hxxp://decrypt[.]mn

Resubmissions

07/03/2025, 15:28

250307-swkbgssqs3 10

07/03/2025, 15:12

250307-sk6qcassbv 8

Analysis

max time kernel
325s
max time network
638s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2025, 15:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://decrypt.mn

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Signatures

Disables Task Manager via registry modification
defense_evasion

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	salinewin.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Technetium.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	salinewin.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
1160	reg.exe
3700	reg.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
4300	msedge.exe
4300	msedge.exe
2512	identity_helper.exe
2512	identity_helper.exe
5176	msedge.exe
5176	msedge.exe
3048	msedge.exe
3048	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4156	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4156	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5408	Technetium.exe
2504	salinewin.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 60	4300	msedge.exe	85
PID 4300 wrote to memory of 60	4300	msedge.exe	85
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 3984	4300	msedge.exe	86
PID 4300 wrote to memory of 2120	4300	msedge.exe	87
PID 4300 wrote to memory of 2120	4300	msedge.exe	87
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88
PID 4300 wrote to memory of 4640	4300	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://decrypt.mn
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc02b46f8,0x7ffbc02b4708,0x7ffbc02b4718
  2⤵
  PID:60
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=101653289025536 --process=176 /prefetch:7 --thread=2836
    3⤵
    PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2004 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2536 /prefetch:2
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4212 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4216 /prefetch:2
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4248 /prefetch:2
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2552 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3884 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12212712283213691804,5446899621666172113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4220 /prefetch:2
  2⤵
  PID:700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d0 0x320
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Temp1_Technetium.zip\Technetium.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Technetium.zip\Technetium.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5408
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  PID:4704
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - Modifies registry key
    PID:3700

C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_salinewin.zip\salinewin.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2504
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5920
- - C:\Windows\SysWOW64\reg.exe
    REG ADD hkcu\Software\Microsoft\Windows\CurrentVersion\policies\system /v DisableTaskMgr /t reg_dword /d 1 /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:1160

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:3656

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:2828

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:5320

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5da507c2059b715761792e7106405f0

SHA1
a277fd608467c5a666cf4a4a3e16823b93c6777f

SHA256
8c1d99de087ac5f2e7b2afce66eff36a646bef46800c0c1d7737d6f0df74b7e8

SHA512
01c92729dd8061aa122b116a674c73bb78016f66d2cb8f7fb64907352758a825e87a1e345334386440699d2a6d1e17baccb400c5aee151eb64e64019cbebb870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c6e13dc1762aa873320bed152204f3c

SHA1
38df427d38ca5ce6ce203490a9fb8461c7444e12

SHA256
5c441148843b7c8dbff4c4a72962a532aaf0bdd484d07a03dd9a32fd461b1371

SHA512
133054cb042e11013bfdad1bd11e3407d08cf26a66d0743bea9708d261aa904a1047bb0097b187ecf8436cb6cff3bec28c89e435862cad0e0fa264799556b70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
26KB

MD5
1fdc7d5f60f441782b608e81738dbef2

SHA1
74f699940fb527aee9bf21e8d6172b769c549ff4

SHA256
a1538cf05238cc6c7b0ec08ccda41ca1326209b03f3942dfc49194d79942c738

SHA512
7e481bba26d4662c714b714a78e5a002f43803d50637983650b1827237dd7ca0d773fa1b8b016092424d1f7910e753993a8f04fa81d791f98425f0c5cd5c79da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
245KB

MD5
e720081d3e920e4c3b0e40cfff5f2fae

SHA1
250802a50c2a2e3fa887b2f2fafd424f354100ca

SHA256
02ff85b0a2d10f5628d617e24c2d15117f6c6a1b612bacae094576c92c636028

SHA512
142a70496663222c466b5c114a6ac6d09b3e8c67d0bc7acb7f457287f1c6e8a29ef9d0ae3c657c1b9e6d4294d99c9d805de884b706d853d54b5a515d67ff5c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
50KB

MD5
d49ec70bab1620724c62f5ee15b83b1c

SHA1
e8d0c874dd65fde2a629110856d75459dac13467

SHA256
54e65f925e8ff6aaa9ad7b5de6fdedd567580b2955b280a7aa8a7c12cfa81968

SHA512
328c8572e094013ac799b1952effa69aacc9685ce98d1817a642c9c9a60f1e836cef806202e09bb8b18820855a9c6a569cab09f6d85977878f0571c8856fd2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
646KB

MD5
8e17b4ce5c0ccc59736c212ad51abe89

SHA1
b02dc730bf61814d29dc0eb3c77e700b47c30fdc

SHA256
2952a5f30593ba1e27fcece37eb2814891f6eb6a604f986428fe8666a379319a

SHA512
91629be6c57a1d5689e68575c70145f61bf72b0aadd827560b17b5142aafdad264f5032d7f925354cbad9a43945a14eae81dccb6413155737cd90ef4e0ebec39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
34KB

MD5
abe88f15456620f4b525b46f7c1bdb93

SHA1
9d56c92f2ec9811e0f5058cf3448627e31d5b303

SHA256
fa3033febebc29dac8931145b25b9ee5caa571b9a2f414f9f157a0d1f9021f82

SHA512
1c8b61054b2b15df90103cd2d85e9b147db50c704b8e9122045c82ec5e7f627973cacc302c328bfe95b8808da46e859b75d5f4cb7897f2adda7654d254b2b58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
34KB

MD5
c7389516ed0087969d1a9ce874e7978f

SHA1
a375ca3fe9dbeb7dd4cabc63108f7951d3529bba

SHA256
ed5e733bd18e480e5f2877f4b8e400df060c2b0340007d55368af36d4ce8b385

SHA512
a3b34cfc9f9b23b0b3c57fdf50a2a309a94f4d76751351c895cce6286beed6d2393c9549661e94a9356652aad9d006c9874d7c966831cdeb82208fa708082979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
16KB

MD5
42ba6fe9f04279ec0cfec16db1dd6ebf

SHA1
2f23c21460495c5a69aded216f00cefeb78c5e2e

SHA256
8ed81a3d66d94bc6cc54f85591fc46791464316fb36500411c67a661d01bdd0a

SHA512
719c004b058c617c0eeba86470d40027b51696d92494d36e34dd94f882f02051786e850470d1b016bb1b0df384c08c38d15867a364d7ae12779d292b96a53bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
48KB

MD5
d2e9a03b909ad24c4d2f4ab41e7155bd

SHA1
0529c936a29d593c8d9cd3ba3cd9c33e77875d64

SHA256
a82ffb446a86f915cb36aa68e63a7a1f15429397d516c9bb4c3e50e9290958f9

SHA512
fbd3266e0da346c3313a28544031b72eb17f86fa3e583af616d45ec48283cb01a99631de8c8d9adca81f331740b25dc0e3ed575f7a48c91eb7aa95086e7cd983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
cf86e7d42ddbf446bffd9bf3e7f4c99d

SHA1
3b4addaad37e09fa29c461d01f146b7f449a5416

SHA256
bd1e7e52b02516c8cf560523d49a313dc3e4400638a415bd4074560653402bf8

SHA512
497657d292edc3c36dd889b4cc8b939c423df18a2fdceda37f97f7ef3efff56cacd37ab89a7547c56a757065e84ddf70ad4a4bd290556771fa1027f447f40f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0c0029a6cac007b5b409cca8320e1089

SHA1
fb15cf8c6e063dd8d2efc7c83195e977a6a051c8

SHA256
8e08d718f53cbe122065331b91f0d73375f2bdfeeb6f3cc95ab47d6c798b1717

SHA512
9d87f1e9ff8211dc4697f64e7523f3cb021b34b21b88a90cb6b8d7a287cd5c6a6174439752c0c06fe52abc62f43bb7dd135c47ed2cff0269089825096a6025e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d5f7eaddbb91d20257b781a3e3f3b115

SHA1
e213274f7084d1ff9196f0c6f0cd267021830395

SHA256
988aad059f07bfee5197504040e2306494f8a3748c2f90e8a9683876629cb7bd

SHA512
2963316b0b04864b52f9fb256ca5088e59cc823dac89c3aad6b6da8fdc59762ea2450b639018677fe1be47ed6c25f4caabfa3858b2116724089c53511b6f2007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
872d96578ae668ee7f221a54485bf27d

SHA1
54ba6e928196b7c33e4b2fea7c267f35492cc036

SHA256
53d8bf84d6dad34ec7174c33ca8c6ab598cb495ac7b930f0c6f420565c4e904a

SHA512
3aced725bbe70e60ae0ddec68af5c461c1955fcf6f4e0f0e40838780fa84278cc9e5c4e6206075052b05b23c976403f3934418ae60069365f456e6e9770c98b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4e78036c21c248be1cc20f07c4e75cb3

SHA1
3c1d94dfc8af0c062e5564c498986882e004be16

SHA256
75940c0d5d6164b0e82a88b25ee2583d25ab1b1fd0df9e61808c6b480c4e7cd7

SHA512
6377d6d8af99a672d28a56ccd3708d6d9d6381e16a00fa4574bd0573b4d1fc77275b7acf6c37cee87efe6fe1798e5b146399c3a9f1a4fe0bcd25fa8bf0789cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7647c5faf3673dc69971212996b23026

SHA1
0c31089ee8e95cbfe366d39ed4cb0d7f8797e605

SHA256
900479c47cce8f6500b4e99a9dc53f174043763cd1e65961d452ae51262fbd2a

SHA512
9beb6aacc5c07bf28f9e86ca73d2309b241dbab6e66c5c7a1f9c6cae603896059ee3bdcb4cf35ce675352cd3d9d4ad1a1653c2090e25e3e44fcdc25aadd8dd0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f4f6744d7a9ff55f335ebac8951b6ac4

SHA1
edabcd742adff7e7efd885ea75cf747c9b5ad3ad

SHA256
866ddb788e87d369c03370da6d749dac45cc1340716c44d26801edbb180f665f

SHA512
ae10c9b9d60086417447d6d12aa75ab6474c383c39c8b702fdb0b4fb97b2d988e8ab96ec22680a6de0e59b64feab3cfbbb196108f50585fed4cdf2fcd89123cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
166f122a4a8406f374c526ebb3c0dd14

SHA1
2716f2612167524ff5fedcbf8c3b5a48df978283

SHA256
e1a46cc419517478cc217b98fdff2c3e96540402c1db1bcb4b64de9af6f03ea6

SHA512
14976b1ef7d455cffc1fdf6adead579410c23cd1c417f385614daae75e845b80c80399308098beda57ed3e47eef756b983ac1c0629c3e9c88f37626f12a1e8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
d520a075288be943bcd853d948a34985

SHA1
49cbd27e1c741ac0bd1e7d02a902df7c7ac368b0

SHA256
7261fea79db951c5f1702e54a817e3b773d0f74aa73cbafa2f79434225a86469

SHA512
ca1d3c6ae3f756a51b55abab84b22c3d06d9c5c9e891402687d07c24efeaf8319aee3eea68cae0b884b9c4499e2f56425abd44998dfbe244de5784f1cd099852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
60b0d218118a7293eb549e6b087a326a

SHA1
21dad563e82600558f8090074421c782c49fe443

SHA256
7936e6e25cedefc3c5b599959010bcf8e74319a52036aeddd92b40a5056f9b21

SHA512
0445435492fd5d6484b2a705522e71947461ab2a9512c46623544eaf1c6b6928be4f73599d41cae271e23c326ed7a28cc149ae39a897b628a991845f8989885a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
865B

MD5
dfea1f69739ea411304783df2e1a34ae

SHA1
9aef3aaef22f5259e8b1e7c10ee5b982d9edff1e

SHA256
77248b373232c18000016a09ef3939a7d9bd8ceb1cc5bf1bfcc654c52a17fb2b

SHA512
50b0e507b174dada865909996108a7f29c53001cfe37aaa894fc132cb1b4371358300656531c13237365b699707ba27cf840aad8e16be657d55d2f0e35dc0dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
be764c4859bcb768495a99327fd3eaa4

SHA1
55f90fcf9c6b1b72b1f555a52fe1e5d4d7cd0b36

SHA256
f59b757a1e9d54fb6fe2bc5ca2b785a09f71163294b79dd4372b98141d706c8a

SHA512
ab7457a31d621b2b89eb243fbfea076d854e7b41889a269cd0d36796d2cdc2c0555e852625e1528a19c44c24eef4cfb3e208e5d2b94c08c303311a31d806b56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1336b7158a9521f8ce432be097caa99d

SHA1
2d619e677817826b6e8b1437a634d25591258743

SHA256
c6060718b0d7014d45ace7c92c825f4fee7a8bdaea9230a24d67b946545e4fb9

SHA512
019d575b11e9d87da10356f8f455e90feffd2695ce64fae0d6b8d685ac83f4f559d8ac794658c48dfe1d00cf262a1146d936441bd52beac247dbc04f36962185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
134430a7e175e840c1f3e8035aef1afe

SHA1
dfaf57d624288ae87125a8b8aa1b6bf78c5e433f

SHA256
0738b3cea11840815c7fe47691ea3e8fd909ec7d4b44b06233a4f4a0d3ecd5f6

SHA512
b294a3d7792662be40513e8b003c97f8c662ccf296a40a830c08c74c88be544142af552a973bae83bbcdc7e556ea8401883c9eaeb6236ace17c25329db8a6b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77c501cbb383e19c84da9f325bf5f71d

SHA1
884f814d4e72d49495c3b669397366fa45447c19

SHA256
7faaaf46e4c9675c93003586ece08cba60254f0ad70f264586d8341d6ce56ef5

SHA512
a78be50d75c29e6b5d27b7603092073e10e0814af6e247805eb83f8fa7d690ef4e3921380ae18cac5955b21cb5ed4b8a31b7ba7900920a431081571446fe3e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
368446c91f83cfcc93fc113e228c99ee

SHA1
8042f5960bf31929fcb0c230af70b43db8f17cbe

SHA256
d769b947233b48ed0361d2939659b5a9109b10b89a62b4beceabc8ecbeb7db75

SHA512
48bfd212a4963ac5763efa9f7c6e4f0b1db318f1ca64d316da47aa2848e884a1bb74baf246deb2c53456521b58554d3c16044dc35acad24889dbf37b002aaee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d6609a9e0f8b8ee65bc85bb1e5680a8a

SHA1
5222759213a8f46f919503a7e3e9d888568f111f

SHA256
67b5a40849e274657b866d6255782e9364e9eaa29b194c671df35b3ef46d4e11

SHA512
2906d4f1bf2eaf8af8284493268e103936c1292636d34a821121b0de8f671692aaa86d672e0abb64aeab40efe0174a66de9e64473467f304913f45d966c642a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1a96c6bb3cec6e3b0b157e1e07d3c167

SHA1
d92827559dce85c9eed25a58b2dd878e51e2a510

SHA256
1731b687d49a8d73a02e03ec55f2f4114497bea69b4cb9d843bde7e454e0219f

SHA512
40d61942434351f8ba813db5ae9f4a2a9b20ad86b30c20eee5affa35e44a05ed5d6a1b637029f2ad258ac43cbb3f88143521b69d11592978544c888529d47792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff3043a78b47d2b69d021db54f4491e6

SHA1
a5adb281183e4d6812663451e5eb1189498ef6ee

SHA256
ad091402cc5919bd4ecab56a125c3319a0b0c9d11ca509171fc3b27b0eb5facb

SHA512
3f04bd89557fc46d7b36b6e5f60e491864c8ccc47a9cd96989c72ef4a8a36edc5c1d7845d769ecf5b2cd5547129178fdaa0a4383630b85f21ae77ee34883c04f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e870f99957a3ee6c7b1be4173de715d1

SHA1
20f4e7178b66df3115f97a02a28e75b91fa1da69

SHA256
226a21adbbff13a7bd23bd36df9e642325cfc806f16f9766cabf069a48b33fa3

SHA512
e13e685caceb8843267e1251e67c748702075b8a55ee8918898983291722779c61996fd808accfbc7d6477910b6d0a2d9cf72a1433dcdb0b661068fe348815cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6bacd80510379b15483669621f83f096

SHA1
b87062258a06c24b96ed02bee8d9d14046d8a6a5

SHA256
c62e3b34b2df297f2cee51b9f83588ad785b7f6b9ddf4b85a2ac1408d23ad83e

SHA512
6dd1a5e76025d9eb3a7623ec03b1c48e39b8efa7ceab752d9c017a57b6e20245afae00401bcef9ce5e632d30b26a8e4f9cf37fe6eb1759081b126815c495014e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
95b7a1274862121a214edda7054d03f0

SHA1
722a9528e96e24e3e1978cce8aba218c0de28c1d

SHA256
8631496b9cfb81046a8756cf57205a16c9ceecdff3796de5a3edc896024178ff

SHA512
7510eb5cc23dce310fd6e2cc772100433c028cd9e75ca9687eb9b0e55c88ba51f6d9dd8c37ffe8b8d83fcd6147610b25f0f8592b176633994a4e48a4ef31221c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b98b4a0e92415839958832b45b3a9eb9

SHA1
9475f542c64b6be9c5203ed721c068d78f84dfe2

SHA256
035acf535742dae00a674fad9581cd0ca182af5957c75bfe0a74ca78d34bc308

SHA512
add7fc6ab4c4f244901db24990098fbfd7bb2bb1262a8492c8d8a74952bcc5d4ea13576e26db9bade1317a59855260c535f7c27ff4ba17faa8859e0a26e942db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a27ae2b323d31f173a02a62ecc6d502

SHA1
2dee1e7e23d007325a754ce7d8ad40203ff88432

SHA256
56966fad702d3d9f1b1bc3e1a0ea868a4746b2a392ddfa69434faa941bd07fa1

SHA512
75971ec20c8d3c1a63b8870b9614de70e3b7fd8ec9bc2ab7d35d956fe3a5c70cc0e01585e38a466a780f1b88a71690faf9cc3bb52ca44fbd90d283bb080b75e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\51f2e084-dcdf-485c-ab14-64351558e58b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\784b524d-935b-411b-9e7e-11fa9d6c099f\index-dir\the-real-index

Filesize
576B

MD5
db1c2e9fc4abe14626f982b9ef34c029

SHA1
13bf03f3f28817d18d48ce83538967287d2120bd

SHA256
f695c8c79a79e655b7fb70d175d58a2e1e8c6ea0c7e8cf8d0b42acdbcc78ab84

SHA512
c29d1ed06b530f8b8f6716c1a10d5edf8d12a68b07acc363f1bf02933264736efda018ccdaecc9dfd46ce2f421787f08a47cec442ed659186bd260793aea0063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\784b524d-935b-411b-9e7e-11fa9d6c099f\index-dir\the-real-index~RFe5b4dee.TMP

Filesize
48B

MD5
464d565801de9e1f4259408a45af3850

SHA1
29e66ad89ac17b453df3f54f7a3dec308b01900a

SHA256
4963b35c27bac8c24f0cba648841fedc120606c2296ed78ea4cbb4ac0a8fcbaf

SHA512
2dcbedd4ff63d0ea7c2ad3a006a086a1d60dbce9b113792ee625036cab13d40d94b0f91712e07aaa5d7156c0cdf67e9dc98d6b1025a059474590c24ed79e1476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\785cbeed-2793-4499-a7e9-eaff7956af61\index-dir\the-real-index

Filesize
2KB

MD5
f25796f8f332ff23dd43b94384782175

SHA1
dd07825ba64536d30f4e7e86275d8d7ef3a3bec3

SHA256
cf08f9064d290ee50992e29219681836c53fe6c4c6325460f4e9d0cd5168b708

SHA512
e5baecf791d59e9566c6b2d34f9edbdefa4d7ea6fad169f11a4224c9eac65fe7470bcd1deb0327a9e271dc98fb6a59d604faf117f7f412522e5a690f35ad7848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\785cbeed-2793-4499-a7e9-eaff7956af61\index-dir\the-real-index

Filesize
2KB

MD5
f9c3273d0aa8b78fadc1172deb3000ae

SHA1
2c9b436b83efd0e7ea5794d1b022c2229644d80f

SHA256
45187acf18c12361e643d302aa8ac4965360ed767b914c6ee5f84346033e2e9e

SHA512
e6f997b108c91ed4f37544ab5222473c7095e230c19d58baae619dfd57b684c1956ae79f20b168a87d1d72994f35ffc7d96a4d269b5f4aa487883523f4457a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\785cbeed-2793-4499-a7e9-eaff7956af61\index-dir\the-real-index

Filesize
2KB

MD5
c2817e18ea05d3f9e82c6a3d83203452

SHA1
6cd079e3a585c5b69466c660c83dabe4fb5a11a2

SHA256
34d964c5b8f92e4a03e3c47dd3d0398ed8f6c84525eca0a7af9889be0252db87

SHA512
a5233c61fdabc8765674723ea9e717660ad0cdd3930fbb3a34be5e7c7f514bcbb2559157d4d1f684e2744e60a6a08fac87e42b97d7f6d881c5df1c71a966e09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\785cbeed-2793-4499-a7e9-eaff7956af61\index-dir\the-real-index~RFe5a6fe2.TMP

Filesize
48B

MD5
c97ccc8f88250e8bc9cc4fe5f2559b53

SHA1
afc5a9452649e4538614338d2308d34639ff695a

SHA256
0dd563d78f0692392b6787872b8e9639e5058f66dcd36757ab98e7d28cc04d5d

SHA512
4e6be17fbe9ee625dad87a23917e269095544083d65ebfee6c9da68d634108f21e6a2deab45ad713c2f21562a6107d7e666b46e7869fae6443c511920decca46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
3c409db20ff776e00e086b478cf117fd

SHA1
40a92a217e069c772212b9bf9dfc1412a43ceb60

SHA256
4d461bdcfd8e89d475770d041e975e43104297c7fb5be7d881f923c51b44f98b

SHA512
1a2ab514697f7a2f03d2716b04528c2dd30bdd866035017b5aec31c4faa0298606c7e815ca70f83f269a1eef6829b670c239fa573b73293ad20e0fc55e31c74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
cbf585fbdb5a9a15a971eddefc03126e

SHA1
57e10b5499574ce361562dc9cb747eeb399e24ad

SHA256
54b7e9768b5563ecaaa54e0b6306d8abbe1a61fe86e9565ed82a2d336133ad4d

SHA512
7ba08bedd55994bc9ceb1e8f063ca8e7da37407877812e412608796e93e0a09b16a9c437019a562085f3b31e5fa6aea6cd145b9c566a092a5c1cd9dae2dab02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
deb7f436fe7e24070f050749493a3fdf

SHA1
25c57f4bfaf578cfda9796f64ea794b2e3d112ba

SHA256
d918b6aa4a1131b2cb86ff2aafab8eb9f32b6dabc3c0689a1d353bfbca173dad

SHA512
68fbb40b13c0779bc9061437019cf63630ba45285f4d91aa6e4f1b2833ea4321f39aa93d8ace8e40fbd5477af43e85cf2df606e6336023cf15fc1ff883643a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
fdbcd7568683140cb03fbecda088aad2

SHA1
57555582149d96ea05c78b9eb4abe98a5f5eeaf3

SHA256
080b95482ed55fa811f1be56a852f01520d689cb435880f20fa30ad844c8aa28

SHA512
d7b8bbfc521dc764084c12e2465854ec216dd9419a4038da2efbc47a670554da26a35f5773ccc522e9cf2f0211491d6396125b348ab103e4b99948fa379248f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
7ee6d0ec3219ef23ec5812f04e2262da

SHA1
936a2616101fd91972d07bc20656cf408fe14d9f

SHA256
297a37af02a565bf1ab606cd356f072b3f6feec827bba10e9c694f126ab81730

SHA512
73c428c85a8ad382fe690a876b1785fb4c4f63dea58279a2336eddaa5d6b6898fc17cb9c2f74af37d564ec5c5b864d869fde2f8e30118673f4f99b06210d4821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
154f290925f792c4b1f063da1bc29bf6

SHA1
613beb53319262cb470a101be95575e5abc04526

SHA256
1dcfa1753076b94798e3e7f94224ade436a7bd86fd1388f1d823f270bad9ee78

SHA512
d3175341bedc14f87e2077abd614288d5158159a917f15b570f9b2ba05430fff9f420e5b825f27d71cd1753d049556529fc7996f5a990327b48e778f3527127e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
9e9e6b224f7413d9d526e8c7ba4ece9d

SHA1
1102707d826ea6e8c23c07c733aa251961d61423

SHA256
3c8f87ecfeb3b992b1e5820d9e33538059250e66918d792bb0617f2b619d9485

SHA512
d8ffb6facd423cabb51b1c86314096c5dc55a0483f9afddf8dfa4cce01198b7ee8263286fd16b737195a89955e65ed335306eff7d454dcbe6cb143c64365e178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ccb094ed9276090ef9a9349c951f9832

SHA1
a7098d0b4f5fd0e769c2ae072a7e6915febc7d7e

SHA256
7c397ed3a0503c642c81431512da630cb6f571650164bdd3e15aedf0966f6955

SHA512
41e5458424576b17fc6da5cc707530eaca297d0ff363ff0c738e96dba80f0c61def73a9a04b58916963ab85c0e06ae4bf3ecaabf6dd2ec73704ffa44364c1177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
999f4be7edaa4ede4b7eeea17a7ab5f9

SHA1
9ee3573e0764b1c57980e36a721d19f56e4e9202

SHA256
5859f35388a1b7470686d468bc0d325317e2abb463fa2dd3bb716deb39835eca

SHA512
56d45cedbbf6b7f35e9817b5dfc165d276257e850eb3caa968b50d53c5697b547636aebb01736380ec7fa916a9a15197b84244b16f22ceec76a0524f4bb1b65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
24afc89e7fc7ba5837b8d3214652aa88

SHA1
ab73fcdc03cffe1e0eb5a8573e030481ec68df50

SHA256
462ed4c47bfb576e850c49c4d789f2776ab81d6df89303800e804a5ef2fbc2d9

SHA512
649ea99a374f29cf246b778b1184474a3617dd77bcea10e6e85428bb0ca1425433d4f70a705a0ea70e9b58dde1a829675e95fc0eae9850eea194d5f6d546827f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9967ae3e3bc5fc27d71689dd82e3506f

SHA1
990df4d61f0387ea22561889606e3d097b13cdb6

SHA256
fde2058f8bb759dd588b824a9d98171bfc9ae9cb6d84acb0e3a9575cab8b33da

SHA512
fff9ff8c1e82f7768da620c7232d9e6b8b117ee601776f904608d6da825bcc1e196cf1595a5d7e83734126eb8f697b1dc81dc6b98cf8b0189c9a858037cfe942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a6a64.TMP

Filesize
48B

MD5
1b6d7f607792852742b62c1c9504d8d0

SHA1
1a3606692b36906c55e5f9ceddad962a78f9c195

SHA256
f6e41864e96419a3ac616cb5796a66e7ee9f93a90ce98b8f2e8f377bac4849e7

SHA512
9da5ff85fc0524833b5386d2b90440703a3371cf4d0a9acd6e533a9fde71f87b9fb4e1c9646ad3c30d99d6ad2d97a25652f8f6b1fa0bdccc1d217df377dbb619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9bfae26c4d91e9f04ffd62f6cc01c45

SHA1
83cec57998de0acfc7eaa63966862287db220644

SHA256
686cda8c8a5b12d96a6e97ba68ad272d6d99b6941395d5af23af8913b101c9ba

SHA512
3c325bd2a8ca79bac7f703716594549f834bcf8dc6bea5f4580d83204484375f0f138cc4f18e851cac009ec2963af6b7cdd7a2bc037f40609514440ef3a32135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9a898fd25e5b0595fd174e5da4406efb

SHA1
2f0148a6147b8d19625cb056037153fc02999e25

SHA256
1ab87d4b8a1c7a55f2f9391a1a4492816783772aeb022e5df9c63511f2baefe0

SHA512
49dfa6826b7253dbc76d6df169daf9096471349ad4399d0c9978e9d01a9d797d4b7fcbf20109e11e6a6f780ba8648c4dc8d806a77c7e0fe9b4659d8769e827bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b04687b45bf5f66230c1c80f2e0cdc2e

SHA1
f74b1329cda07556fb57cd103fd726abbb69ee1c

SHA256
cb2eb8da900ef1886e52cd52864d1abbd49bc66a130dbcfa48bd616582465b33

SHA512
a72965cf5b0ea0d84282bcf4beca445055e662c522e6000e4606e8e6d9c2541ca4d2afa874134732b8907ac599694049813f5fdc220f8b444a3d5205685ce3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
808a9b0498a15c8cf83af33b355a7b24

SHA1
d4816029de8dc5c760b84f6852b019a3b8e452d9

SHA256
ba6d118ad2141e87c06441b7c3139ee6732bccf98c244f28b78ab9ca096d3c45

SHA512
5a8841ab64c6a6a4987ca396996d12579c52b92fda40ee23f8951776965efbca65ac1a601ae020f3c04ac03b2c1f693c5c0ed8cac4e1d49fbec0c60076ab1fc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b9a8af141a54a139668ec726855606c

SHA1
d3bc66a7ee38ac40d48fd715f977cbc8ae224bf3

SHA256
924c87141c0f4f85a0f265ba45c124bffebdc3a043c0f94434cd369876f6a9be

SHA512
0660fdedcb8c0dcace8aa2b88a1fd5b211cd11f34dec40756934093113a31238bb0641601018b6a6e799f82f2f3649e28d303d801aa7b61498a0443df11010ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9af8f47fa9701c600bc63765595337f

SHA1
6fafe39815f9954318dda3bb34433ce020c8c4c3

SHA256
46620d1d6992520b8986d12f8c38d6ea1a3c03c9819261292ba86ffd37bb703c

SHA512
0a90ed1852471d433596354697361db38f2ee45584b998961734cb5589fea8aec25241aca0397c7e442e15ec5ecec303b050066fae22e0f89129698627dbf8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586424.TMP

Filesize
1KB

MD5
19ef6d2fd52e3421a69437f1e323d301

SHA1
0f059fb8284600a29c413d57ec5f786c28d0d13b

SHA256
6013df170e0eefb8defa52830b47642deccfd859a4c35c4fc4e4ec3b20c1c8c7

SHA512
06954d2d188919a2020204b2d8e2de6ca1c8a9d5fa4ce50b94e8d075c95d4925fe125bca6af6109fc8e2cf2e53b4d6800ad982d4168cb5e52f71dff409ce02b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07992706fa545a0bc379f892ad588c36

SHA1
356e668acd54b1be4ed395fbd9f16a1e65a69668

SHA256
adc1aef56e98cf5eb5d6377bef9c526b22f0dc85215bfc3151e7569d23049a76

SHA512
749dd048d43bd34dc0d1739ed25ebf0108814fcb77856f0d7362758d10cc7c1bfdb5d988a6f8e5bdcd44db91b1d6aeedb873add045a857a5db5f19e44c1bb05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c72a4bd49686c8bfd1569cbc900a834d

SHA1
3efd9ca50fd1abf99cce3567f8a64a18e5554493

SHA256
9e7c21b1e2dbe357e7606d2167cf2c99149e041b5fefbbb61f3ad430d26bf3a7

SHA512
849a95fcb78ae0a75175dadeb3210ddfc8e92acf174db0c74a3c2b925e04e3433e3cc219efb83c6e371db320be2aa525d710f9504c2c1de7cff5116b5c771f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c10e0234f726fd4666d09a74c50d83f5

SHA1
300dc401a31408d3b7d1e3ae1f23abae40fa426b

SHA256
d186a9aeec284f589b8ef129fa631cca8bbfd0923b1d50077dae068a3e0c8cad

SHA512
48785f9c3aace0e1c26fbd9f5aa03cd6996df0a3cfb0c6664a32943646f13cd72aa5754977a0288c599b37e0986201bf041d970cf78439e6e6d13a9688543aa9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Technetium.exe-Malware-main.zip

Filesize
1.4MB

MD5
11019821d4d3b2cccdd4819653b21122

SHA1
dcfcc14b9ff4afd28cc88f0fc867328136c5e12b

SHA256
857c319254d9062149020d815bcd43f6d764c65c01bf3c75ea87e24495f1899b

SHA512
b06951112e3725d30ebf6f81a3f2bdb1d9402dee4dde60bce7f4e4d09991c16ac17f03e2bb698c68b151aed4315392c1fb3f72424ae5610afb9d1511570762d2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 124054.crdownload

Filesize
12.1MB

MD5
c8bf514a334eaa148cb3c6135c2fb394

SHA1
0e47a89c3729db5a6f195c6abb04e5129d788df8

SHA256
9127560918eaefe69f1959bcb7f7e13b7e3a7ac156b564922829faaec9b96f67

SHA512
9879a258f429ef492cf495dbddd4f2b9c9fbc061e325aa8ad870ed05049b7ad595b26d223d20c55fc99f403fc9b5d0235353d71bf5d9a39ee4462838feb247ff

Download Submit
memory/2504-1815-0x00000000754B0000-0x00000000754B8000-memory.dmp

Filesize
32KB

Download
memory/4704-1803-0x0000000000050000-0x00000000000AA000-memory.dmp

Filesize
360KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads