hxxp://melbet[.]com

max time kernel
575s
max time network
581s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2025, 16:25

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://melbet.com

Score

8^/10

defense_evasion discovery ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
defense_evasion

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe

Executes dropped EXE 2 IoCs

pid	Process
5684	Setup.exe
1440	spoclsv.exe

Loads dropped DLL 5 IoCs

pid	Process
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\T:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\G:	000.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\compmgmt.msc	mmc.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\Control Panel\Desktop\Wallpaper	000.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NETFramework.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Spark.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Kills process with taskkill 2 IoCs

defense_evasion

pid	Process
6084	taskkill.exe
3436	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856663200732628"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3181990009-820930284-137514597-1000\{D08E167D-6081-4368-ADF5-6858A5D8EA9A}	000.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3044	WINWORD.EXE
3044	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1804	msedge.exe
1804	msedge.exe
2536	identity_helper.exe
2536	identity_helper.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
4624	msedge.exe
4624	msedge.exe
4180	msedge.exe
4180	msedge.exe
2112	msedge.exe
2112	msedge.exe
5088	identity_helper.exe
5088	identity_helper.exe
1164	chrome.exe
1164	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
4520	chrome.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
5684	Setup.exe
2052	Spark.exe
4412	Gnil.exe
4412	Gnil.exe
4412	Gnil.exe
4412	Gnil.exe
4412	Gnil.exe
4412	Gnil.exe
1440	spoclsv.exe
1440	spoclsv.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5356	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: SeSecurityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe
Token: SeIncBasePriorityPrivilege	5356	mmc.exe
Token: 33	5356	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
5356	mmc.exe
5356	mmc.exe
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3044	WINWORD.EXE
3312	NETFramework.exe
400	000.exe
400	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 2724	1804	msedge.exe	88
PID 1804 wrote to memory of 2724	1804	msedge.exe	88
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 2928	1804	msedge.exe	89
PID 1804 wrote to memory of 1008	1804	msedge.exe	90
PID 1804 wrote to memory of 1008	1804	msedge.exe	90
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91
PID 1804 wrote to memory of 4488	1804	msedge.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://melbet.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdbea46f8,0x7fffdbea4708,0x7fffdbea4718
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3460 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15778632876233581116,4713832760490037391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnpublishRequest.html
1⤵
PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7fffdbea46f8,0x7fffdbea4708,0x7fffdbea4718
  2⤵
  PID:5816

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\compmgmt.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch -contentTile -url 0 https://word.office.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xcc,0x108,0x7fffdbea46f8,0x7fffdbea4708,0x7fffdbea4718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2456481849035415387,3941426314328849243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffdbb8cc40,0x7fffdbb8cc4c,0x7fffdbb8cc58
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3336,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4748,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4520 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1428,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1160
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ff7a3db4698,0x7ff7a3db46a4,0x7ff7a3db46b0
    3⤵
    - Drops file in Program Files directory
    PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5080,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3732,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5384,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5212 /prefetch:2
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5048,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5212,i,2832998706807143763,10122899229714920738,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5116

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\NETFramework.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\NETFramework.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3312
- F:\f97d2ca9a7e8fb1de6ac\Setup.exe
  F:\f97d2ca9a7e8fb1de6ac\\Setup.exe /x86 /x64 /web
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:5684

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\Spark.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\Spark.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2052

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"
1⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4412
- C:\Windows\SysWOW64\drivers\spoclsv.exe
  C:\Windows\system32\drivers\spoclsv.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1440

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\000.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\000.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:400
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4596
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:6084
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:3436
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3508
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3140
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:1776

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa389c855 /state1:0x41c64e6d
1⤵
PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
129c6c9b9476ab2a336cb1fc1481e139

SHA1
10ccb086e389822ae664dd1645ce25d8cc22d827

SHA256
f6fb10fcfc8529f9b8d473329d0138026ef9afcf282df766ae241beff50556f6

SHA512
bc232efaac9a0f78f12c250a82e780f44e7e63a6a25be1d0fba6f28ab6b8b16054deff0722b1e66b04d5fcf4d372b0fecd60d28b246e39be46a96c30492b493a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
74ea34cacb9ddf94b905b28bd629e5a7

SHA1
20193b3e38287d37f50a74bda1d186d513543621

SHA256
774f86967bfa62bad4e264ea76c4564e0e8ac9a99aff9a99541ca5fc2925b775

SHA512
dbcb396e7347723b232c62ffacb9b05a4d308a117c453377541617fba91668094cfe5633b229f5a8ccb7a9b250b1e6751b9e5ac70d9f4c9bc9461fe6d2162820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
061c5a75347045ec0c28948fc49fabe3

SHA1
962e303a2a40ef80cf69d1063a06619c7481329b

SHA256
bc5b020345c0bb5386c52e8daf0333932d7ae484438ab83366df64b0e6937a37

SHA512
ed66224e393eb09d933b4bb2e05539e592c5f7a2da8872a6071fcf3f842e35d11144d9c5fc89398aa4df856ed361df53f026546ad3f5e57fef7484bd2f7dfce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e48d2071cc66123bf34d40ce50ad49dd

SHA1
e701347a112c4a38b6fbbe4872b049dadebbb8f7

SHA256
63e4c02d7d2ed40e9baa155ab6a0d764502763a12b9a9bbf7e5401d42ef1ac18

SHA512
98c562fd0a666ebebac03b7d185c26317101d746dbae1a85466e0e315414c12747c30f4f70726db18260c3c809f2bc99cc544534501f076f726a182df7fc3e61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5f2229151216fda97de9f4cb413859d4

SHA1
af31cde3c4b6161db28309a66bdeb4a1906cdcf9

SHA256
f24be9f732c057036aeaf6dc82b2093c9879120033ac1b2e33efd0645c58a938

SHA512
db402796d710d4ae5f95e3570c0af4ffbbcd68dad92e4c2e9375d3b9322cf77c114ac1b34419d103cbe3cbd060e60d613d222c8a07ed0fb81bf09d31c07a3e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
682901ec57a4bd8dccc8041a94e2fa9b

SHA1
775fff18bfe6752368107192f39a3d6f1c5e28fa

SHA256
dbed75db750e3f362f739669715eb701ab89e3183317231e423d68e1a910e1ed

SHA512
e292ebf484c7c04a8dd832d389078afa151d177b08f81ef31289247ff67a8748eb383e703556d8d1628dca9fa070cc3a40f3bf9b1af550f46e31b07ef49b519b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6fd93b55a30aaafcca67e2fd79bdf16f

SHA1
78abf974270b59ed75d8efe874f2517ebc5b6eb5

SHA256
c616a42ffc9f6f9092e5ecfc6c0b03ea535560432c2ec4135939cf389678c6bd

SHA512
073b6fad0a827af09c123500cafe532ddabaeae6322fb18a197cdfa2cdd65f1d83ac20480197a575448231a9f936e6b442e99acf64cfff3fc4b82225d97131f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\b338835d-5582-4ff1-9e61-98c90c502003.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9794fb974af3a35114da9f6adff0ad75

SHA1
62414ae53d22812e29104b8a5ee5b69f052173ae

SHA256
522983d110be1863f676fe77248c69e9c79cd13bfed4c7d84c3a055692448492

SHA512
3e94a45fedb1ae18954937b2c0e95b2105c746d8207ca70b9a75b1730ca43eac5a83b84e8497b0e1d1a3cf6e818e3bce1a0672712c3f8e63c68be57b4106bbbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a35c0bdee6af44a1408ce818c36a1097

SHA1
50caf024cb956ab87911be56faa5f8b6a98e7654

SHA256
f9bd63f2a60a343afbc27b0e857cd50b7df1d111f4b33a5f26e10c7bf5317300

SHA512
f0bf8b5422d3a6705ce20079b082c1e0f8e3def66a80142e1f0cc8b86022865833247c6f22e2996c18df434b392ebcbe7b161d9db4f9dd17ec283463aaca9b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c401c5e3733db9d8f82b21fdec781c3

SHA1
5f9fbb3a4041ef7adc958af36187ffeedb00848b

SHA256
d1f95611c9bd7759307dfd0d965ac91ad8f10d967e05c5d80872581f38f5564e

SHA512
6ec63d8e62b48b57be1b728db26077113e53fa0748dc2b4b3afa55bc2141b4817f1db1114f1859198ad679c0f0293297ddd9b1b36fcd82cc50ac13235dbddec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9e8f1d03c24bf9f061ba344b63c1d6f

SHA1
ff612eb8d4fa0db77f445d5c3c13457773b3d79f

SHA256
1530db4c8993502a8bfd028fadbe5797d7cde0fca259ab336439ce12179975b0

SHA512
7800f0e2a7be973d7843ef8f0ef7ad665adf779057a10dd318669f897d11459cdc5d6d0cf319892fcd477b6a17a77dfa997fde424c1ba76e64866a51be63d4f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4c11b965860f1c0600df68bbe80ead1

SHA1
b1b7676cd4e98ea64ba693406a1ef21874b02f95

SHA256
fe1e7432481753492590d0df57a587199a3983d0b7564181b1ee6661bf8efc18

SHA512
1b8eeba6bbd690eed7c2d1c7fe75930bec2481d41dee861c6bfbac2fc477a4b6f3c6eaa77b012196edd293947cc7e8eabf824a3591344fbd4bff25a3f0cb0a0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07c7f00423a0ef6d140ecb6f471d5791

SHA1
23f724bc9df535a74100d8eed8cc7549ca884de9

SHA256
10ec4993dd80966c4d298db1540e8be710a5e0a922c0cbdc4da1516456a2bb4e

SHA512
73940bd58f9a682ae1695c2a03e056aab7c63d66e3b16879646f9f40d097f40792bfacb89e6534ba9472b3f5c5706773af96ab12be2155d12813cd4cd2f53329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d78dea11be8d244a61594d24bbb913be

SHA1
323b05977a27005bebf9efe8fd82fcefc9bfd43d

SHA256
9c6739512b3e17e4f251dc3adda70261ed1442c42630786be560effa94aa2806

SHA512
4ce055d66e4f19289b49e9b654d59637d4aa2f97b85b2cf468068f6a7f0e213d7d68e2af043f59e782f74f2630a5bbec69003ef23bf8d29bbc08358ada017b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a67137a6ffcffe7b3e1e9f18574d2116

SHA1
2e4d9392404634ae75aa0b6477d8f50a6751292f

SHA256
5b68e3d55d61b239c61138ebd69199330bdc3861cd407356cebe240ddf92c0de

SHA512
140ebf850b1316b85128ee334459d7a7a383c660a4606e7058a15b642d55b819226e34f6e3a4355eafb95a934ffdbaf60927d80363772c0ed4aa6a1cf115e067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
57678ed66ef9541eb7e1ead6441c1176

SHA1
06a915827b3044e295496c0ce196ee0ac2219bae

SHA256
755d88a336b336fc9ee68677cbf095d11d721d32030ba05bb0431d602b8c043a

SHA512
39e90498c18564ddebbbc99d7d00192d7d72a72a1be245000036a748b40a2c24722d47d87106f458144c13b976f4116c5d96e1faef3fd04b96e0e50550a0df60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
551dd0ee5afe874de7e7c1fbcb9a68a2

SHA1
9c10d7a1fc024b9ea5163a9895f2b0a9248b06f5

SHA256
1efa6c1fbb6c30d661f4f71511caaad494c2fb189722a6c876615bcd7db29c1e

SHA512
00548aa0f27fa4c1a24e4781a30eea2f5aaef9bf7897376a5ee621eb3dbb82625d3b7335c7e1579841930e314d64c86d7c1459ea1edc025212b80a7ed05d96b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d137612462e168c28de95e1584d1d85

SHA1
af9f1bd3025bb03041c83279a30182ac41a325ce

SHA256
95a2c092b76ade4052371a9a7526e4215c1662958fd95dca7f0b7f169092d511

SHA512
403a250809b01b50d132633894820792fc269efc330e40e8d18bd1e96f530a3ccf2077eff4e01e00c0a3d409bad0922e468857d9a8a6b941fa62d1676b8568b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fc0e6e03a08c684f15da6ee878b8e748

SHA1
108f08ea820c017ffecbf61ec8c22fede49e90cb

SHA256
5874135ae4248250c65d64d5c6b8d225e4fb697a6c6125b7e1e2e3475ff36282

SHA512
61f2ddbb90cef6f537e0185d66007276fecc6c92d41e0b48dbf6c37449ae87c27511b98aeac3c7827cd5a4dcd2200c378146ca638fdedf648985aa81a5eb5872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3190cd98b9976fb9b527e90f983f4faf

SHA1
af6c6e2d57b741c7bf69f68b944604ffdbafad56

SHA256
88d05febdb270e153e21d8dc052679130902b397adf390ba2bd98bedc54e05b7

SHA512
91efbe5703310a0fb931def60d793637286eb4b0ea012e7646628afa20acd44b60b54073ac72baf625d00652294743875be79c5e17567281d2e2d95fced3fb0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17ab3b2b509fe78124031bb557dfbb2b

SHA1
e22e05195dfc109c9e49104903a2abefff28c0c7

SHA256
4585e11c3730a1e1b283f1ae7e571b397b00daf6cc2c2687a3a5c64bfb0233fd

SHA512
55a284816b82fdff5dd6f2f5e509b7dfe927c5652b5ec3064d0d9ae89d06fb4e30afdfc0e1b20a8f383dc9e5489a779d9ac8414686c224a7945bbabc64f53818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c08d2409391563384a4596555cd4daad

SHA1
534721c509f32ae70aaaa052e73ec19567302edf

SHA256
2b0beda5907930aacd202b87906a90e16d404b2ed7ebda13b32b8bfd22a08db7

SHA512
7d38b25ad16782295fb9559d1c698b965b56d520a7f49912fc604a5695d25bbe1471f0bffa4c1323bbebe1faf0feece68f0b834872e2290b680350be0bfece3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
764e2fe267ab170a68c21f9f97ae5564

SHA1
1070a13e403ca78ed5d3047808da56b6378056b6

SHA256
768f890c2d6e9097571af1a29ad35bfd0ac5d0c78d615485dd0535c2644c2cbd

SHA512
701aabe819ea7187f5590d677ada21e52cd3c2567ec3d3cbbf7f60ec601b2853d6cde76f6e0000e4ece18de39fa679ddc39f101cd30e4a12fb1ebde41b9dca63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ee6cc67e3aff5db3e827dc6be50a16f

SHA1
f93fe17f3ed75a73789b69afec242988b7df399c

SHA256
6e74f1ff25d0bbb7f6cc88ab2c70f14b8d095116a49e409f253c50d3e125da14

SHA512
c7d44f632a50ee45be77981d5356b320f63a5f99933be1c5ef1dcdaff09277f11dcc654fb890f30411197fd6f07cb35387690a298072106e476e3dde9f75a04c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eeda58098eb4f1a3d358e8666de95de5

SHA1
04e65f634ec3dba4774d068e45c4e1bd60bc5e3e

SHA256
8bdabb0b250893d3ff85b0652122df0a0bb515b3486f9c2dab72305f466ec13c

SHA512
33b5ecc08127cfe469f1f9234a40626c40b8beffa30600ffff9311bd97092177c694575c1c56e130ab9a6598db1394c0f1f4e0a97faba6d5ed9ae4d0754c6739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3221ebeb9f6cddf06e20d9e8d2fde8bd

SHA1
be079e79b6191ab92235d2004dbe363e3320dc8a

SHA256
b9aa4fec70536ac50d28e223df5f2989b544ac8de3e8e30f8913b5758be78f4c

SHA512
df25a9287362ebf835e9f29d0f142c1a034f2f2f6411a212d08ae080d69e38d391c52bf43a1cc5cd73a754de1cd65e310d0669e952fd2a335cee46d18f1e325b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
67cb6e0dfd73c03599d9877cbac84f11

SHA1
2b6e1a422c9e326d43856bd3b83308cfdf10ee86

SHA256
cd59e06f858315b73ce9c8008d8d3bd6a645e9cbd7d42a55f0edd7d6c0019df7

SHA512
7801b46e4f6e1259ec7e53888bea346aceb897746380d345c870f66900ff14a7505efdf923696e3a2a129bb5894738dcd675760d42c90415fafed75f488c8c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c1e32d00-d2dc-4d9b-8573-694f2f5fc37c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
30e78e16017e481308a160551df1642a

SHA1
0ebfa54a55de3877fedb7c3b0f806cf7f432071f

SHA256
c9353d5c0a06d67f78a46659ac693d2c8c040e554a5b891865066e63cdaf9914

SHA512
f9b5d98a12e54832091ade94ab574f87c25650cde85dc6be48f888a3c5e338f27a136765cae8a3278d6f1a85a908061f77fa7d49f672b85a2fed11d2c96e9515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
a405116d77a6e89b7fb3485a8302e494

SHA1
427cc0f8c2a2439c399f977a2b44421ec2d3b9a8

SHA256
0f8b26e2d74087e3476b368ea75b784d1e6fe27bdf480a5bd3d42490ce178a86

SHA512
9be3be0b715d3a382ff719ce11167e406f54453d3490ffd0111e2365424bcae28f132e299edf369457a829a34991c081b2d2205003f12d2c2186aa27ef05f6d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
e5c504250672fb1778166d898c6adbf3

SHA1
fac680fc9c7b3f5ea3ebe606c5a03e660258d5ca

SHA256
8e58637dbb7d72da7e541dc790a52a7797f071a473bf0b96394b14113c606af9

SHA512
d7a64ef44cce1027877708433ba0f09a82089b885169d056b1aa14924376f309d109ef9ca3f6241d7398c69a2b872c5279e1f281554dd5c740c99c56e366ea56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
806d271b63c2bc170813afa83e15671b

SHA1
b0a5d4f3e2094a99e402438f3ff4e153a7cb7453

SHA256
8c36754533e755375f987fe74c3499ba8f6044af05b416dded069e37f72d405e

SHA512
eb793dc197be47854473bd49ff09902e390562c182d87a670dcd7999f512fe4c090452dcb93a8bf7a4b8eb031de94f2e399dba802ca33f8764eea256eb5e805c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4255cae88563058c7eaed69088da0ab2

SHA1
2bcb70f6ae6ae0207a7a964422cac20c80b26394

SHA256
b0cb92f0d6e6cb20ace15d6bf06015570aee24c0d06a8102200dfd3cf4118a15

SHA512
cb41c1797e6d6c5a70d9045e0319ac92512deeb4d4280a1d9a607c2a4031db6027a050633b95fadce63f6f7513ba599f336182b6ce50a0cfbc44360723c461eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
264b69a4be93cc52c0e45587df95f270

SHA1
c6291d1761b9fa7fa7209e2b59f7115c5ae25033

SHA256
ec14189dbf224f1e343b634d9329a27c6af377427b877b59497c0250b47f8051

SHA512
219bd24cac60559d6f6357842dae47cdf23c2e09e9cd1c9dbc8e648b9e3f9559789eade3722d7b6c7ec9b6e546a85258643801035ac97ff1cf5517459c66d868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d8849a958e44b0ec6cad3419e5f80347

SHA1
c5b5702d74b6b01efb77bd69266c5ab11939a790

SHA256
2c9c181bf17f7f30dd2c6b0552f1055ea151612e82c85b409b78707a0f4f6f75

SHA512
e7674934db9e67a57c37b6e442c5e65bcde1616f1b0479132117073c2e457ce2ec881156aa8c236c02b81e631a068dddefb01bb5243f11d7196aa5acbee895b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8dfb67d28680752f50b5b6529f140098

SHA1
f1995cf2ae64ef0889fa7a844290d34234f2fed4

SHA256
acec78ec9d547915ae1ae60e8ab773b257f4e778afac0b28df6749af210a4d78

SHA512
44132d51d937e440f4eb0191b6b1bdff7d571ea29a2cd4ed15ff5f6885113d3f3571827ad2c0bbbe9ef26b716d66eb34e15454d97f0101a45eebab189d33e5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a544655e5afb3da99cafbe0e0eabb7e1

SHA1
1c79836e72de2af33caa0316a3c878b6c2692be6

SHA256
96a4cce0f9ed279b1d2ea39ff5bcfe2f0ed78bb0f8e4b44c43247fb46998d387

SHA512
b10c3baa46dedd19386607c85438257e889cea9de3a271991261beb01dc6573a9b2f6ee7cc6bacd3efcdcaf90825b0030388de0ed5284887cfa23cf6c5bb7b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
228875deba1e11f137c6668c669b799d

SHA1
a7e8349f12dfe24c354661c4f4073e04ae844dfd

SHA256
8423ef7387606cb9f256bab92a3e505c51a9e848d95eb33a699522f2afc11b40

SHA512
7684f53d1a2a6b89b9dcb397df5416ce078d476cf6e0d4df2870192239f63269e2ad5f0bd8a2c5c0fe940873484b3cba75d7e1e7bf9d06b4e69b3df012780e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
ec53bca923b63abea1203afb6ff757d8

SHA1
fcdcd33101e8566194876ae145524ef4aef00f75

SHA256
efac024873b127877e71f55bc6a91cc03bcb51d3dc398e84a69c152323a222b1

SHA512
84e2b293dc2fb6d159af208b8da9869e1db930c29dd3c746480430b93d753a5ca1a113f0c01223a956402a2c3b0404d7ce35d4dbca43685176ea292c1b109ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
54cab44c1a58ff2ca81e81e179fa5e08

SHA1
8805edda72ab03dc7ed98e32a59a38bacb3119ae

SHA256
2db9733be645a4784eb892dfd7ccc52e61808e1b3fe57c0cdf3f80d671c5fd41

SHA512
f54d59bb43e6e831da4cc4ed67a9f524f030725838fbf371782906f72718ad1f4079200bbbc63593f0960fca87fa5d21d034c286ab00cdf17370cd5c9e1f3f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
4049e9af43b42e7bc2ba2337bf8fa478

SHA1
c6b957f5711f9f2154381fddc78290ac242e26cf

SHA256
111ebf56c84f87cb9dccceab62ef802f02253183e7bd182a05fd7dd3a4b7e8bc

SHA512
f85d1c6c43314a8ebc9efe38ac1d123c2f3d43835b9aaec57fdda360f66ec24b135a94edf5f141788d6844be1be7be4505be2e94be9609d0f47ecf4d04d96320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
58deb9cdcf9b8ab7cb811bc1fd3e1841

SHA1
1620834600eb44f9328f541d02459544e4760d12

SHA256
f3947a14a5d5c55e5621cd55dbf8f938de7d8c3624972ee6bfb96b2ecc41973e

SHA512
ea5d77489469058f48726986564d3c0e8a0bd2fb5665b244d9bf441739326df8d65b77a0aae9953f60b9b3f651fff65acab36e70f61a635c924e5a69a882e9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
12KB

MD5
6010493c6e742f2c968e4d96912b9b77

SHA1
7b5f19e3f1a8b662100de9f1d73c9710f0a8a558

SHA256
c559a9a86dd0a0816a4700631062bd0808fc8bda82dc48ca40066644049cbb2a

SHA512
b6e37f7ab0947116514dd1cfa892d876e061f966336a27cc55ea65f99fe8b344d1b13f299578ba5f65436dc6199ef79bfd98403dee2608ab4cf4e6f8fe211b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
3b7ac9ffb72d9dad9ef24b0bcbcc0c11

SHA1
c83f8d99394de70bf90f08f418e9cafb899ec771

SHA256
10a07aed3fb5d50aee71248dbd0ae51057c8172586b42a411b73900c19695b15

SHA512
5f633e859ab37ae8124579157e814c076cb3b433f3a00d00240b9a9b903aa9f66d722f98c4b59a0b861c2e7b51fb9d2bae600414097fd6094d26c4cf4a430466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a1017d82303949370a99582e46997c00

SHA1
f4dfc4fbcaa0195768009d2b1d09a6becbe17903

SHA256
2186a4771f082b3ae12adb4e4b5935087ac1033da3f43294714adef13813df76

SHA512
7381f474ff4b8f7060042df00891771dbaba5fa88935e84f0e1ae12b814771056adf8fab16a0531170011a23eb44a36bd5825da330ace90bc8a11ab3319bef42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ea137a8381cafba0f0910a6fa2f764e1

SHA1
ade269cd3a1ca5b1c4c2f8d0e404702951bc7712

SHA256
b94be513b1b6e37e4e11510c255e24386409fe542633a89f5032383cd9728c20

SHA512
a9171d16e1e55821c466c88a8453ee52d61a302d30f284901e1492da48c1036321208db1852b277b270ff0d4b3e3ac1d2b1eb29c89c8eb654b3c61fbefebbd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d19550dec8de2c606051f35a386dcb1e

SHA1
9063629db9f5ed12143eca8ac5c92abf05d11cd5

SHA256
6df774817e09a8ac1436fecd0f5cbe6bea3fce4978b19df22f14c550587ccdf3

SHA512
48d94ff8c18922a52272ae50dffa2387c7e38854c719a3b634415c0b0e638fd250bcae8cd2c62166c2de26735894d7ba6e49a12a2f9942287e5df9ad65e1cb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
259f2f73352ae69bf3074c679e006d9e

SHA1
3e2ebe39dd72c2f715615129269029b20b7d65b2

SHA256
50030517986dfa8d0c9533275c30bfc8dcbb1ac625a31e49030c854f9a4bd3bd

SHA512
35e674c50c95a643299e37aae2467cf051e591e9dd223ff40afd260bbb545ece4c51bf733756ad9d6cd92149375867c2b7b11d0343064f72b216437c4d676308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c63c314633e78afb760cc3663210127

SHA1
5b8d5d056baf5667d06d94087a22eb6309253544

SHA256
7e9f66ee5741bfc31dbb0f8dd5a5f269a695e7be704b504a65b01556873335a6

SHA512
a6b061766fb1b30c9dcb004c2a46caf2b9b7ca880f845f451e1c88fe39ccdd78afc4e488eae05008e403d7e61dba4b485e413d86382765a160826e8e55f3afa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7748149e44a2cb1b505b9d810953bf04

SHA1
7bd454ddc753a1fadebf43fe80b5b29930108e0e

SHA256
8cf11cb2b543ab6a371b93bfe427331d56feba4b45f00b98e3b2db4113b8339a

SHA512
b480982448554742112c813b7b62006a11a36662316b02587aafbf6a27db493c4ee86ee99cfec29a9808660bf164637518397c519d62f64710ba5df649358004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb3acc80241723aadc5cde2de46a1c20

SHA1
fe7b816a97a8fb79c5dcd201da5030af89732da1

SHA256
0c1253c4c74866474ea6fc6a6223d84f17f6c7146f9cde459be3f6fd6225a55c

SHA512
28fd4febabbfa179c41ded2f993bfd6cc4889fb818e0a5c85d091070db9cf85211cd0f9cd60f6eb2dd90eaf200714b7cde74507832ab5eecf5be685e2eb1af21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a337876c92e8696220c980d814d37424

SHA1
eb9bbbd9758f5ef35f51cadf578b59eb49a11474

SHA256
d0983233daa59203721c0d87eb1d62ee622ee5da8cea3942f5763c90630cd91e

SHA512
81ddaaf46c47f07c5660257f779846544e0bee2531e6f6ac4dc7170a4924b70ee95a0c2e100463769b8a2c6cb80b45fc4346f23882b2fa50d28849785b82b40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
86ccfd6b00ccad6c313ead706785008f

SHA1
4c2b63d5a52f0e7584cf45c3336b8e936bb3f69d

SHA256
3694221581a8ed4c97ca26cd34368e6e68b3002f13bb7257b18c15247b4e5b4b

SHA512
c6b56249329384be34a0dd9e67fa7649bf04bcad72f762df0d17e984f0dd8b4f618d170304e3522c069635d9627dfabfac7bc82a665d84279aecc8a78c7acd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b7b0cdcc3cf382b1b15c9418859d976a

SHA1
52de0f1fdfea1f0947fe2e920c16d89694be9922

SHA256
f2b3a7a1ff9e1f80e1b81bfbf2f4a7e856dc3a6f1a22b0358a83717538910515

SHA512
a0fdc3015980914d0cb3dc61113e52d394ea9f78d1bf9f2f2446d1f1eb3183c919e4d454553fc44759859b39c5f5517a7bfd61183143422c641b812c851c1d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9a879ad76502e88734c0928042becd3

SHA1
d46c4412855556a3fdb282be78c02dfcfac66dbe

SHA256
8afeb095e8c5cc8107e1448b33b84e199e022d65e818a14eda4ac88fcee6ba4d

SHA512
16a6bb1d8ca37d33cbe6543c05a2c0f1c03f49bb324b1c3b678eacbc4eeae8b11920c9d9ee655a5107ad02991094117ff7570cdd6073b7f967a1ea3a3d82fa7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
89056432d3414a76aecdbd04ff28f419

SHA1
09a8f0683fc13f3feec528b92f89e95220267077

SHA256
10d5217b0727e444bbbecac8242a4a938d16b533775a8fa033f4225e402e15d6

SHA512
e2c5fcaf26bff0cdadd8dc83d030383241e50877cd8c68430ae001301aed1c6936e016bdbff54c8b94a44d6e0b54e8973847c6a18662ef1e3c997a86c0f808db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
639B

MD5
9deba66d1d1975b595db164a9b384730

SHA1
2dc96a19a2d07d546fb97604f714c419a9240a92

SHA256
bf590448b197e8a228773ae83c1c799d607c802ca51bff2d9b4a4e8561db4132

SHA512
23629e7a4dd1dffb62e88cdca80b731ba4a7403a7bda9273889ed3c24ed2cba81dfe6a8772f8ac693d769b80bbc63b81cbc55c4b35cc0fdd88443cf27a20eb74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
311KB

MD5
635377383fc40ead222c6a97dcd3ce19

SHA1
7c5184debe1a1e6cfdc52b6bb167a1067ae6af19

SHA256
f4c154078cde221c35b214dcb386cc78afb5dafd8a3b73c3d2e17919d24550a8

SHA512
b9e453a907b9f39a3f8737d2e0ee7e1877f98d7b80c83dd90fcf46cf204c9da829347947a7d63d6afbc4a718ee139b63e88270bed790c398f8b4fe25e6173666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
480B

MD5
dbec22671d7559d10c611c79f1cd9627

SHA1
8d9741e34f5219a4f5ae673e198c65c22ea25f87

SHA256
3a58955e79541901154c8a116b5ef33ca74ab79914991e10b8e7ce1551c486eb

SHA512
60fc96f8df877848d4174590d0e89ff97dd6a80b67ef25e728b1047d57a87cb39d2359b0fc2c1c6c9dcfc70980e057cc078fee3914560bffe6831cfbb2cb5b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
98B

MD5
87da7cc03facf7d8a526962b3485d643

SHA1
e2e963bc47b7cd273ac7223f6fbeed31d4b130b1

SHA256
eb3ea5e9be21dfe03973f1d82ae58a1493b263ae41be4e328140d805a7a12766

SHA512
9c0e17a3fc71a39f4c59c97741d26d05f9b32909c06065da8796b6c84b456c192e833316fc587fd3bc969d5d6f0d4f4e491619ae917f681a2c50aaa808bf4919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13385666024314989

Filesize
13KB

MD5
7107a74a8e78714dc8c406a464531871

SHA1
48f2ef3dc3c4523b3090314e225516594e8f7e5c

SHA256
c1947c1fff7761301662c4acb328bdd16a26e062a66fc438525a787d066368eb

SHA512
cd51bfd1146b51380e0bc857ae3e2b7f3b4026e4222eca1027ab8e8a8d5b9239c5a67e3ac0a68731cbbac67f4d69cf1bd6fae69ac15a5903a79b9f6104753be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
250B

MD5
238b5dda1ebed831035ea1cad096fafe

SHA1
e7ba2715e18f64f2be7c2b143120e3b968588444

SHA256
290f2997fa422c2735d0f38afa515bd7579597b1c21572b34f51036fe6f3c3ec

SHA512
4ade6cd2753d26ded233ca8d73d75e8d90345db31b5f12055819e8ac93d3b67a6ef7e5531d5423b6c2fdf12283c2a690e8d85dd03c0504d2d45f691bf4daa9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
94f9e01fb0351053a78a03a06d885093

SHA1
27b34062a82ae8324f46c0d31a5c455cdd564b63

SHA256
5aa020b3309342ae80606d7043700a815e1e72ff7226a4138d6defa4e1aafb04

SHA512
c6b6805312280136e501ec84a3a90f7ac46e6a162e748f05f36daa43803dd33f81db8010a954979e6cb1798174327d51a13f642ef88d041439c5552bd59b42c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
bbaa2eb81dabd37d59edd5075a2d77a5

SHA1
246e2c1de49f38d870d864d0cbe6a815e36101b3

SHA256
d8ec3f802cd5af468205d972dd77662fa202abf97277ce6dc2a07d1abc32af47

SHA512
7c82e7729b9cc299fb79b9908a9dc851f77209a01ed81ea8c182735d1e550b38387121f50bddce3c10745bcbf451f918ab7793711e9da223be9a821d4323e47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89bac91b4b32813e81dfceeb2b003303

SHA1
8d9b5a453e71499145b3419f681f7327397be873

SHA256
65c9fbedbe58cc60c437fc109f16b3d54dca6abcf2113baf43040038d7458d65

SHA512
80d6b66483d09865b7222af9484f20b13163ad7327ce8cd8870d28da9c212ec2ec3b233c605a12dcf01552f1561863af01801f9986526860c99e0ad8ef2ca9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f4a2849cccbb6dd281e848c2f07eab5

SHA1
95c8ab478905380cc54bcd69517fe6c872c40623

SHA256
dff46ef11b835be98c8a347466205fff966366cfd957b8b5ec6a82a097278984

SHA512
67babe91bd91d64356b25f3814a1a3c26d02852fd4feb9fe7d5c4e602e189a2b3cbdee54c4e60ff4aed408497b247663b99347ad08ea4af61924b6a36e1aff4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5876f0.TMP

Filesize
370B

MD5
8dbf079422750feaa19c6cfa43cd16ef

SHA1
7606bd8b0ed15cad9c9908ec290f2ed1c1a54f23

SHA256
08b3ceeed0805525fbd3b6b77606e1567978b3a5941b277e4569e8c681379834

SHA512
afd7851b25be7a17fd156087551b8b13747edef2ec293780d8044d3dd46416135b501ac1c44aca13bb3dc58464d75cb664a9b9e1330f9d1fa4f7ba324b8f7036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1e4038e39d0aed2e62c11e95135f1a54

SHA1
470fb4262288e07e98b7385654e005e59a6d7a94

SHA256
2b9aa525b4e793df07b88b6bf97c0334820eb1e9778bebe44309ec2aa1e02f2c

SHA512
a47d2cec87c3bb45293ec8b6864fbbb6729c3f5fc891329a42323f6d6a9df2756af33e55e34b3ba0890f76dd7cfe53e5bd1d88d4dc506f743c744b2ab14567c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
411f3de1ad362e0ca1e2800ecaf8c50f

SHA1
e47675ac6fcedc0753e68f24c5e81aa4f9e5e5d7

SHA256
91b8313e8de90e5f2a3183e1ebef4eaa705bb33f69f86a9e44aab3f755d6cd3e

SHA512
4fb0b9f8b9fb73b6b6b990daf653d832363d16c1f19bb28bb63b291f745f7ecc18247edfe3bc185e18d46a2c70d61394583b69965b6bc1ac58e0c093751d5743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ad63500a-9345-4900-95d1-4be525fad03d.tmp

Filesize
1KB

MD5
8b135d8f033ff7acea731b72293fcf00

SHA1
8d1740eed05eeb484256ff246e74d24a1fa40460

SHA256
a309b4322b40a97d7c777b02974f596020d350e168ce8be8d6fe2114c96217d3

SHA512
bb7dfcf2008b1a667c9c8c67644c29be09331a629de07475394ba1e6a09597c07ddb2ef48802d40c9ea917fce656dac29afe113dab98a70afc312046a1c11eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
80KB

MD5
56db36dcf0e19ca6d7f91fa8343cdffd

SHA1
057fa553e429a89890a26c608676931d92d9fa74

SHA256
1fb980aa9bd35f1c896b8b82515f360840f574320bb0d2db5deeae8377afab60

SHA512
5d504a49458d547456b1e4cd4c14b8add2b0ca666b7e2c7c39a346babc7be5fc406896fb14dd9d5ea50863ef46a7027dbe57c95f65e8e8ea94b72e6d2856206b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
274KB

MD5
b233543c21fd60695a60a8d17a0188b6

SHA1
8e0c1f7afcdea36ce3302759c8cc15934152a086

SHA256
aa3de1390902a8f2862eb4ce85bd4599b77a0748077964ba33b9afe9fa5f3582

SHA512
cd2bc9a86773c558f968b5509d0919d98ce4864de1e4079cae03beadff3a18be00ecce7bc7fe3c4aa926496f4d445e415eb5133254b81a83cbdbdf00c7f7972d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8a97c655c28bb0117534929bf90e447e

SHA1
502f8e23e661c5ea45c75d9e031935b976b2915b

SHA256
aae7e537f56565f638758001e73161a96ee476b4db37333a79829296a858ee08

SHA512
9c1256df22bf235d851ab779eef6ad8d0ded0028ef8baf5d8be260bbbe7d72523a43550908330d3ae35dbe7557e33e039d62b421a355784e0bddeffcda84fa31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
578931840e98b9016bcf017b695c179a

SHA1
1237ee549ec6f613f269b6065f9e0d7f11498d81

SHA256
f31823dc2617b54f0e3a452db668193c6d15c6024b6cb08d4c68be534aa46d5a

SHA512
e5064242027d6794db3847b199522f58dc0e0359c20c4479c7657ba52a458cdd8a5c6d16b18c13098253aa7f283cd939b883059e2675a6c5b2b64f973c5ec253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
50bce2dd7a58232bf976530d5857c4d6

SHA1
7ca8d3d5dc0688f3ef2227149a90fa94a5c85ff4

SHA256
724c5054c2af5b1dbd9f32dbac5a01b4d9934bb4c2a69945c1d099ba238366a1

SHA512
e4daa92565c86ff7318ef9cd8d2bf61787d40b76f56d9293dc0e0711b11d6cc7de569e21909e37f0525c176107b7790d989779e7c54b8162ba089b4dead4dc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f8a7d6ae53b7b355dd2f500e484b0bc5

SHA1
6e29db698cf9ca044acffc88e68bcc216f29eae9

SHA256
3284c7d1a77d6bf1d564816355e46da9367758de5ccf30e3b8843c3b3423ae24

SHA512
57a079394adf801248a845d5dc694868f9f9d686dd3eebd05c3a2ddf8a90e27a867c488bdcc06c1ff94064756ab99d1b7a3bfcbfe3dead8ea3f4f3b718839f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6688b039a56e7aa8e0d53dbda5b322c7

SHA1
9878ad7db6a4cba680ce508af5400ecbacafdd1f

SHA256
c46edceb20ffe35982e1d41d21e34ee484869f4a09fcb978d9a0041142dcbc01

SHA512
31fbb2238eea61f5768caab3df4ac9015e893bbd6474cab37152306ac190d43a57d8a3e33d5c094a26bda53cae3e2f634a7965b84b49bbb4bf9a3f4573cc37a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
327c8c98d451a9e8a4aab0f3b878dbe7

SHA1
19136e28cb588f4a176c075bbbaef223853e58d3

SHA256
470bd896f3bf894ad523aa8bc573e1d44769d2d173ca4a48b1b46169f697e2ac

SHA512
6e231c08fa4f342cca9f2969823981568a2e603a193797c085df2fbe9398ff1ea9b25d2f7a11b35205e950709e371b25cfda94c9e9db913fb19c699975804304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d5a3bba1f8affdd28f741494c0cef2d

SHA1
7d96388d7aee90ede6a48f04ae6a53fe35b5ad0f

SHA256
8e03bd072f2761e9a0984e794affbfeabc51953f4deb5403c9b53f5b0a77d93f

SHA512
42bc81468684fafbce007bd33723e2996a5c5e43bf51da6d5e0752452b4b0287d8bf144eccdf3fec42640274db6f668a756f8b461622482e0c5524e41f0fae57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d95b72d41432954b231b7eb250848bce

SHA1
67a56eff604558d270d68dc0919e0a2f1cf24038

SHA256
95fe048f744c269865eaa63885bb68c0e11169185337330e958d4076db6496b8

SHA512
9d8dbe2ebdab9a66e2cfab7957d54b6b2f44061fecbdb66182f61c174405a214dc40b7d6f493d05bcb36f2ed980e55f7a9a4b1c45d475739955fbae5379476d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d46c2c85ec7f91ae7a35319d86358273

SHA1
6836d429bc0014b7b4698e34f19930125928ec4c

SHA256
be922f4ce01e12bbd2316dfa8b81ec14a14878d2abb98678a3a4ab891aad614a

SHA512
1aad74c9675f265bebe7a5591a3aa710363c7bd2265ffa85c02bfc51ff9e62e1d27271f9dd4410dc177426a273beae330392cad6274da0ce4db372020ae42e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
005764b34091ecc51e53708eaa835754

SHA1
562e7bf3394e2c03e254147a9c0754165bc29fe9

SHA256
36509de9a45248a89616007679e846b646608ace499b6e1b62b4a0117cc3f999

SHA512
3789b10de0f983a396a9f3cf73bc7492ec50be70bd49365e662487eaf742654e5c9d7c9424cc923cd1f627277d00fc5cef2f794a1c8cc5079e6305458584545e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1dfa10ccdcba7676e3f1874d6fccfec3

SHA1
4f44fbe861de2eaf1ef28f4a604469d7f8aa71fb

SHA256
5f6640b867b3e2dd3819893a7ed98e35197a3a2254839a7bd9808280d0faf862

SHA512
213f6574257ed14c4853b52a2947e5aefd2d26535e2db7f7c401478bf17ffd38ae47bff13f45ce9c87dd3cb494b940c587fe7991c26f7549eef3c48e7e4a8952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24abad3306fec00bc09f5f5ac231c83e

SHA1
fdc24ec59f16ba355eceb1cc67b3971de343da21

SHA256
34cb24e47337bfca67736134dfec7a54e289b123ce5c9ebcdd301cc2b375f9ee

SHA512
cca6b22244e4d5b7add10a9a49a5b95dbfc95b717056006abb6bd0af2400f4b54dc6b5e48af66bee6048aae3f7663ce3c426a00081b6e42bb6411e7dcbffa57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eab9ff4086abec8480c297b2aad4854b

SHA1
ac05d6fbe576c2630219eb9d1c8641fec464bdec

SHA256
7a11d022b73a0f7c6043ff6c02766fd97051653520cbafc9470435d97a564556

SHA512
1c558f54790b473426b627e9067eb320637fa3b82e4c3029c0c798e485e56bd5f6936f645218d084a72d7a5c78fc322802ecc06765e6a958d0c2bfb3746b7c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d299afea0ae75501ec9dcca4e0b7dbc4

SHA1
611e93800458b12342176a16a435e19bfe4a16d5

SHA256
7aa29177ee2f6f496d8a2f53809cb5dffbc134a8bbdaec74337ca66dce516dd7

SHA512
50089f179023f18ca0bd57ac4c130b7f2f22c2a00486789c8a469a6bd4a75684ef09492d62006926820f3b6c29a4c1f9fa73bf793cdedb4519e5647df5773014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5be094e4e3df170aa6971a908bbebf74

SHA1
0c2757345939a792174dfc22c866e923c7d67bde

SHA256
141e3d6598af511c1664845be8b7c7f8d2c2e7d31c48b2fa235ef27b5f857bf9

SHA512
aaf82ed15d06b07cfb207372c92cda31456efb5ccc8fe2796886202da2ebf671011175bbcdddebb89d32d09ac0abc5b97596784420968f0371e750ec194c56a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
66c4c58da11920d954fe7da78422631e

SHA1
261502c8f58281945dd72d9544ec86239777e6be

SHA256
d00252407bdec221aea5e922ce0500ede4a50e619866509ccad3305b62ba042c

SHA512
857ad7d7fbc33bb238e119f270a6bd252dc9753c75540306cbf98a8742ecc9a91c37b0a40704c36c68b56461d6c8921448b19d03bfa969c25128b384a6a45cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
50c09f2694e2b571c60486cfdfd372e9

SHA1
0953b665ee3eba86cec45fdb81124148bcfbbaa1

SHA256
31f766c92ddc5473412316d09d7bea0297392e33f2acdeec7f53d1a4b7f690b2

SHA512
ddd3a0e8032547cb835e831b9f4d7259d5211d72b2ecb724b4fb7c91db35995e2488d8e60500a76a6fc47e789145cfa60452891835e9289c1e0fa35a0956be27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Setup_20250305_164241306.html

Filesize
16KB

MD5
7f1269be25b9d126de88f55115d1b1e7

SHA1
14c39d2f6d3427b995a78d8da137831771d350de

SHA256
1d21aef56ab0be4c30d437c42c4746c412500fb07c6370bdc7b2f4adf4a5c766

SHA512
653062ba20216879fde068736b9b3d12b700d157eff58f9040d244ce315892e0a43d3f76b455d80b3a42c1cf0488eb7697db0213672848070c3dff7d52f07cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD8721.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1164_1430507881\1bf46224-63f8-4db2-84cc-09933cfdd118.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1164_1430507881\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
bee7ce2225cccaffa783c40c296239f4

SHA1
4b78e2e5dca7b59a80a62e87a5cfb604426da565

SHA256
0fa87b0a5932db6cee8617a6b1db1a1641fe9b409ac6b63128324be87d4a7e58

SHA512
12b38e3fc9a71f037c47fccac8e7b6588d0703e89ff27fe75699b6a62611985feaf7d5792ff0e8e2d56594deeda2f8f4e3b065b85719faf0ab650091f88ce006

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
fc9faa9d3337cec062ad2a318ccaf78c

SHA1
46df3ff21cab74e5a9f52165851d8636f0c44609

SHA256
b9ea55c91826dd35ca152ee462f016467c24e0cb875b76576f08c93a79d1d48d

SHA512
73d9b910dcedd8215d26bd0518374307030c54bb900c75b5b2883dda84999057c9ccbf5498941385bd5b1ed9253432d5845e5780dfe37fae1560b0e7e571049c

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
memory/400-2208-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/400-2207-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/400-2206-0x000000000C720000-0x000000000C730000-memory.dmp

Filesize
64KB

Download
memory/400-2202-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/400-2199-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/400-2196-0x000000000BC80000-0x000000000BC8E000-memory.dmp

Filesize
56KB

Download
memory/400-2195-0x000000000C600000-0x000000000C638000-memory.dmp

Filesize
224KB

Download
memory/400-2209-0x000000000C720000-0x000000000C730000-memory.dmp

Filesize
64KB

Download
memory/400-2200-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/400-2201-0x000000000C760000-0x000000000C770000-memory.dmp

Filesize
64KB

Download
memory/400-2205-0x000000000C720000-0x000000000C730000-memory.dmp

Filesize
64KB

Download
memory/400-2178-0x0000000000BB0000-0x000000000125E000-memory.dmp

Filesize
6.7MB

Download
memory/1440-2176-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2052-2097-0x0000000005040000-0x00000000050D2000-memory.dmp

Filesize
584KB

Download
memory/2052-2096-0x0000000005420000-0x00000000059C4000-memory.dmp

Filesize
5.6MB

Download
memory/2052-2095-0x00000000005D0000-0x0000000000650000-memory.dmp

Filesize
512KB

Download
memory/3044-1531-0x00007FFFB90D0000-0x00007FFFB90E0000-memory.dmp

Filesize
64KB

Download
memory/3044-1846-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1847-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1849-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1848-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1532-0x00007FFFB90D0000-0x00007FFFB90E0000-memory.dmp

Filesize
64KB

Download
memory/3044-1530-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1529-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1527-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1528-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/3044-1526-0x00007FFFB9890000-0x00007FFFB98A0000-memory.dmp

Filesize
64KB

Download
memory/4412-2177-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/4412-2173-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads