair Defenses: Safe Mode Boot
                                                                • Adds Run key to start application
                                                                • Modifies WinLogon
                                                                • Drops file in System32 directory
                                                                • Drops file in Windows directory
                                                                • System Location Discovery: System Language Discovery
                                                                • Checks processor information in registry
                                                                • Enumerates system info in registry
                                                                • Modifies Internet Explorer settings
                                                                • Modifies Internet Explorer start page
                                                                • Modifies registry class
                                                                PID:25208
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2396 /prefetch:2
                                                                2⤵
                                                                  PID:26132
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3636 /prefetch:2
                                                                  2⤵
                                                                    PID:26552
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,16891509729130670522,2626145442853093882,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4076 /prefetch:2
                                                                    2⤵
                                                                      PID:27060
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:3252
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:2508
                                                                      • C:\Windows\system32\BackgroundTransferHost.exe
                                                                        "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                                                        1⤵
                                                                          PID:4588
                                                                        • C:\Windows\System32\rundll32.exe
                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                          1⤵
                                                                            PID:3852
                                                                          • C:\Users\Admin\Downloads\CoronaVirus.exe
                                                                            "C:\Users\Admin\Downloads\CoronaVirus.exe"
                                                                            1⤵
                                                                            • Drops startup file
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            • Drops desktop.ini file(s)
                                                                            • Drops file in System32 directory
                                                                            • Drops file in Program Files directory
                                                                            • System Location Discovery: System Language Discovery
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:3536
                                                                            • C:\Windows\system32\cmd.exe
                                                                              "C:\Windows\system32\cmd.exe"
                                                                              2⤵
                                                                                PID:3700
                                                                                • C:\Windows\system32\mode.com
                                                                                  mode con cp select=1251
                                                                                  3⤵
                                                                                    PID:6028
                                                                                  • C:\Windows\system32\vssadmin.exe
                                                                                    vssadmin delete shadows /all /quiet
                                                                                    3⤵
                                                                                    • Interacts with shadow copies
                                                                                    PID:7976
                                                                                • C:\Windows\system32\cmd.exe
                                                                                  "C:\Windows\system32\cmd.exe"
                                                                                  2⤵
                                                                                    PID:24036
                                                                                    • C:\Windows\system32\mode.com
                                                                                      mode con cp select=1251
                                                                                      3⤵
                                                                                        PID:24192
                                                                                      • C:\Windows\system32\vssadmin.exe
                                                                                        vssadmin delete shadows /all /quiet
                                                                                        3⤵
                                                                                        • Interacts with shadow copies
                                                                                        PID:23996
                                                                                    • C:\Windows\System32\mshta.exe
                                                                                      "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                                                      2⤵
                                                                                        PID:24124
                                                                                      • C:\Windows\System32\mshta.exe
                                                                                        "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
                                                                                        2⤵
                                                                                          PID:24144
                                                                                      • C:\Users\Admin\Downloads\CryptoLocker.exe
                                                                                        "C:\Users\Admin\Downloads\CryptoLocker.exe"
                                                                                        1⤵
                                                                                        • Executes dropped EXE
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • NTFS ADS
                                                                                        PID:3344
                                                                                        • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                                                          "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
                                                                                          2⤵
                                                                                          • Executes dropped EXE
                                                                                          • Adds Run key to start application
                                                                                          • System Location Discovery: System Language Discovery
                                                                                          PID:4772
                                                                                          • C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
                                                                                            "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000234
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:2640
                                                                                      • C:\Users\Admin\Downloads\Krotten.exe
                                                                                        "C:\Users\Admin\Downloads\Krotten.exe"
                                                                                        1⤵
                                                                                        • Disables RegEdit via registry modification
                                                                                        • Executes dropped EXE
                                                                                        • Adds Run key to start application
                                                                                        • Modifies WinLogon
                                                                                        • Drops file in Windows directory
                                                                                        • System Location Discovery: System Language Discovery
                                                                                        • Modifies Control Panel
                                                                                        • Modifies Internet Explorer settings
                                                                                        • Modifies Internet Explorer start page
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • System policy modification
                                                                                        PID:964
                                                                                      • C:\Windows\system32\vssvc.exe
                                                                                        C:\Windows\system32\vssvc.exe
                                                                                        1⤵
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:8048
                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                        1⤵
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:10872
                                                                                      • C:\Windows\system32\OpenWith.exe
                                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                                        1⤵
                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                        PID:5976
                                                                                      • C:\Windows\system32\LogonUI.exe
                                                                                        "LogonUI.exe" /flags:0x0 /state0:0xa39c9855 /state1:0x41c64e6d
                                                                                        1⤵
                                                                                          PID:25856

                                                                                        Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Reconnaissance

                                                                                        Resource Development

                                                                                        Initial Access

                                                                                        Execution

                                                                                        Windows Management Instrumentation

                                                                                        1
                                                                                        T1047

                                                                                        Persistence

                                                                                        Boot or Logon Autostart Execution

                                                                                        3
                                                                                        T1547

                                                                                        Registry Run Keys / Startup Folder

                                                                                        1
                                                                                        T1547.001

                                                                                        Winlogon Helper DLL

                                                                                        2
                                                                                        T1547.004

                                                                                        Privilege Escalation

                                                                                        Boot or Logon Autostart Execution

                                                                                        3
                                                                                        T1547

                                                                                        Registry Run Keys / Startup Folder

                                                                                        1
                                                                                        T1547.001

                                                                                        Winlogon Helper DLL

                                                                                        2
                                                                                        T1547.004

                                                                                        Defense Evasion

                                                                                        Direct Volume Access

                                                                                        1
                                                                                        T1006

                                                                                        Impair Defenses

                                                                                        1
                                                                                        T1562

                                                                                        Safe Mode Boot

                                                                                        1
                                                                                        T1562.009

                                                                                        Indicator Removal

                                                                                        2
                                                                                        T1070

                                                                                        File Deletion

                                                                                        2
                                                                                        T1070.004

                                                                                        Modify Registry

                                                                                        6
                                                                                        T1112

                                                                                        Subvert Trust Controls

                                                                                        2
                                                                                        T1553

                                                                                        SIP and Trust Provider Hijacking

                                                                                        2
                                                                                        T1553.003

                                                                                        Credential Access

                                                                                        Credentials from Password Stores

                                                                                        2
                                                                                        T1555

                                                                                        Credentials from Web Browsers

                                                                                        1
                                                                                        T1555.003

                                                                                        Windows Credential Manager

                                                                                        1
                                                                                        T1555.004

                                                                                        Unsecured Credentials

                                                                                        1
                                                                                        T1552

                                                                                        Credentials In Files

                                                                                        1
                                                                                        T1552.001

                                                                                        Discovery

                                                                                        Browser Information Discovery

                                                                                        1
                                                                                        T1217

                                                                                        Query Registry

                                                                                        2
                                                                                        T1012

                                                                                        System Information Discovery

                                                                                        3
                                                                                        T1082

                                                                                        System Location Discovery

                                                                                        1
                                                                                        T1614

                                                                                        System Language Discovery

                                                                                        1
                                                                                        T1614.001

                                                                                        Lateral Movement

                                                                                        Collection

                                                                                        Data from Local System

                                                                                        1
                                                                                        T1005

                                                                                        Command and Control

                                                                                        Web Service

                                                                                        1
                                                                                        T1102

                                                                                        Exfiltration

                                                                                        Impact

                                                                                        Inhibit System Recovery

                                                                                        2
                                                                                        T1490

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id-25788A46.[[email protected]].ncov
                                                                                          Filesize

                                                                                          2.7MB

                                                                                          MD5

                                                                                          1a6d8b5cd196aa7803af6326a9215911

                                                                                          SHA1

                                                                                          751c631fb8b5303ff1443cd72b1c95cfaad8926f

                                                                                          SHA256

                                                                                          f2869b046c48c48e729b9dc4de85a511a207cd479dd8eb079c66c5aa9289a57d

                                                                                          SHA512

                                                                                          f389290eb67baf615b59568872739a45088cad2865a69462da5a199842ff042ddd8b2cd9c56e847b7ba75938f86d0f1949362a2ba880821816aacff42f62a3d4

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          554d6d27186fa7d6762d95dde7a17584

                                                                                          SHA1

                                                                                          93ea7b20b8fae384cf0be0d65e4295097112fdca

                                                                                          SHA256

                                                                                          2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

                                                                                          SHA512

                                                                                          57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          a28bb0d36049e72d00393056dce10a26

                                                                                          SHA1

                                                                                          c753387b64cc15c0efc80084da393acdb4fc01d0

                                                                                          SHA256

                                                                                          684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

                                                                                          SHA512

                                                                                          20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                          Filesize

                                                                                          38KB

                                                                                          MD5

                                                                                          adf2df4a8072227a229a3f8cf81dc9df

                                                                                          SHA1

                                                                                          48b588df27e0a83fa3c56d97d68700170a58bd36

                                                                                          SHA256

                                                                                          2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

                                                                                          SHA512

                                                                                          d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                          Filesize

                                                                                          37KB

                                                                                          MD5

                                                                                          4c0a7d97898d984078239033559269d2

                                                                                          SHA1

                                                                                          a3633dfc9744c790606ac243ee52207b826c1e9e

                                                                                          SHA256

                                                                                          189d8dac5d80bb54dcb1b9054233e3d64c90017af89d3290eacb67089b50fbb0

                                                                                          SHA512

                                                                                          be19c6b55b37907f7864f8efd855590354d49050250d77e5d7057895b7517ef89243e7529ad8efd596988d19481c753bda06dca5e4bee582fce49a4bb096ae6b

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
                                                                                          Filesize

                                                                                          20KB

                                                                                          MD5

                                                                                          cd2b487b040fe8be065187396a981a39

                                                                                          SHA1

                                                                                          6e7d100191aaf135915aac159f47bf9072390edf

                                                                                          SHA256

                                                                                          1441b3e440dc6b2835e410e22d39c07cc1a446c738eeec3d0e1f821b04b3a1f6

                                                                                          SHA512

                                                                                          35b182d4573f3f175d8a97cc5875d215650d88d222b72755051bd5ed2155bf96712fc4c71f2b5eb12e0073b8c5eadaf941dbd83617dc92e7c3d725a3bf1d3262

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                          Filesize

                                                                                          21KB

                                                                                          MD5

                                                                                          1a87d50da70b524d872a2ad46fd312d3

                                                                                          SHA1

                                                                                          e019160b3e28f5690183232e726c0e005099f434

                                                                                          SHA256

                                                                                          677e9f0cf3c1c316bf715a2f0951327af8f4b1d495d803b811abd2660c2931cf

                                                                                          SHA512

                                                                                          87fff80de02caba8d9c3bb8aaa362abff0253e5d5477d535122abe97f506f1bab9b85662d347e6375beeb8efae67a036c4e4903e2393cddbafccf8bfa6ff0d59

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                                          Filesize

                                                                                          26KB

                                                                                          MD5

                                                                                          525579bebb76f28a5731e8606e80014c

                                                                                          SHA1

                                                                                          73b822370d96e8420a4cdeef1c40ed78a847d8b4

                                                                                          SHA256

                                                                                          f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

                                                                                          SHA512

                                                                                          18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
                                                                                          Filesize

                                                                                          18KB

                                                                                          MD5

                                                                                          df5df05b063c584376d235fa678175ec

                                                                                          SHA1

                                                                                          a38b234dfbddf38a915f6e3e80123d2acfadbdaa

                                                                                          SHA256

                                                                                          13abafa660e5d4cc56de010f88b1ebf8fc39ec77b1dfdffa28caec59f15ef71d

                                                                                          SHA512

                                                                                          bfaffa447e3e84e32cb4665ad75c4d8ea71bbe9b2229d645fbe41961b5503de67498ec5b107d6368aeea9366c185bc04d31100fa920ca4673633baf679ab6116

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
                                                                                          Filesize

                                                                                          16KB

                                                                                          MD5

                                                                                          dde035d148d344c412bd7ba8016cf9c6

                                                                                          SHA1

                                                                                          fb923138d1cde1f7876d03ca9d30d1accbcf6f34

                                                                                          SHA256

                                                                                          bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

                                                                                          SHA512

                                                                                          87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
                                                                                          Filesize

                                                                                          18KB

                                                                                          MD5

                                                                                          8bd66dfc42a1353c5e996cd88dc1501f

                                                                                          SHA1

                                                                                          dc779a25ab37913f3198eb6f8c4d89e2a05635a6

                                                                                          SHA256

                                                                                          ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

                                                                                          SHA512

                                                                                          203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
                                                                                          Filesize

                                                                                          55KB

                                                                                          MD5

                                                                                          c649e6cc75cd77864686cfd918842a19

                                                                                          SHA1

                                                                                          86ee00041481009c794cd3ae0e8784df6432e5ec

                                                                                          SHA256

                                                                                          f451a4a37826390ab4ea966706292ee7dd41039d1bedc882cbc8392734535393

                                                                                          SHA512

                                                                                          e9e779870071fe309bbde9b6a278d9627c7f2402b55ac4c0a48c65b1de5172cf9dad2992f8619d7e7aaf978e6ccd607620de88554aa963f3d45501913ed49f64

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
                                                                                          Filesize

                                                                                          59KB

                                                                                          MD5

                                                                                          843baa91f952bfac13fbffe7bef4e0b1

                                                                                          SHA1

                                                                                          afd3ad4693aacc22932367b2db908ccb13eca497

                                                                                          SHA256

                                                                                          a82d725b9ded5a49393243f01df332f57380396290a83872daa9c58efea1fc1b

                                                                                          SHA512

                                                                                          a3bad6b7b0eeb0267d1798b21828daafca052b456870cb11e61fbb320b5c5ba3654ffe79986850e190b2a9d9c8311e4e88983d0a92d8419056a8c072ae8bcbb9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
                                                                                          Filesize

                                                                                          43KB

                                                                                          MD5

                                                                                          f837300b294e646d4eaaadb88a209245

                                                                                          SHA1

                                                                                          a9ccd30a5e2533d2d3b0b2dcaf114e2a743d7123

                                                                                          SHA256

                                                                                          ae6cda74187ab47ca98cc6d86ceea45b2cb9309f88816666f2103398478ca13d

                                                                                          SHA512

                                                                                          6d4fb748e56910162c0409fa7686fdba0df257554f74f787023554b869f20ea28d850684e7fbba2515189712d7afdd13f0eba5a1697421831bf32e7a50e014ad

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
                                                                                          Filesize

                                                                                          87KB

                                                                                          MD5

                                                                                          65b0f915e780d51aa0bca6313a034f32

                                                                                          SHA1

                                                                                          3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

                                                                                          SHA256

                                                                                          27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

                                                                                          SHA512

                                                                                          e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
                                                                                          Filesize

                                                                                          108KB

                                                                                          MD5

                                                                                          d78913ec94c74c8f7b9917ea8d8e7c5f

                                                                                          SHA1

                                                                                          b75dc5cf1fbcd90c59adaeb0a66bed203fa17a46

                                                                                          SHA256

                                                                                          0fc8cd712751d7f0704be9138524456fb825a6beb4f13e08ff5feec14b482d86

                                                                                          SHA512

                                                                                          d17d858361f6e763c2b473fd1271a1cc605d546e456e428f90e0bfd649ba3da38c7097953064fc4e03b5349b4c8804b84fb2425cf4a62b9950e7be9f1bab123d

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
                                                                                          Filesize

                                                                                          16KB

                                                                                          MD5

                                                                                          d539b638dd41263e8839511369cd2dba

                                                                                          SHA1

                                                                                          7ed0b62369946be27b368bfeaf75d571afd2197f

                                                                                          SHA256

                                                                                          5e18ecc847567b103979c7c5b3f6fe65737c6a6f2a9cc7a87b902fa2d4497e35

                                                                                          SHA512

                                                                                          b8b03f7291855db66ce3c9fe4f37efef7a613c975d11e12e3b3e2b02504907081760df49f2a5124795b75f7b4d2f1601ac6492e903908ca0fc0ce7b0931b1ea2

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                          Filesize

                                                                                          3KB

                                                                                          MD5

                                                                                          4417ece0640e4d56b27c39b83a810311

                                                                                          SHA1

                                                                                          b0a86e8a2e7c028daa9bca52998ee6373f33d0ba

                                                                                          SHA256

                                                                                          ca3dcee3aef9c8f3a08d7cadddfb3c5b90c1bc9c05bf4d97263249431ef50bb2

                                                                                          SHA512

                                                                                          556397e2ec00d3d54aec7e59aa88506b498d8a1347a654f116cb525f12471fdea440f2f010d43f241951540115896f0d9583123ec7d6cf9f42e9b57edcd3f0db

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                                                          Filesize

                                                                                          264KB

                                                                                          MD5

                                                                                          258dd9ac6dd97314f75fd95ee96665e6

                                                                                          SHA1

                                                                                          84e9a1d24f3a5434de8a5c7f3bccb2cfa95961c3

                                                                                          SHA256

                                                                                          84b9c3305376b21c8fbb6bb355cbd70b783da54c5c7f82037b7b449bfa682fb5

                                                                                          SHA512

                                                                                          76c5c25bc50f7bb586b86fa42f9a0ad8d20edb3878709aa618f65a43190cdb7792097e8bb85951f0a7e90aad2b5c497c0681cb7c2f580b2207bfac0de556dbd0

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                          Filesize

                                                                                          940B

                                                                                          MD5

                                                                                          0d94bd4b9512d1e1f518b93739b05085

                                                                                          SHA1

                                                                                          8da98e87a1a8fefe7a0a790c147068d12d901689

                                                                                          SHA256

                                                                                          fed6402b2e61947c071236c85edda86ba62e6b0baeafe2b0bb2aefe88db3bdfe

                                                                                          SHA512

                                                                                          4278780c4e8d6a93a4d2017a5f5e0e205fe37ad412215f74ba9defaa30c113c1e66e13f343b112e50208fe43c635125e0501359d80e9b2b5ea96bb6ade0658b9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          8b20b1afe0e9511320eb1b19101fe7c4

                                                                                          SHA1

                                                                                          7e2e1fa3bfd257b055f919782c02c284133a76a2

                                                                                          SHA256

                                                                                          c34154eb4fea172678ef1e881d7151bfd15dae97e9ab4c770f56c8083aad0750

                                                                                          SHA512

                                                                                          9f5ba4f8bd2bb5dd39e55d76c4f244982f89a236ceac455d98d67203b6a873372320a64a7beb4c60324028d7f2e88431d31229d691fa0467bce063e64f195ff2

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          5KB

                                                                                          MD5

                                                                                          931841eeab359267b3c926495dfebbf3

                                                                                          SHA1

                                                                                          1585418b93b2377df35302fb268cd1b4119b565b

                                                                                          SHA256

                                                                                          5388e915570e28aff8625bf45d897751a14f450199a9af7b29c693d9cb1828c9

                                                                                          SHA512

                                                                                          20167adcef87f558fec0721aec905f07f976e6397f1959a9b49c0525fcc3e7a8461f90531848e3cb49c9fbf480b049b9fa73fdc70a0fb15a35ba8292733e3bf9

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          2d17dac44a3fa9c80d59589b81de28e9

                                                                                          SHA1

                                                                                          36847d7c5b907d78a7f72049b861d9214be90924

                                                                                          SHA256

                                                                                          008843a74dc4e1e18fa911200a918f160caa08876f1175e49a3e98fa7722dae1

                                                                                          SHA512

                                                                                          c1a7be7d96ec6e1285c859bc8705193c6c58fc8f45bd7f1bc0ac0fa51f8a177b2a5d650d4aa69a9d40c5657afd3c1583e98e03d44365c0681d55893b8656c3f3

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          5baf5b18aea78b448ea0118df6f25397

                                                                                          SHA1

                                                                                          bfbd14ffa47752dfad98049759f699d1472f578d

                                                                                          SHA256

                                                                                          b4d0590355e19eed9acc22108a7662f52e6bb1838821ba67635ea2cdc42c13ab

                                                                                          SHA512

                                                                                          67ea04c9dc696c1b9f752f05235b638b6e2a5ab18500a1fa1164d99ee986a47a8e8a8f09951234bb45fa8de1d2f1eec1a41f81a871338a68519b44be01ddd2af

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          4f5a18afecb4c459b2930f0dd56a8734

                                                                                          SHA1

                                                                                          7850dc115a105d15e8cc770687b6ac0fa9b68635

                                                                                          SHA256

                                                                                          350c76ea5f1cb95830081f63912a63ba2624426a779daac0e6b91b2191e06bfb

                                                                                          SHA512

                                                                                          8df7db30b51cd4b752ecb16b394eca40ca74d3e060778c25fd9f93c3618913312b5a7ca04d2d1eded364b80d2a3ced65b8ff143387413b74bfa3acb5e4380a34

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          35c3a17e1c975bb38c015fd8969d5c44

                                                                                          SHA1

                                                                                          2b2eafbad298a2c61c5576630efb372b45b74a77

                                                                                          SHA256

                                                                                          656729ca0753731f29e6272128096d3fb00c8da4470db27f054a985f2b6600b8

                                                                                          SHA512

                                                                                          9ac607bb795a250621f322828fb3cb3d3f9f960584a94d85a6b89aa7590a71c9f2d0ee83a05744dd069c89a67cf8252501ad8eb42d0b64dd40edd50dd3595f4c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          6ae891183aaf5b6d75ad215f39f59245

                                                                                          SHA1

                                                                                          d3ef32e4ca7f94ac851f24f9fe125f02624aa279

                                                                                          SHA256

                                                                                          cc3ccf0b991def85f0e04ebfb88d2b3e4352bca5287cc2e015b6cc7c27ae2a5c

                                                                                          SHA512

                                                                                          812d264011f9b2cf6fba70d797c32ab8ce47aa9f5b89315949d2af44d5188bfa9476f0ef0a3127170b51271fbbe18066dc65c2f51a751e942ed1a5b74745edac

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          84955ae62a9d1e5fac64e53d2c1f2964

                                                                                          SHA1

                                                                                          f8f87185241ddf8f225f91e005469d59941bd1a8

                                                                                          SHA256

                                                                                          35c3ac0314c3829d0b264522cd50e19bf3c6304cf1d04f94d56afacb14cfd5ff

                                                                                          SHA512

                                                                                          81e4527f78f0f0ff55199d5eba1c44ae6daec3e6fcf292fb45e434be974d063298021bec2e2cfc4e16388be00b89577394f1bf0fadf196180daaa029b98c5f3f

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          52312d1d2fc038ce629e1c3543eeba13

                                                                                          SHA1

                                                                                          1548c52f467f0eac4b512f8fe0572d3fe39156c9

                                                                                          SHA256

                                                                                          1bf118db5a32bce15d288ee58ffa98992a06d158107777e559e5d996865f876f

                                                                                          SHA512

                                                                                          6a35694ae497b87d7f2d27a1d375a0c55e28736eb14193e8729b5583a9d7c52f0762eac6e12b4ce1945c73938ccf07c7b1e914d71b3c73712094bb8d8e73fe90

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          1987ccd090ffc21cb2e75f44770ce775

                                                                                          SHA1

                                                                                          fd30e211ad20fbd4d4b58f98e7702e56ac071b16

                                                                                          SHA256

                                                                                          1423008c270c4df90a570a5ebcf087b56a6db7f17bd2792e9251bed5efbd6c55

                                                                                          SHA512

                                                                                          ca51d84b0bafd3067a59e42e6796ad024bdba89491cee5888517aded9c4b16d7b779a492975a1b997e583d275a55d1975f71b8d47c6287e22cd8ead511a03de6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          6c734813a140f190b572e6b578c42e5d

                                                                                          SHA1

                                                                                          c6d618fb2f81bb382ccaa6355597f58bd2a1dff8

                                                                                          SHA256

                                                                                          deb40634fb1cd2a309e29b59419e7aa2c885949e74ae20a67fb55422d4e4e290

                                                                                          SHA512

                                                                                          f887dcfc41e7de5ecd50f7de762ef1eabf1f54159eee6844087f01d05d820c090eb87a9e416ea0b59c2f6307627ff4545ab3b69e94ad189fd85a0da5d173ae6d

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          4d4247fedf34efe3d3709610fcebfd83

                                                                                          SHA1

                                                                                          4e1ebba9103fc2f404e8efb713bf484199d4c7af

                                                                                          SHA256

                                                                                          2db95391401b6df6c1364255ac0810e8806997ebef1e084c3ff440f466f9ee13

                                                                                          SHA512

                                                                                          e5b391b8922c726b40fd10e5b10b7dd8086b44aaedfbc1d3d61bd632abf065356274d7604ed1bdd88c19b77cb4c6edcd2405b87e101b0485cf95f3fbaa048178

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          a30392deae8382a49c8fea2d2c9c8921

                                                                                          SHA1

                                                                                          835799b9009ccaefb181bebca8c223e8cd24e18e

                                                                                          SHA256

                                                                                          ab0c0d27fbd6b8b508e2a7fc26066da410af014303fd0ca46994524b24166d45

                                                                                          SHA512

                                                                                          158049313be2702582d22d986b267795997176be1c6f1cff56afe3ed737062e76514cb7a2479ccaebde886ab2cdd5fd6043514f60ea1d049767f4f916880fa1c

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586afa.TMP
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          3767036d76ebe889a638374ac035fc49

                                                                                          SHA1

                                                                                          ddf5745a36254789322035cc830b6fcd60aa4225

                                                                                          SHA256

                                                                                          dc3bb8169ce44fddfcd624629626f591d7adca60a0c91119f80e7e1730033231

                                                                                          SHA512

                                                                                          4a858c991ec20c0468fd5c440fdc187025aa044dff56bf60f506a5c479b516f327db32cd0c666963638a7d487cebd69d8f79556ff7b389aa8ce3aaffe841de96

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59fb2f.TMP
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          9f5ed9b964ab2be84a488887a8ee0f60

                                                                                          SHA1

                                                                                          e67c4aa90b1aa87af02f98c848a21d6fd0cd7da5

                                                                                          SHA256

                                                                                          0da5f7966cbc8ef7203f4514988a2f10a0bfe7d237b2dcb475071fe9959d3ecf

                                                                                          SHA512

                                                                                          80f447d119188f1dc7c847c88dbf51c352beac21d4d6e0247e4878de6c47fb6f287af1e2eff9f7ce8c063417447100ff71cb8bc592807728214d974c986c59b6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                          SHA1

                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                          SHA256

                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                          SHA512

                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
                                                                                          Filesize

                                                                                          72KB

                                                                                          MD5

                                                                                          c4b76d1a245851abab1aa218adead087

                                                                                          SHA1

                                                                                          3c473b435c26491f186563ed30a409dc77d042ce

                                                                                          SHA256

                                                                                          edf2de3e67e29e010a852005cb573dcbc2b097c957bf47eb7f67d5475db56e37

                                                                                          SHA512

                                                                                          bf2c8c7c5734aace49217a8e4dac3ba94336facceae5851ea575c9d850e899a2c06d05f613725abfad86b818139162e366174f1ec6bd398b954d417fff7e9e58

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                                          Filesize

                                                                                          4.0MB

                                                                                          MD5

                                                                                          af236a998a45d88f0ba6203563eab704

                                                                                          SHA1

                                                                                          e6d2fd35c879060c87e2f9aca2ed3ea6c88deb41

                                                                                          SHA256

                                                                                          5a550b3662c33edfbd7a29b5466c6213d8e10a7fa62422be78bc699b76d650f2

                                                                                          SHA512

                                                                                          bb687ea4f59aab41fef4668ed91e71c38ee46337c58156f26d9a4e8bcaf85215b9185f4d728e67be4bf3f15019afa67b56847feb6919ce4d5329a90be900fbc1

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          832bac04e9785fad41394151a8490f85

                                                                                          SHA1

                                                                                          8132e56a76c9e10cfc07a6401cdcdb61a38c6cc3

                                                                                          SHA256

                                                                                          cb5291d525a16ec6eeb52a00a73907661a0f5f4d38be30156850cdca038b5537

                                                                                          SHA512

                                                                                          d38bb2cdad5d2ac07d8808ed3c5cdcf16ffc70fed666c7a2bf2e825b78488ef9a1e5012dce39e417f5eaa359398c61cadade34a4041ec23bb46249e24e27ef1f

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          9556276a73d89945380d9b60e0473022

                                                                                          SHA1

                                                                                          fd95c312d8cd128ea55a0aa03aa2f5635a2fb1e8

                                                                                          SHA256

                                                                                          93a202bf9c22fd820859827e88a657d4acda9181ca8ac98930e4f061d6e3c664

                                                                                          SHA512

                                                                                          43c67efe1ab5de8c6b9ea4c4b8d90ae84e990bc219b934811cc84f706bc0d0c33e94414cab2408dfd1769d50527bd06efc6a45dbddf17d3ae167bccb61c41513

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          3bacc62b547e1299fec4bd4b34d0405a

                                                                                          SHA1

                                                                                          ddccd0466b880a7d7bd5df49dad0bbd80b33e3e6

                                                                                          SHA256

                                                                                          d79d707d6c951a975517686265b78a68e5d78817f898955f7fca23ebd4b94c8c

                                                                                          SHA512

                                                                                          4c495ad40b99acc6172b175c5f9ece4c9907069d91e8fbbc27b360f2076613e1b8f2ce7ff869d3e613d2cbb5d2202b7d54bf437154cb0c69e90fc8ba698db27a

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          c40f1cc871f0d70c72eeb73abe50437b

                                                                                          SHA1

                                                                                          b027b282717d9b941c6d99cc099881f6285b66e2

                                                                                          SHA256

                                                                                          4d4eba429d9de101212b74c0e45eae640ba18e946ac34dfaebe1eed9f266ef48

                                                                                          SHA512

                                                                                          86bc8b8195cd4b4a688e3af8b5f563c2cc1296a2535c693148dc0144c78717e455337954a5210ed621473b2b8c80c4dbb676e34db2e8507c3dd08bb8f2a0f5ed

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          f3d6b2ee91b801f00d548b05230a9fc0

                                                                                          SHA1

                                                                                          1e205f2f39b6f7930ddee92dbb63b3f6f5edb96f

                                                                                          SHA256

                                                                                          0f6e34c0465acfdd98306e924e9faa20f2858cde1fe504b6c91a47a92ebdde66

                                                                                          SHA512

                                                                                          95954bfba866350a70f5186688d24dc650d9d7054ae874695e55db58f39987a8395bcd9cdb85043c6427c5e1ac3ec34140d8f136c482cb666777aadf51192cb6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          487f2f7f2e35c47258c154cce8ee09e8

                                                                                          SHA1

                                                                                          2704ab0bc0e0385db7e31ed482865ecd9096b3d1

                                                                                          SHA256

                                                                                          a4eea225679f5b13932f40572213f3e4298bcea0e5f13e221a7ad189462b3410

                                                                                          SHA512

                                                                                          839d07c46f9db6dd21e841c968cfa28a19c84297a9749ac5711869927a93315a5e335baf3f2ee43aaeb1101fdeda821888b83653a1c27f212d42773a3fffa711

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          390bb93d684b6943903300604e125e4f

                                                                                          SHA1

                                                                                          429adbd0e5c801aeb28b49fc51c610b059846872

                                                                                          SHA256

                                                                                          7c21f8c970ddb9e5525c6bd4dc97985380e2840863beff0a6de95ba4963f2f3c

                                                                                          SHA512

                                                                                          91c11c7f07d068401c9c42403410b7528701923b8d1ea9e9c47e4576b404d64830d9d6efbe94ac18e1f2c7108d8c35b1bae012e3adc70e0bad6a2182cd608d74

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\47d577c5-87d1-4652-9fb9-f3d982bb315d.down_data
                                                                                          Filesize

                                                                                          555KB

                                                                                          MD5

                                                                                          5683c0028832cae4ef93ca39c8ac5029

                                                                                          SHA1

                                                                                          248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                                                                          SHA256

                                                                                          855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                                                                          SHA512

                                                                                          aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\5f7b5f1e01b83767.automaticDestinations-ms
                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          669b1801ddf8fd73d22d8dc0e40a4e2c

                                                                                          SHA1

                                                                                          5c7d0bb992fcb6bccdd5a1db1421e051af1f56bc

                                                                                          SHA256

                                                                                          814b5d669945a6ce4492e99ef315c4b18bbf0c50a95f670e17e73eec2aa0097d

                                                                                          SHA512

                                                                                          a73bca9c5fa13eacc8aed62ea1e212e298641c8f631c850c670440fb6c6286cc39f443004be14bd2f02acb61989e10e5e1a29ee810802318595e281f6263053e

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\DComExploit.exe.vir
                                                                                          Filesize

                                                                                          36KB

                                                                                          MD5

                                                                                          d68cf4cb734bfad7982c692d51f9d156

                                                                                          SHA1

                                                                                          fe0a234405008cac811be744783a5211129faffa

                                                                                          SHA256

                                                                                          54143b9cd7aaf5ab164822bb905a69f88c5b54a88b48cc93114283d651edf6a9

                                                                                          SHA512

                                                                                          eb25366c4bbe09059040dd17ab78914ff20301a8cd283d7d550e974c423b8633d095d8a2778cfb71352d6cb005af737483b0f7e2f728c2874dc7bdcf77e0d589

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Krotten.exe:Zone.Identifier
                                                                                          Filesize

                                                                                          55B

                                                                                          MD5

                                                                                          0f98a5550abe0fb880568b1480c96a1c

                                                                                          SHA1

                                                                                          d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                          SHA256

                                                                                          2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                          SHA512

                                                                                          dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 415957.crdownload
                                                                                          Filesize

                                                                                          1.0MB

                                                                                          MD5

                                                                                          055d1462f66a350d9886542d4d79bc2b

                                                                                          SHA1

                                                                                          f1086d2f667d807dbb1aa362a7a809ea119f2565

                                                                                          SHA256

                                                                                          dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

                                                                                          SHA512

                                                                                          2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 490761.crdownload
                                                                                          Filesize

                                                                                          338KB

                                                                                          MD5

                                                                                          04fb36199787f2e3e2135611a38321eb

                                                                                          SHA1

                                                                                          65559245709fe98052eb284577f1fd61c01ad20d

                                                                                          SHA256

                                                                                          d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

                                                                                          SHA512

                                                                                          533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 537415.crdownload
                                                                                          Filesize

                                                                                          53KB

                                                                                          MD5

                                                                                          87ccd6f4ec0e6b706d65550f90b0e3c7

                                                                                          SHA1

                                                                                          213e6624bff6064c016b9cdc15d5365823c01f5f

                                                                                          SHA256

                                                                                          e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

                                                                                          SHA512

                                                                                          a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 834120.crdownload
                                                                                          Filesize

                                                                                          373KB

                                                                                          MD5

                                                                                          30cdab5cf1d607ee7b34f44ab38e9190

                                                                                          SHA1

                                                                                          d4823f90d14eba0801653e8c970f47d54f655d36

                                                                                          SHA256

                                                                                          1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f

                                                                                          SHA512

                                                                                          b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 998922.crdownload
                                                                                          Filesize

                                                                                          28KB

                                                                                          MD5

                                                                                          8e9d7feb3b955e6def8365fd83007080

                                                                                          SHA1

                                                                                          df7522e270506b1a2c874700a9beeb9d3d233e23

                                                                                          SHA256

                                                                                          94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022

                                                                                          SHA512

                                                                                          4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536

                                                                                          Download Submit

                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 998922.crdownload:SmartScreen
                                                                                          Filesize

                                                                                          7B

                                                                                          MD5

                                                                                          4047530ecbc0170039e76fe1657bdb01

                                                                                          SHA1

                                                                                          32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                          SHA256

                                                                                          82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                          SHA512

                                                                                          8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                          Download Submit

                                                                                        • memory/3536-5011-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                          Filesize

                                                                                          1.4MB

                                                                                          Download

                                                                                        • memory/3536-833-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                          Filesize

                                                                                          1.4MB

                                                                                          Download

                                                                                        • memory/3536-806-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                          Filesize

                                                                                          1.4MB

                                                                                          Download

                                                                                        • memory/12660-26281-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                          Filesize

                                                                                          1.4MB

                                                                                          Download

                                                                                        • memory/12660-26271-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                          Filesize

                                                                                          1.4MB

                                                                                          Download

                                                                                        • memory/12660-26265-0x0000000000400000-0x000000000056F000-memory.dmp

                                                                                          Filesize

                                                                                          1.4MB

                                                                                          Download

                                                                                        • memory/25208-26473-0x0000000000400000-0x0000000000463000-memory.dmp

                                                                                          Filesize

                                                                                          396KB

                                                                                          Download