hxxps://websim[.]ai/@EathenERROR/streamsim-with-more-features

Resubmissions

17/03/2025, 21:23

250317-z8nm1ayvdx 10

17/03/2025, 21:20

250317-z6sh6ssj18 7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2025, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://websim.ai/@EathenERROR/streamsim-with-more-features

Score

7^/10

aspackv2 discovery

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0007000000022b4b-1300.dat	aspack_v212_v242

Executes dropped EXE 8 IoCs

pid	Process
4000	Avoid.exe
5672	Avoid.exe
5452	Avoid.exe
5652	Avoid.exe
4600	Avoid.exe
5696	Avoid.exe
4832	Avoid.exe
3036	Avoid.exe

Loads dropped DLL 1 IoCs

pid	Process
1820	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
186	raw.githubusercontent.com
187	raw.githubusercontent.com
188	raw.githubusercontent.com
189	raw.githubusercontent.com

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1839371209\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1257276661\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1033015271\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1033015271\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1501308936\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1257276661\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1501308936\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1839371209\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1257276661\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1257276661\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1485064368\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1485064368\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1501308936\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1501308936\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_903098667\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_903098667\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1257276661\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1485064368\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1033015271\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1501308936\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_903098667\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1839371209\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867200527686504"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{568CA184-6B9D-494B-A30C-925FE9CF7D10}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1062200478-553497403-3857448183-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
4000	Avoid.exe
5672	Avoid.exe
5452	Avoid.exe
5652	Avoid.exe
4600	Avoid.exe
5696	Avoid.exe
4832	Avoid.exe
3036	Avoid.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2016	1820	msedge.exe	86
PID 1820 wrote to memory of 2016	1820	msedge.exe	86
PID 1820 wrote to memory of 1516	1820	msedge.exe	87
PID 1820 wrote to memory of 1516	1820	msedge.exe	87
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 116	1820	msedge.exe	88
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89
PID 1820 wrote to memory of 2892	1820	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://websim.ai/@EathenERROR/streamsim-with-more-features
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffae866f208,0x7ffae866f214,0x7ffae866f220
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2340,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2396,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3540,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5644,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5596,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5872,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6592,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6416,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6712,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6148,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=7024,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7268,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7560,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7664,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:8
  2⤵
  PID:4852
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6940,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=7568 /prefetch:8
  2⤵
  PID:1692
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5672
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5452
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5652
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:4600
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7956,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=7920 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7976,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6784,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7348,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7240,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7228,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6780,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=8060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8060,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,1441341078501381541,17815937380749960029,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x388
1⤵
PID:6024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1352

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:4832

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1033015271\manifest.json

Filesize
118B

MD5
acb8ebb43624ece8dd7964092455d2b7

SHA1
7c61f04b419f927f98120afa18d8553513e2a0f6

SHA256
55b2b1fd2a563b240179fde6335370f5e22068ada77b5dc5af50bbc379c72953

SHA512
8e6c135aa19d6d21b32c6e9c0727ccf3df7e8dfcaf49e3f0ce55af9b53748188949746d69d17cdafd9d77511b1550d970289912a33b3d9c4daed8837762d91c3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1485064368\data.txt

Filesize
112KB

MD5
fd8717bad7cd0f60163e7c2b05210aaa

SHA1
1dd620b2a4b49d16a63d3b73495bbb0388cbdbc9

SHA256
d5facea6ed705ea08962d52a30ebf38f6d42aea50a7af21b103d0388b7dae34a

SHA512
7b3d3867977b04efce86c5cce45ae0125d25344fa85347a83977faaa9ecd205774a976be63d6af48b953b4ca355405aa090d6db482073f77d71607c948acb5ad

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1485064368\manifest.json

Filesize
52B

MD5
8c32b9f390fcc4f061885661dbe797bd

SHA1
c681595df03f9f74ec600e70069c879daf2ca923

SHA256
1431c36e66b4fc53ca74e9b10ea0213245631ad7543fef183a8dd2720a5b4ab4

SHA512
e8bbde18d5de7fe2a8162951d3fe75460efbee71afffb4c0c22f2088dee146fb6bfcccae18d4955608e60a7df716eeb47c0687f45344b45130b368eeaf316418

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1501308936\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1839371209\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_903098667\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6eafc230-651e-45dd-8fb8-2a762bc1b957.tmp

Filesize
16KB

MD5
e04f9f185803590a6423cf944337f518

SHA1
a284432bd2c5e05e6422d3230de4202a906ffea4

SHA256
6e2d78700e80ee85cd83b6b77d9a816a7474c2e28acea4d416c527efcdb6ac7b

SHA512
77c5fb656d029ea03aa57886bdc96064cb97d78dfcbb9ec4b54b33209e415e57c427bae041ff4f59c19e990a65deb3518f50ffacda892e1451ce20ec4b8b196e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
19KB

MD5
4687ddf0106bd395f262e04ed0e2ae20

SHA1
22b448e24172f10c94ad8db784b08aad447f7b6c

SHA256
460c4a12ba4a08e93689c3913d6e26f1607eaf1751d3b3dd49f23c9c50203e4a

SHA512
fa267db82bc2141157668b5fcb56e8d2ae7cc7b0819aeb9c2ecbaa56609c9f04b3e92ecdafc516b13b5d49bf63c8840be5d74c6398390f1598a12966b6cde064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
22KB

MD5
30a800d6b3934b513b4b403ede805374

SHA1
fb6dc13dee2c5f428acac4874e77d49700d5954b

SHA256
eeb422c1c359c956bcfaeddfc12e980c6ba3fb73a5fc41a60f9b6832c39e8880

SHA512
883c4ce5d8e79608f8ae9e494b2d7a3e8527cfa48ba25c31e03cf451a563a7e2b819bff8d2f3aac3f1e6620369cc7182afe99e7903ed40655287e097dc21a515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000dc

Filesize
20KB

MD5
a04093e21d87b9e29abae6edaf9cbfe6

SHA1
d22807c32aac986dac7a32c1e2aa41c34e3c6f2e

SHA256
8e33e4021cf6a681fdc3c6697c5a205eb98e5c92147d572434cf5257cb495f1c

SHA512
93a56f2ed92dbe3f2c742a629246c22577eb55ac8f76ec6c51e1fdd507bc4ca72be86536a73bb811d0b951a2923722320a6a14c3bffc06f75e2c4da255967194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ea

Filesize
20KB

MD5
46fc8f3ede80e1456ad412d5bf0430f6

SHA1
e349dc8e2724e2bb1a51035280c1c6420f16b452

SHA256
bb959ac2520d1bd1b132f0f560c84c58e40bd894c8ed0159aebfd65b0ca1e309

SHA512
1cb90d4a173a79c9b643942ba53a461a3f520118d4d856081148134a662c4a5b03201cf7434418a9058ba793e2362aba350ed9765aef4efd8ff497e99193f9b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000101

Filesize
20KB

MD5
a6468b9bc762fb89576c99cfc12cc470

SHA1
ffabc1e7d1053cade597e0027466021f4a468752

SHA256
d14433247d198521d0fdd8600a9ad92236f42a85e3179693824cda720d9da4a3

SHA512
ebf0adaf0f66d88758449287a697b408d091826f053a2c817f89f5307655624ffb3e0de7124c43547efc2c90d6b6a7e2ef462dbe065f9d776f9e08441e6c3e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00013e

Filesize
21KB

MD5
94aece900b563b8896354bb9ce2c0afa

SHA1
7f0ae18d13721f8d4974696b0a9a46edfc65f202

SHA256
4a562db71b7c2b3e23d05c17700c07dafad16cefbf3f1615272b5b98f5a84c07

SHA512
d962ada85c14fa408c13d8d0fca3168ea33e8e8c3e1f63d7c4e9fd68513ebb5366d330c21dce73248c57746642cd340bff704b397970f0fd5d67a488359d9134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00014c

Filesize
21KB

MD5
f07b89efc6ac53433c14e9433d0b30a1

SHA1
1e93ac2466f3d3d567b435a1b06c8db0e684ee60

SHA256
2216fd2a2be255d1077dff160df60ccd31a0f5081aea28c1077567dab77cf899

SHA512
ba99f7c88027e8712382ee20adb8aab8ffdf329d3fa74a14f7d3763da87c2a9db93e3057aa2b15b0d52a4a41b53c7f92d60be068056c26b31b9f83f0ddad8bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00014d

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00014e

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00014f

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000150

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000185

Filesize
724KB

MD5
85586f2852749925075a727717ffefe1

SHA1
99f8f5c17379a0549315d68d98d87d44c9c0efc9

SHA256
39ee9765a29af6df93991c762d9a133cc82bce28e4748573884ee5e5b6fb40c3

SHA512
a0288ef877a11591c66f0186be426831e14dfe81576d59d18c781ba81049f829b891d57cd90a51cde386d8a2135f9c507c28cf3deb0c6aaba073cdf6db76387b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
df339765fc9d2347af52c105aa77c300

SHA1
a87d35700ef914178b4118136ca24b3cc9a1d9ce

SHA256
cee8faca5c81269f8caa40fb0f2c7d394fe90a2333190901654bf28b1608acab

SHA512
f7d556221b93b6dff088e0879c811c7ee9e5b7b29b9e46f7c093691ac34c34d3b60bc477b4e3ef303d775554f00f611469f786afbb9d123f9d8b1ea722249244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe586aac.TMP

Filesize
3KB

MD5
2194930fc49eae5eaf920913f2f3d742

SHA1
2c4b9c44e15d5556e951a1d3f8fdc06333ad259c

SHA256
7e1ddd32b57cded790c9adc2486014a47bb9b33acaefd3ebd89f6522249484eb

SHA512
93b0cdcc9fd0de65fc6fb2d3641f7b95577142960ac912c5f741a21c2020a1edbb4e8cb62466c2dfed4f2b8633e0b66330429ba2773e91250d9434178ac8461c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1ef96160c5518ca7d38cafaf6e917a5d

SHA1
2b78ed21fc4cc7c4e64756f1f73a3828a87f34ea

SHA256
5b03f159ca26ec56ebbfa059f5ddaa3cf64ecd68c91d196aff3f4bbda24ffaba

SHA512
9545333d1d670fadb9ab45951e5c10a55239da3c527df62e720961b82b2a94948f1de83ba7b822f53e9d8f9759a5dc00245b87a988cad564d82648d142097601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ed4921ae42afa48602ea0fc462578761

SHA1
95ffe793216510388544350e6eaf6b752b050f1c

SHA256
e8e874f382a3d6bc6e8c09a3bf899ba4c3e57f5475a8052c08a6b554f1cb8522

SHA512
9891d955237156f318e5496e7df22937b0b5ecc483897e8f4c817d54b918c19d2c993f3b44bcb286a467b71ee00b4f9a7eeae931d384cf23779bc745f5e7a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
218011623f8ec93714e56d876ecac135

SHA1
3f9b981bd4c479f9fd2dac22105fa65c27aad042

SHA256
db6f33657965c2710c23f12f9c6eb84f3e43bccc823518c248c187e9d719d75e

SHA512
425030ad943f785381f49f1d8163dd3b0274125b12474c85e5d78fbb08626d818cfb7c6713465aa99cbe6623888a1f1c36ebb17927557ea9c4919821978772cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
cdb1d0636df82ede025ac9bd5edda41d

SHA1
2f595ba074ba7037bc14feb0b843dc5dd429ef7d

SHA256
3c42e9f4750b055e04d9ea51884fe821c137f7321f93c731edd46fdef0e17e42

SHA512
0c36bdf804310ec53235ad8375f332df7860d8aa4d93e56959eee9bae061b2e291f9ba2c78c63a631f1a5d72a6da564c56e84c7b268c94075ff9f684b2881b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
79656ba3dafaf6b4c1819fab74503776

SHA1
bf28a9f2163bb5c827696b9ac280d727da1181a4

SHA256
c4956ad0491d80f55d5085d403339e49e899e1aa5a62cc4978e3d182d49b2edc

SHA512
c9d670080bca7c2c18153dc5aac2556fdc3b9fe94f58fc379f830f2225a3913d0c59a74a7f7442ce6e6c3967b33af3468ca8885800e62571705a2c39d12974b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ad0b1f1b8d58bec91deee1a648bf8234

SHA1
9cee417e559e4da54e8a9d6e3a99797f483b32fb

SHA256
897fec95b0f3553e5d49cc88e9a33c006483574e5f565322e1df866b8eaad99f

SHA512
4a80cfacdee94cc705e002e6c3b2560b9e822d80afeeb6584ca1978f8679e83ded26953204184825b4659684f711a10186d8b65859748e654af5ea31d2783798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
c0e8bc91ffd4c23bfa5b4c0abbd6d2f4

SHA1
e6a0764fba03c99eb664ea8ab1e8d1a47e60b635

SHA256
75b319042832a35e2150c462a353b2d359ea27b8143bfc1084b595e6db173a5b

SHA512
1fa1d205fd123ee59e38defe1cba4edf141dfb7eebe7ceca866829a24d07bffe96002ce1a10924a0ade5b4afed79c6bccf19abb9b8816dd5d96f12c0d51432a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
bf8f30fedf635c9971b5307e9e7a89d0

SHA1
ef40e93f2f4cdd5e1e47d399e35bfd4ab2b02e5b

SHA256
1ec1de8bc67ed93655b8b29134aa61f4a149b697cd5e08f7e26c5dce6b02d88c

SHA512
8465008079f6adc50c1bb5b064aad79e68c6858f4ac73780b9f7fee6c945617d7ca9ebad4c52f9b6698813fb38a76ff1f9d408148b8e90688190432c50e76bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
01340ebc24b57e751f31763bad043b82

SHA1
8ff0306cfca1a25cd14adda7d1e755cc9dfc686f

SHA256
a254398dd51693ae95b94d474a0f53472f2f21828242b5c870d6f5fbbd4c8a29

SHA512
833a427a041b5b23b7ac7d3f298d776906c2c454d9bdd618d336005b3464188a48ecd038cc38fb8d67170ece9a1c34a5869e0d27a12b005abc7b5ea4f30762c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
02c5bf4a72a41dc5e7a5634365c7e05d

SHA1
3d982855bf69f654834df939ba841bc905add5f2

SHA256
7af9384a6880df4ebf41d4b6d17cf63cbcddb7f40f23780f291bcea6437cab48

SHA512
db983c69f85d821b0fc929e76caea5c322a63d11eb35cedd2a312d2f7b995b476d7158ff570ba8f09e3152eed72e79cb30b78f9d5fb58666f7c3b4119d37d595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
eb3dd0fd409a2d8708ca1ecb26fe79a9

SHA1
da292f519d6617a23ec3c70c60f31e4e74e910ca

SHA256
ceb2b8cd5768e2aa48b2be4b0852bf97ffbe35a1f4e69fa17ae64581c265b4f0

SHA512
61db1f9907813582f3af66f94e8c508dc135f1c511f5610e1763109cfbf02de796efe9d435f50d3327fc706b62c46406686aeea6fe46fc16dc266cc27f779442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
18KB

MD5
559beb1cf25cfa0506435b96e262d0d0

SHA1
700b7101abf044a8342aefc9cb02083241eabed4

SHA256
8f762f9eb08ab7907efed6a47bb359b115c86e5c301fabbe36c0e1ffcccbb63e

SHA512
d16096cce01eb07807d5595c3964694672bcef47ae37178c2b1cb1043d64d77fd9310b43f4194306b4cbf5a32f63b688287a9927bce7da7fdee17787015dc781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
03c7f5536f679a521f0a016c11213cd2

SHA1
c94a64dd865bcbd2c9f010bb79f15b4696290fa4

SHA256
549f45053279ca653224204dabf1e30641cd0bfa2a03e4d56698ab9c90ede222

SHA512
e027ba80e76609dcc5920795a7c59e0ba6e7807ec4469164b1e695fca8d10b698f1ad7c8053e14547e7a0c023ed4e945441f85ed96932e28cf0567e8a9477f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
c1b3ca1ce7bd4e9ae2fea3bcfcb4c178

SHA1
7c5a4444701eb95f214a3810ba496c9b5d8e8a52

SHA256
128c0f1b7158faec44f664c4007850d9cdac6d441b01cab6c7292e9fa0da6cd7

SHA512
5b0453617e902cedf25ada7ad3ca4c6c68d714c516a589c5f5a0a781bbded3191e53421cecbb2b18d1f7abecad0aa851a23b5f499dbbd7d4d8429658f266d6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
218c4405157e689bf24f2ff731506e33

SHA1
1a568f7abcfd03ad24cee431204bd6986e6ea893

SHA256
8f9cb89abac62d0aa21570fdf73e3e4bcd0df30fdd0f6c092295f6482917803f

SHA512
7e5beeedfca68fdf51c2ce261347b9071a2fb38e43af170e0ed62e8919ecef548cc319a27485e3b6ec8ce63848d5eec5e2e58728cceaf23afab3d10dc0cf652e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
6af5896a4855ff6da83dcb499893a56b

SHA1
c5e8f55d00a90874b8b63d3473a8f2898fd76596

SHA256
fccd07bb6d66c5e12c5e5457ccf996c4c853095469465c8a281f21b7480d99a0

SHA512
03e1225668e39be365d2bf74752c26ae94418fbc3eadb54af618ebff68c1f76038ad895a5649fa920e0aa1f9f5810d7de3b31d014dff43445733f50c26c28c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
8fd737f03606a4d4b94de38f3057e709

SHA1
898c9aad1454ab2b2d07bd3894e8b9f949b09dda

SHA256
f803f35d238fbb4c237842a40ed2e8605d47e45d8d41b2744ea3c31679baf204

SHA512
ee30d211ebf9abd0a189cb5efdb5bd5519a474b4b9fa888b0681c547ca5ca56b4cac07def84ba0668c9697038ff0da8d8091f4b53d920d6a7dabd765b53f9ae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
1285a514fdecece2da99345c90e324c2

SHA1
ef4264ab22b384fe6e5737df8cd9d6f629ec9abb

SHA256
99a0ca3e06b5aba8e1483615489eac1783fd6a902ba4db69d827a131325af8c5

SHA512
e56533a3180e24428c0c518e6b79809083efe5c445de213fe91f7b283ef09c285ea5a7b819b38c440b5f8eea6f4a065a575893bfc5308731bfbe4451e0d94185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
47a2499bfe5d49a10f36579a75bd6d93

SHA1
6de0dbb777c416b356e8efe09c5981872ab66d10

SHA256
0d002c12998109cefdd07c638684d3f3be68971300b428316dad318469aaa52a

SHA512
48def902f06981a7d3bbd91a7f183f2a3b6c7a085d58104e2d3e4d3cccf76bf643f56c464f3e66139faeabe17ef69a8634c0ebcfb69930392bc89a14a55e375a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8b0aa4fa7285bce1d38a14890d1815a7

SHA1
41f3d6f7fcb65b8ff6b21b451272e7e432950c5b

SHA256
51c9b49fc6efc02f5fd297c3051d1109b606e74d7635fbac642320a0389c9af3

SHA512
8165c5f3f1c9b5b9f521f2d39feac785bb31f11a869d9cd370ab3e39b0c01c4214178600de216c1a27748540a0d2bf6a70afa9d976a229d3c386baaac3b4f030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
7cff06b85ea12353c5b84fc6e487a69e

SHA1
7e6a52f59dfd276c52a6f1c3c131b83a6ffa5d01

SHA256
5fc5605b7a636d4a0175a7aba84d15361933af9b7fb58ac26d8a42a1fc8b5430

SHA512
6f10687e918ee75cb618155a66c6dab8bcaced114c8692fcf38a8abb7e40959736a963c83658bd20bd4da90f90678fd436b7ab5330af0ff285cf029a35176d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c9ff68d208f4e78f2628186ccbf9ab7d

SHA1
cea4c11784634d53c5ab9924d3a2d1ed5b8d521d

SHA256
cb9a5abccc476d907df77128d1a5574bc723469927f40d7b6c77b72e7698c73e

SHA512
42d32a3583be96857c2c893e5ccaf1c859a222c8192f7890e68919e46a8342e5513f4d7525dd0b3631086df25b0bb16d3a9561b84f644dadf745f10df5847597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57f04b.TMP

Filesize
392B

MD5
b626ae79cbc564386e896b5fb3fe211d

SHA1
71e662dc9224ecbb10ad7679941f3c8ad0d8ca41

SHA256
b0b9f3caacd7f54457735ddeeaace3be7f5bddcfbba26ee19e3cdd2915816c34

SHA512
9b2b6f0628197c7f2f6cfe1f492401f21dc167fbcf87e8d78c751c7133cb584dd19d5e806114aa700fa178a25a41c7f636f02ced4a2ec3115858063dafe26f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.17.1\typosquatting_list.pb

Filesize
631KB

MD5
094ca661fb20ae7e5c26df780e0f7ecd

SHA1
0cc79e2fdf43962d9597b7eec7b34c8983c3562c

SHA256
76f100a3d96cddfbad67460eb0db1a8877a53c8a1881888b208011cd3a9d5726

SHA512
088ca8996eb3bd02f5561b026a9e36755c915d19eb9ae768ee3949491059b1c7e34117b72828d843131df50456c6a162eb2cffe74fd38c273708cd4ac6fda53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
1767190ac50f3a3d103476c4296ec31f

SHA1
e72fcd85ca1b2f2ce64c9f3016fb2556b8a1b70f

SHA256
96052a636199db25699f4845a3ebc78c24b4b009feb42afe8bab52e72b185ed2

SHA512
81220531ad6f428627a702cb2bd08ca554a8740eb41bb3154b4dfd3bdf2f8480fa933b7903e103e52738bf621112be5d7895848fcfe37c1b9abfc75402337024

Download Submit
C:\Users\Admin\Downloads\Avoid.exe

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
memory/3036-1430-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4000-1387-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4600-1392-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4832-1423-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5452-1390-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5652-1391-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5672-1389-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/5696-1393-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download