Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://pixeldrain.c...

windows11-21h2-x64

10

Analysis

  • max time kernel
    534s
  • max time network
    455s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250314-en
  • resource tags

    arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/03/2025, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://pixeldrain.com/u/TcV2BREC

Score
10/10
akiradiscoveryexecutionpersistenceransomwareransowmwarespywarestealer

Malware Config

Extracted

Path

C:\Program Files (x86)\akira_readme.txt

Family

akira

Ransom Note
Hi friends, Whatever who you are and what your title is if you're reading this it means the internal infrastructure of your company is fully or partially dead, all your backups - virtual, physical - everything that we managed to reach - are completely removed. Moreover, we have taken a great amount of your corporate data prior to encryption. Well, for now let's keep all the tears and resentment to ourselves and try to build a constructive dialogue. We're fully aware of what damage we caused by locking your internal sources. At the moment, you have to know: 1. Dealing with us you will save A LOT due to we are not interested in ruining your financially. We will study in depth your finance, bank & income statements, your savings, investments etc. and present our reasonable demand to you. If you have an active cyber insurance, let us know and we will guide you how to properly use it. Also, dragging out the negotiation process will lead to failing of a deal. 2. Paying us you save your TIME, MONEY, EFFORTS and be back on track within 24 hours approximately. Our decryptor works properly on any files or systems, so you will be able to check it by requesting a test decryption service from the beginning of our conversation. If you decide to recover on your own, keep in mind that you can permanently lose access to some files or accidently corrupt them - in this case we won't be able to help. 3. The security report or the exclusive first-hand information that you will receive upon reaching an agreement is of a great value, since NO full audit of your network will show you the vulnerabilities that we've managed to detect and used in order to get into, identify backup solutions and upload your data. 4. As for your data, if we fail to agree, we will try to sell personal information/trade secrets/databases/source codes - generally speaking, everything that has a value on the darkmarket - to multiple threat actors at ones. Then all of this will be published in our blog - https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion. 5. We're more than negotiable and will definitely find the way to settle this quickly and reach an agreement which will satisfy both of us. If you're indeed interested in our assistance and the services we provide you can reach out to us following simple instructions: 1. Install TOR Browser to get access to our chat room - https://www.torproject.org/download/. 2. Paste this link - https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/0628191501-BDPUC 3. Use this code - 0420-QN-PBZC-TZDI - to log into our chat. Keep in mind that the faster you will get in touch, the less damage we cause.
URLs

https://akiral2iz6a7qgd3ayp3l6yub7xx2uep76idk3u2kollpj5z3z636bad.onion

https://akiralkzxzq2dsrzsrvbr2xgbbu2wgsmxryd4csgfameg52n7efvr2id.onion/d/0628191501-BDPUC

Signatures

  • Akira

    Akira is a ransomware first seen in March 2023 and targets several industries, including education, finance, real estate, manufacturing, and consulting.

    ransomwareakira
  • Akira family
    akira
  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Renames multiple (9856) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Run Powershell command to delete shadowcopy.

    executionransowmware
  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 30 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 63 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 3 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://pixeldrain.com/u/TcV2BREC
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:6088
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7ffae42af208,0x7ffae42af214,0x7ffae42af220
      2⤵
        PID:4516
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=280,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:11
        2⤵
          PID:3012
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2364,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:13
          2⤵
            PID:4856
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2196,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:2
            2⤵
              PID:4832
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
              2⤵
                PID:4268
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
                2⤵
                  PID:2260
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:14
                  2⤵
                    PID:2420
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4852,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:14
                    2⤵
                      PID:2464
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5408,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:14
                      2⤵
                        PID:5520
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5644,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:14
                        2⤵
                          PID:232
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                            cookie_exporter.exe --cookie-json=1136
                            3⤵
                              PID:4360
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:14
                            2⤵
                              PID:6112
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:14
                              2⤵
                                PID:5588
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:14
                                2⤵
                                  PID:1236
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6292,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=6352 /prefetch:1
                                  2⤵
                                    PID:3696
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6304,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
                                    2⤵
                                      PID:5932
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6600,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:1
                                      2⤵
                                        PID:2136
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6452,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=6416 /prefetch:14
                                        2⤵
                                          PID:6048
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:12
                                          2⤵
                                            PID:464
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6824,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:14
                                            2⤵
                                            • Modifies registry class
                                            PID:3868
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=5504,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
                                            2⤵
                                              PID:5568
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7048,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7084 /prefetch:1
                                              2⤵
                                                PID:3516
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7260,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7244 /prefetch:1
                                                2⤵
                                                  PID:544
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7076,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7096 /prefetch:14
                                                  2⤵
                                                    PID:5472
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7024,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7588 /prefetch:14
                                                    2⤵
                                                      PID:5396
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7040,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:14
                                                      2⤵
                                                        PID:3120
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5036,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:1
                                                        2⤵
                                                          PID:2564
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7408 /prefetch:14
                                                          2⤵
                                                          • NTFS ADS
                                                          PID:2480
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5108,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:14
                                                          2⤵
                                                            PID:224
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7824,i,14398465748156665381,4883099969546348158,262144 --variations-seed-version --mojo-platform-channel-handle=7512 /prefetch:14
                                                            2⤵
                                                              PID:6644
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                            1⤵
                                                              PID:2344
                                                            • C:\Windows\System32\rundll32.exe
                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                              1⤵
                                                                PID:5732
                                                              • C:\Program Files\7-Zip\7zG.exe
                                                                "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24480:190:7zEvent20673
                                                                1⤵
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of FindShellTrayWindow
                                                                PID:1380
                                                              • C:\Users\Admin\Downloads\ae455890e2123a9d011e47065828b0a03c08fd66570fab9d0340d2f5d5eb40c3.exe
                                                                "C:\Users\Admin\Downloads\ae455890e2123a9d011e47065828b0a03c08fd66570fab9d0340d2f5d5eb40c3.exe"
                                                                1⤵
                                                                • Drops startup file
                                                                • Executes dropped EXE
                                                                • Drops desktop.ini file(s)
                                                                • Drops file in Program Files directory
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:3016
                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject"
                                                                1⤵
                                                                • Process spawned unexpected child process
                                                                • Command and Scripting Interpreter: PowerShell
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:3120
                                                              • C:\Windows\system32\vssvc.exe
                                                                C:\Windows\system32\vssvc.exe
                                                                1⤵
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:2672
                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Log-27-03-2025-12-48-46.txt
                                                                1⤵
                                                                  PID:3896
                                                                • C:\Windows\explorer.exe
                                                                  explorer.exe
                                                                  1⤵
                                                                  • Boot or Logon Autostart Execution: Active Setup
                                                                  • Enumerates connected drives
                                                                  • Checks SCSI registry key(s)
                                                                  • Modifies Internet Explorer settings
                                                                  • Modifies registry class
                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  • Suspicious use of FindShellTrayWindow
                                                                  • Suspicious use of SendNotifyMessage
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:112
                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\akira_readme.txt
                                                                    2⤵
                                                                    • Opens file in notepad (likely ransom note)
                                                                    PID:4436
                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\akira_readme.txt
                                                                    2⤵
                                                                    • Opens file in notepad (likely ransom note)
                                                                    PID:3696
                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\akira_readme.txt
                                                                    2⤵
                                                                    • Opens file in notepad (likely ransom note)
                                                                    PID:3440
                                                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                  1⤵
                                                                  • Checks processor information in registry
                                                                  • Modifies registry class
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:5508
                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                  1⤵
                                                                  • Enumerates system info in registry
                                                                  • Modifies Internet Explorer settings
                                                                  • Modifies registry class
                                                                  • Suspicious use of SetWindowsHookEx
                                                                  PID:3148

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Program Files (x86)\akira_readme.txt
                                                                  Filesize

                                                                  2KB

                                                                  MD5

                                                                  8d5c0c4b3f8ba6154f269d41fb4ae0bf

                                                                  SHA1

                                                                  f54c99106823a57fd6ef31d5c43767f4ce580d4f

                                                                  SHA256

                                                                  92bfe213fc85dea5d8248570b32dc4c82fc934ed6a03b842643171465de20bbd

                                                                  SHA512

                                                                  ee76730461711aba1427b3e2ce884a916582379a345b31a59e2ba6a952f4863489ad08256f42aec3b2ab3c3df5ffc3a90ad735de732d77f47c2c42af07264961

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  ba50fd27f948363716e9fe0a0b3021b5

                                                                  SHA1

                                                                  ddfeb0dcfc8a3c4619d836e90d9344b9cc1f38d0

                                                                  SHA256

                                                                  8eda35586656e7eca036219ec500986a9e7c04ffe85dae0dc06ed218c3d6e16d

                                                                  SHA512

                                                                  a837cc0db56585d65062734dbb2ac09f7956227b32fdb8bbbb10204e54116eefd44a2aedc781db7a5f84b9d056b6e64f0ebc822399424f5dc9a9dd35f794dfcf

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma
                                                                  Filesize

                                                                  1.0MB

                                                                  MD5

                                                                  8e268d3d7dd70a9d402c655bd2b412e4

                                                                  SHA1

                                                                  625b6164694d6cd3dfcb6b1774f283c9986fe4a7

                                                                  SHA256

                                                                  d416bd4d4a850e396bb07f81627d44fdd19bff40de31f3f6aa8da1d29cf7e577

                                                                  SHA512

                                                                  ce1de38716eae28b19df397ca0df0853aa89c7634600d1234f2fc7c2bd28118e90f0db0a1f24e9134f20772435c4ea92a361a57cad15e617303d2c5f9025ef78

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  872B

                                                                  MD5

                                                                  d5dcf007c81b07a09d9a06c9a5987475

                                                                  SHA1

                                                                  064bdfc5a37073a03d3f218d27f5a95cb8f25c77

                                                                  SHA256

                                                                  a99e4025f5d433049ac521f43416e4ae5d8a25bb7b0901a8984378b844c046bb

                                                                  SHA512

                                                                  91c7965a2c429d336876b6c79311f6ff21d6a9d045e6397506c7dc81081b9ef511b653a5f06dce04cd18f46adfdd217b21eb83d7d415a34b87c72d6bfaaa7f9b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  280B

                                                                  MD5

                                                                  19a88bad99bffbae6102e191cfedd75b

                                                                  SHA1

                                                                  df476b325df883b73eda1b2349bab45aa22e808d

                                                                  SHA256

                                                                  0d576dfbde1712b7288e4561e3eea75ffdad84dc50a77ceb57a6e9c37d60465a

                                                                  SHA512

                                                                  9ec5eb487d8c8fc8e283a94bd43afd740edc4df6a4509d83629416d040586bd42330eb0da6dd41ec1e5550bce9a6643319ff8584f8638a9cde9042fa406825fc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log
                                                                  Filesize

                                                                  625B

                                                                  MD5

                                                                  8f4ec3efb4dd3c550a90c9a30a27d9de

                                                                  SHA1

                                                                  227fd7d42d8ee3d693432c12578910d63519d76f

                                                                  SHA256

                                                                  3bd88c6d2468bbf00363b87942b911cd2dc8fac33f5f3c4132da4657b2c087d0

                                                                  SHA512

                                                                  938486ed73a4be13a6d862943d6f93fc3f9e3fad82bfc2d5b43e1ea24f0ae9e5762de6c12ddc8808ec4b477232b87853a12d8b4ee1bfcfc0166fb5903e85b3a7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT
                                                                  Filesize

                                                                  608B

                                                                  MD5

                                                                  dd02ba354ae0de269abf07e65deb6a50

                                                                  SHA1

                                                                  7961fa6875be3f34029ff11991b1fba6e8270cb5

                                                                  SHA256

                                                                  525956ae92551de71863d291d5c2b452c879ba91cd98fe370240bb6083eb415e

                                                                  SHA512

                                                                  3df5a865e07f73667add4f95df1bfa91396f8ffab95bd7a7fcab17179ce57984e8ee35299f58974c2677d769111f687078e738a60b00f77750afbf5bd5266408

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG
                                                                  Filesize

                                                                  899B

                                                                  MD5

                                                                  41e76b1ab5e9b9d0b92389f2cbb11db9

                                                                  SHA1

                                                                  0e4f11e029c1c3453087c14223cf63183511f82a

                                                                  SHA256

                                                                  fa85363f5942d2d582a5c87d1a8567475bdaa03cb58f97c46b1aa710ad63e157

                                                                  SHA512

                                                                  f0d9a518d4e175a7398de9cb47670b2cba635d7284640b1cfe6cbf02b32e9a6d7077043b293cbb41093dfa7b05b7040d29ab82e1f656f0d04d57b8ba34e64b08

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001
                                                                  Filesize

                                                                  633B

                                                                  MD5

                                                                  ee3752a76ec1be39e50c8d204ec3d916

                                                                  SHA1

                                                                  cda1d8c100f6ab3dc5c4b21dc90e648ac958b700

                                                                  SHA256

                                                                  77a361075a489caeecb73a90607997e3664eab11c42f9619a756abce68f9fda8

                                                                  SHA512

                                                                  6715bf429346e5f645f6365f1e953c234d2f781702c786cff43ff9d9686e486b09865126e4fce0b16de9ae0bacd06c6c214b72a88adf41c91681205e43f42683

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log
                                                                  Filesize

                                                                  21KB

                                                                  MD5

                                                                  b47c8231eb482b87780578d63c58bac2

                                                                  SHA1

                                                                  0a996ce32246a123777e42065c8554b3587097d6

                                                                  SHA256

                                                                  3de87dfa7a3947b0253612ab5af981f21fd281279de9514f8911a634a5749882

                                                                  SHA512

                                                                  bb4a793119d2ed6282997b9340962ae23d5bb10ad1609b4cc55083a83c70509bce6cb773cf9dc5e813d099c13c8ce9784b7187f6c82ef0bc0437b1a1caa86b2d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG
                                                                  Filesize

                                                                  923B

                                                                  MD5

                                                                  2150c29895935d033fffa9b8de1a4427

                                                                  SHA1

                                                                  6ad0fa86f18911b7dd7b4e316fd6e2432d3320f0

                                                                  SHA256

                                                                  a266c78f6f9d77d5d6f25bd41a70a59410db32969365b9aa80f9a2af706c07a9

                                                                  SHA512

                                                                  0f319c6d11a705907ae08e68e7a6d878f13c720712124031bbefffd61f7a84e37b9f19e08b7489aa79142cda165ac2d2552e149c6e0a421178f823b4dd0fd248

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0
                                                                  Filesize

                                                                  44KB

                                                                  MD5

                                                                  473bd29bb96f79dc00f0d44e3187830d

                                                                  SHA1

                                                                  88758648bc56316b7767bf66c120f640a69315a5

                                                                  SHA256

                                                                  213a3f481f60844e23c75ebd88225fa8a4c3f10965935f7aeb7198749ad92114

                                                                  SHA512

                                                                  841af29351fe2364dc3e3af4daafd17ed1aaf3071fc80f063b3975d15e00a2bd6c7a1c544bd48b18efe8fa34bc0b838e2b82fe8b23ef47b11cf98d8ebf9c2d34

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
                                                                  Filesize

                                                                  520KB

                                                                  MD5

                                                                  6a1066ffe7cf0f7d59a9042a1292cb42

                                                                  SHA1

                                                                  593704855d5c5fd81b73be4808324b7c7695a8f1

                                                                  SHA256

                                                                  c39c5d6905551dd3316f31ca913cfa4bfb64b9135edcd5b6e8bafc606b63e9de

                                                                  SHA512

                                                                  fb160c123c27ec9a3596c9e68ce77e7e9fd4a3415ca1620872412682ad11a01a3846e23012dae0aa81e3b6e722ce118a435715eb5019f867e8e56f307c932aa6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2
                                                                  Filesize

                                                                  1.0MB

                                                                  MD5

                                                                  556cc348f7a49c1119dc37f0c72dbbb4

                                                                  SHA1

                                                                  ea3d90da902da6077c7d12a7b4ddd45ca26df58b

                                                                  SHA256

                                                                  e3026aeb46cf492f6932bdf72aed4dd48948aa09c536d48a08b4081e97ff2737

                                                                  SHA512

                                                                  443c1436726e344b348517f00f9cac1dbe95e0a047966f0e57e912261c7d21ccdf1ae8379381fc75bc85e66ead3368d816e5dcccaf0b000c671fb1efa1641b92

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3
                                                                  Filesize

                                                                  8.0MB

                                                                  MD5

                                                                  237c2489a3b4ea17c18054d556d5e711

                                                                  SHA1

                                                                  a343d2f7bc2457940c940434a17098f0a604a04d

                                                                  SHA256

                                                                  2fd50fe3f75b63232ce38552bcd6d44766fb16e10ed850ba23d4b4d3cb19720f

                                                                  SHA512

                                                                  bb69eb0cde5cc16f4f52141d66c53bd29aedd0f0f89b0c2dedc5d5fcfb2c3df52977d3b46d6b7fcea42571277506c4c133a036d16277aa8c7f824e95ccc32f02

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067
                                                                  Filesize

                                                                  445KB

                                                                  MD5

                                                                  fc26ab2d595a7b6b40fb2eceb55eb5b6

                                                                  SHA1

                                                                  2b0c4ec402559a123db300e0d75042b85b498147

                                                                  SHA256

                                                                  30d41f4f7fb3c460b62b2910bb3f0922f693bcf27dab78cc6a25fede85daef29

                                                                  SHA512

                                                                  4fdc3ad9668b4cf2e8ef8ca222edaade89b02b53b0c026e9b8bfdbf5dadc338a9f491b0c597c343ee9ce8cc47e17167812becd6327580baed22ebda9fa290aab

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068
                                                                  Filesize

                                                                  125KB

                                                                  MD5

                                                                  565628ea1066a58d295f2552acb9ffbd

                                                                  SHA1

                                                                  0766ae175d1d2e6b51d3b0f3b4407d0557738301

                                                                  SHA256

                                                                  6b186c947fe567cbdbb48029185ba3b4210af9ccec43eb190a813c509bd1d896

                                                                  SHA512

                                                                  a8fc521c4b217bea66b0a5cdedaa4478ce0d39a702619d2f9acaa050d9724a650c35011fffb08e82b13b52ad9b39a77a49785255f238bd96e4c09ac5f1b53629

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069
                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  ffc5b03ddf23fb80e9b9490857052836

                                                                  SHA1

                                                                  99e924373bfa47e7130edc4a6dfe68d000deede3

                                                                  SHA256

                                                                  5b6c3dfb673274e9eca762d38b9dd158cd5177a2319a3aa70164d344ebe23a6b

                                                                  SHA512

                                                                  0dda5222e8c0932dc049a80179d9af76d9f7569636f3ca38bd7fb3a6f7141c80bd2244d8b033d117c69915a78650b7c52c155c81c7f4466a53b4c07f778f1c50

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a
                                                                  Filesize

                                                                  122KB

                                                                  MD5

                                                                  75b94127f27d4c5b77d499b5c4174a1d

                                                                  SHA1

                                                                  dddc1034b194f93d7116fd01e227579846390863

                                                                  SHA256

                                                                  f5e33b995292edaeccfa0fff7b756fc284e5ba9746d4de776b3ffdc5490af96f

                                                                  SHA512

                                                                  7420dd2459a0129886be73b10377f5b6bc56541275969ee069f3015bed37a0c43ae94502ea380cf0f51edb07a548504b1c96bec156840be44685aece1ba40d95

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b
                                                                  Filesize

                                                                  49KB

                                                                  MD5

                                                                  eed1c95fcce3dc188c8dc422fc9890a2

                                                                  SHA1

                                                                  331e21784f3e5096327ead07b904877b82d71214

                                                                  SHA256

                                                                  a2ec12ad880eb6d871bba7b6d5ec07146b6bcd13f47e33b7add8232eabaf23a7

                                                                  SHA512

                                                                  64d67936ff5b9d3a4550824dcce5acd8b9754408c2b9dba5f0aef0cc8e66e39df9bfa605dd2a5f4c7d3d11d0a7c6de502ad42f4b49e6b4d2d5f4526b144faf2e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c
                                                                  Filesize

                                                                  70KB

                                                                  MD5

                                                                  d205f03ae5405a355e72ba46a6e7d550

                                                                  SHA1

                                                                  a38519914099b5da51717c2977adc46f4b0ea819

                                                                  SHA256

                                                                  2acd74c307ff872f990c8efd0179dfeb8f3322ea8a28c2273a8318e567fcf3ea

                                                                  SHA512

                                                                  102d4d63aa825a0418a78f1067192dbea3455bf3da0c1485ab756d98535aa722077b2030377e4eaaab78dfba626d22b41809336d91ee2520320bfddb3d6f0503

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d
                                                                  Filesize

                                                                  366KB

                                                                  MD5

                                                                  4ff4a95fdcf5f1b153d5d3a52500a690

                                                                  SHA1

                                                                  fca902ed2312089ea19ba5fe1e0926a19169d43b

                                                                  SHA256

                                                                  629f250945821266d877942011c058c1d6a253de04ea485ff4b8e22fb46237e7

                                                                  SHA512

                                                                  e5e536a2f2b3cbac0a5faa9524a3db314441d9661d173373471770b4f1efe0d2fc6a2ed68759022f133cf860668975d7d5cde691116c1040377f73d8d8217a78

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e
                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  389933dd1a1eca3025454340ad433c00

                                                                  SHA1

                                                                  2183f63000e82af7d5a8a91c90a8bd21dc615a4b

                                                                  SHA256

                                                                  01405dd91d774053320201059ac200601833079839f02e98e5b3a913b9096374

                                                                  SHA512

                                                                  1b080d79a115298fc317c67404e37e1cdca8dd8826e486c01fa470091c4ed63538b2da7ff954aaf46c693617306fab3cb82524b7c11c28c7a7c67ffaf150475e

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f
                                                                  Filesize

                                                                  65KB

                                                                  MD5

                                                                  fbc239b0b44f8f794ce3a090b6d6ba2e

                                                                  SHA1

                                                                  b7cf12f14e40907b3755849d4decce87ba57af22

                                                                  SHA256

                                                                  c18c9a553e08f73d973d5a7e27482ba9f896456c25c415583e0e677454a31afc

                                                                  SHA512

                                                                  a972dc464b0ab5f059e04413ed590dc13ba0117e9f69a3a436c21d3ca37815e4d23a79a1880baf60587d126daa583c2552afb016d0fab2792275360b84a1a087

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070
                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  aee51e50bd53e3fa86ee25b53cda10bf

                                                                  SHA1

                                                                  f33866a8ea929e1ed6bb30684a7acc74808cfe84

                                                                  SHA256

                                                                  f78f88ea900f332cedcf8126da307eb9d529387999f4187397e764011f48f0c9

                                                                  SHA512

                                                                  f6088a0b3d22a179fa89d0a962a1cd754e146474f3729b4d33813b2109a1b90300ec381134a28627ed177bc68292f888d5f97580f61fc29466b868c4db3fe304

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071
                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  c7c40214494454873c919a4efda5bdd1

                                                                  SHA1

                                                                  18aeaf27a06e3e53938fb421fa242a2f65cf6ede

                                                                  SHA256

                                                                  8c0da1ab0b6b244ab9603df895b6b4edb8b621c4f6f22d24d1286cd3b8fd3f8a

                                                                  SHA512

                                                                  3a0ea7eed4bef479d44917ac8234e8b974c7d9127a3f5b716aabd1b047aeeb0e03c120f68846b007d5aced4e787bbd4c28a392a8bdc7180a36ee2f927c2e24e0

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072
                                                                  Filesize

                                                                  30KB

                                                                  MD5

                                                                  ee133f8cd1f89662dfe27aa8ab2020c9

                                                                  SHA1

                                                                  27c95a48af662af0a346092ffe8fcb05826d9cfb

                                                                  SHA256

                                                                  b4a6a9ccecee94d2e16e777323b404b1b9f2376efd9faf91537f92d0488652f9

                                                                  SHA512

                                                                  12bfab9c1fdd8ed6bb62240fae3a2bf0bc844aff44c821c370e5a0eedd8f258c14eb3eb7dd676a6cdd9ed8b692653471da2044b23edf9ac5feb3f9fdbeed2dd3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073
                                                                  Filesize

                                                                  78KB

                                                                  MD5

                                                                  6c96a4b1fda96754e3dbe1e2a40384d6

                                                                  SHA1

                                                                  676575e0884645ffee0cabe745727a5ea5e0132d

                                                                  SHA256

                                                                  6bcc5a16fc071aa5c5e64029fd493fa7df697746f50e842004a753d3e0540a2a

                                                                  SHA512

                                                                  ec7d279f576c7f6aee3224306f6d750419306417a16488c283322730336d3899018311dc1f433e7f33a2308bf5478f0c8cf77667ddc63cf5ac0d23f95cddece6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074
                                                                  Filesize

                                                                  116KB

                                                                  MD5

                                                                  0bce0b4dba1ffb0c4b011dfdefb09fda

                                                                  SHA1

                                                                  94283ec75e62125c6590bb8430ae80b317f8476e

                                                                  SHA256

                                                                  d9c56061390b788c3fe6b183e0d50ad702242469239fcbcdbc455aa51d5efb8e

                                                                  SHA512

                                                                  888db1f1af2b2a31e328bcb079ae7b900737d8fefe054a66573b6a23ce74efa6df493f4b5a447fad06c92bfd79f528d0d92eeba687debe45a73199313ecb3ad3

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075
                                                                  Filesize

                                                                  62KB

                                                                  MD5

                                                                  e2227d1a0b621496521e0e3fb2465aa6

                                                                  SHA1

                                                                  ba8c09288956676dbaf77f83adb3b1f3d52bc671

                                                                  SHA256

                                                                  4a73012c3cb9979f74eb965087430a5bfcc6d8b909cfa177fe3bae1ccecf0f6f

                                                                  SHA512

                                                                  ad3af829c4140f34763a23d535d7635647a3accee5db67a4f72f28a91e103cc828204711d5a4a4f07ba92eab44b0a1b84da11dbb905ed92cf2eca7bab77ca407

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076
                                                                  Filesize

                                                                  115KB

                                                                  MD5

                                                                  c41c14a4f43319f0a498b20653e8e493

                                                                  SHA1

                                                                  9af5785560f0cce4d37db9f38becc7ed6ca7dea8

                                                                  SHA256

                                                                  1aa2f610b0812514e06f2683d309ef86916e8d1ee6108134448021ba2d160868

                                                                  SHA512

                                                                  1ef97625062b236ab5ce5de11ca67121a8a299224e99f18f83dd93164fcb6c5b1289919f3fc31d947f7171df349fea27006b6b33cdb7ac9597987fa7657252e4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077
                                                                  Filesize

                                                                  318KB

                                                                  MD5

                                                                  d301f5b772dc193fbca8d51b02f0205a

                                                                  SHA1

                                                                  2b8f14fa0a1b87bcf1dd942f1c14790ee6646d72

                                                                  SHA256

                                                                  fdae465f72db4f6a2a116f113e3b4e3dbcb5e5d83c020bdbccd715444dc62169

                                                                  SHA512

                                                                  f84379c12e268541b993eebf53f534a534995601fb74e399dde3a540a1a658a4701f5ced08737b831a900eed6074081e618393c5acf186deeb7ee6c4230b4f2d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078
                                                                  Filesize

                                                                  27KB

                                                                  MD5

                                                                  e5566ce77d5c707b9ca758a48477ce7f

                                                                  SHA1

                                                                  7799850e1a77466816fba900332e352f3d4d05d9

                                                                  SHA256

                                                                  1a0d8ed22e149555887e20cee8f4078138b5c81e057aa182928e9d58d9b72cf6

                                                                  SHA512

                                                                  90ebebede5456167c371554e70e8e860a339324c0804be9557c923f7ac8273a91ddaa06c100355b8f4b9bef297f661e827a731a46852da4e630d680e76c9eb92

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079
                                                                  Filesize

                                                                  474KB

                                                                  MD5

                                                                  d813991adbb9db63964c5355d7795506

                                                                  SHA1

                                                                  5de4db0a62f5faf810c013871d32957a74450a9a

                                                                  SHA256

                                                                  91969aeccd35d84d1ecdc0a69677b365090c037ce89b76e2d9f4b35bcb3fcbe9

                                                                  SHA512

                                                                  80df8966addc212c1eb2f2a80c140172eeb100860e6a9484c5818c1e0550cad55ce40666330d11d7c7c2483356ebc8bf1c1383c56412ec0a61b03bcc4439dea8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  8d41f968d0350369716dd4497e3bdbae

                                                                  SHA1

                                                                  53dcd10934b38927aab90a879c17fda6557dc712

                                                                  SHA256

                                                                  f7e07515d7b09d9244bceafca86028fa3f65c10aae60923a8f48f3ec21111ee0

                                                                  SHA512

                                                                  012d509b48b1e9e8631cc9bea61d88d26c7ed0d3a88dcb64fef4e966ab64f5195b7c1dcc8ac1001f92885fdff07dd57d25a59dfffe119a40f80ca295100d958d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58535b.TMP
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  3724302bc8a274b7452bedcf125c5034

                                                                  SHA1

                                                                  db9266e348fe4f4fa2766a80f43eeed0099c47fa

                                                                  SHA256

                                                                  4f8a9adfed3988a00755d081f418dc6772d48edfd6d5f035d0bea2e5c017c7d7

                                                                  SHA512

                                                                  f5464784f703611557646ba4b8a437d20ce115abe5a37575dc3b85cee881d3f1c9ac427571f1a59070723b2bd1c121d9bbaa2abf6075245010c7db2b2c6ddf28

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                  SHA1

                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                  SHA256

                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                  SHA512

                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                                                  Filesize

                                                                  107KB

                                                                  MD5

                                                                  40e2018187b61af5be8caf035fb72882

                                                                  SHA1

                                                                  72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                                                  SHA256

                                                                  b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                                                  SHA512

                                                                  a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                  Filesize

                                                                  4KB

                                                                  MD5

                                                                  559c9fa18ac57fbaab0502568608a1a9

                                                                  SHA1

                                                                  4ebcb3f0dacdb4e11f776cf5e6b0518a187b4615

                                                                  SHA256

                                                                  d7911a5e1fe0b3d70dcf3822f350bef6ef46c21f9683b77d04c4d0846fc19bfb

                                                                  SHA512

                                                                  f7397e564558f511efd916094780ce24956886e4b602465d1511f5f556cd01dc601f6529fc3515f796ead4a9aaaa875d31ed7203586aa04beb0e5df4c64b3a3d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  d751713988987e9331980363e24189ce

                                                                  SHA1

                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                  SHA256

                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                  SHA512

                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                  Filesize

                                                                  209B

                                                                  MD5

                                                                  52a3fa0d3efdf2cb9976b7e73428157f

                                                                  SHA1

                                                                  f1830bcbfc0bc820e1c51efd7a1d17b915b3fd46

                                                                  SHA256

                                                                  04a60a7db5b1905c208dacf53ce7dca0bfd81014fda2a7be1f630ec8455c7ecf

                                                                  SHA512

                                                                  54ac96a1971195326feed4e80bb7333330383dbd8c9ce5ed320faf030dec212209082c5d87dc532e5296e8213c3b9ce23e3fa3d80aaa3e2e57b331c93ae19a61

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                                                  Filesize

                                                                  40B

                                                                  MD5

                                                                  20d4b8fa017a12a108c87f540836e250

                                                                  SHA1

                                                                  1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                  SHA256

                                                                  6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                  SHA512

                                                                  507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  db0a77d14a074c917113a8e6faec447d

                                                                  SHA1

                                                                  b4043037bc01957e8ce05f95894b8b93ede18e8c

                                                                  SHA256

                                                                  d5efbc4c1a419547a451d5fcd87a614a4aab35c308e8a5523ba1c39a8a4fc3e8

                                                                  SHA512

                                                                  17c1d6b32f08d964770dc23b43118c82e7dd4882769310c6c333669df3d9d08cd1a8a349dac3a73158ff66c16ec11858591bf6ad5e37ca082dfc110ba7a03254

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  abd7a77e36d3c68090035a970c93886c

                                                                  SHA1

                                                                  ff3867281e1ef6fc9eac9377f2c34d08cadbf438

                                                                  SHA256

                                                                  ab678e98907026e45ebfcc09780e533e203c1412f6f5a906470865f28ebf1b60

                                                                  SHA512

                                                                  dff82ffed280d20ae398e6ef97fae0f9db72ddfa10c31db151f72b8e35b749f9738b54623fa8010d1312f686ed7e4549688f666b000be5cc01bc0fd12d1b6b24

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  5d5b0d5882b61337869ab0c9d76191d7

                                                                  SHA1

                                                                  1f24598ec36fd03a3c10b746953c67a300d35b9f

                                                                  SHA256

                                                                  0fa4aed5e2843cacb72e9e56137472f0a372952279cc1bd6122ac22bdd9f0ffd

                                                                  SHA512

                                                                  d452c06e9e0cf054eb96a3e5a23c5735347a2df98afe64c16520f56bc475e400b5f7876f3a026403c0398e68800f8d73b32ffe8d11a6e383bfc06ef2930a89eb

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  15KB

                                                                  MD5

                                                                  02b095e42569ba7c11f63d0e9a26c285

                                                                  SHA1

                                                                  12a0586f7199ab92d1e0e9b6c0401282ccfe185e

                                                                  SHA256

                                                                  7bdbc1378eb37f06c6da3deef18a5dc38dc77aefed75dcc1156f26d2abbc7d3d

                                                                  SHA512

                                                                  7005a5d4716c6aa726851b6e866d3f5db13eba8c833eab45055e44afaab9c2fa6c89cc419f818de42226fcc50cf9ae4aadd96f6be69c37d3d562d6d47f394602

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                  Filesize

                                                                  37KB

                                                                  MD5

                                                                  97603d07251197e00f9d2c511ea7d2d9

                                                                  SHA1

                                                                  0166d4770726cdc915b04ad16ddef6602646e38c

                                                                  SHA256

                                                                  cf12c89df1671706ee3dc61290eac8af48cd1253e302e44bbe4cd6c5483da107

                                                                  SHA512

                                                                  5a82c74a1f1674d2952003968463581f02e6a53bd0738ae09a0fdcb28797bdd2c8195a5b50c48864fdf3f72c4b7a7a3991c819679a42cd05f98c9849e254c991

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                                                  Filesize

                                                                  22KB

                                                                  MD5

                                                                  c20803174ef0d76a7496c057abef64cb

                                                                  SHA1

                                                                  64fb7fa7eb04641aadf0d9ade36c5797de191fe4

                                                                  SHA256

                                                                  54e63b59bfff51c744a8574afd457769e7c63d6028180f57adad8b8bf03c4f86

                                                                  SHA512

                                                                  17a35859d2c33e547db0c76da5d3862931486c61d0c5c67588316c5613cd9143fe16d6ee29587fa3d97266a38dfc019336955cddd30604cfff0ca47e60cb17d1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json
                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  9915a2c7d6bb044988999e21006cf5ca

                                                                  SHA1

                                                                  73efe48ab9fceb3758cf20caa9f36f3b1ba1830d

                                                                  SHA256

                                                                  554006cad9968b3bb6e30ca3cce0ab793dee1340e014d41897b2ec874950e796

                                                                  SHA512

                                                                  0ce2994797b92017d07ab5a3180c6c209b954aec7306eb7033bf6c5cf9b31d74b64a2f8a42796fdffb01bd14dd053729bce889e06269040e32c915b11d678e06

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\75f8b68d-53fe-4d7d-892e-07ad1bca6ec7.tmp
                                                                  Filesize

                                                                  904B

                                                                  MD5

                                                                  6cc485d7be1c9082757773fe2497c441

                                                                  SHA1

                                                                  7e7a6108b4ce2954b5389ad8a73d9a176595251d

                                                                  SHA256

                                                                  a1a0dc05a3e450dd7a9bcc45fcf9e005e9c0808509e6bf1780aa5ca8a50b2c02

                                                                  SHA512

                                                                  7b33072fa008fcd9865f0c4d4dd928bc44d6fec66e6dfd2aca8c9f8499026865a701d8f181cf69b60917d14d640dda2856b85bfd734477180e932c10c2beba2c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                  Filesize

                                                                  469B

                                                                  MD5

                                                                  c477eab9e23a34a573e2fd77da7c9a09

                                                                  SHA1

                                                                  1004c3c90fa0a42acee5123ff7201ee38e9b4074

                                                                  SHA256

                                                                  89af9071ee026819a0674a066ab92aa61f1e52ea60f72ee03e247556ea35e11e

                                                                  SHA512

                                                                  d028980d2c489231ab17f558297c43d7d1126f18b2654a88d7739976aff74ffe20e3164662d55302d727f19b65d103d3f7de95ef42567a68df983f4a2a3e1ee8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  460f9cd7ebd722ea91f84821f24abe88

                                                                  SHA1

                                                                  8f8aa041318209672bf11858b95ce9537186bd59

                                                                  SHA256

                                                                  39079d660ead3c241f29f735fdaf2045d698ed36517b71549b2f567629098d5b

                                                                  SHA512

                                                                  fa40e2dc8b3fc954b68c2f28e8306d622a47799acb4beff44a3d66cf0f6afafded10063c5b80663bcb786cd994cd6c1b255e8fa1c612393d5f36c485b2a09bd4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\aa9c28d2-13bd-4be0-a4c3-4abacc970469.tmp
                                                                  Filesize

                                                                  19KB

                                                                  MD5

                                                                  41c1930548d8b99ff1dbb64ba7fecb3d

                                                                  SHA1

                                                                  d8acfeaf7c74e2b289be37687f886f50c01d4f2f

                                                                  SHA256

                                                                  16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

                                                                  SHA512

                                                                  a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  55KB

                                                                  MD5

                                                                  06c9d44529b54e618675d23014cf55d5

                                                                  SHA1

                                                                  50c22c2961eb37956b8b3e2dea40bb92c873d946

                                                                  SHA256

                                                                  9d6be51d7383e31b88f953e9c9f9a39d922ca2d4f1c18d7ca3ecf1a09ddb4bd5

                                                                  SHA512

                                                                  cacb0b7441b47c47045662b4ca9a62f1f06334e64cbf0a000b3f9df28938bd96c0e5840a10a2c70076c709a349c4c53102fca546371ae922422b6e5b08f429f4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  41KB

                                                                  MD5

                                                                  a2cab1b5235e641cff790d88970c13cc

                                                                  SHA1

                                                                  5abc6f9409eb5043fd9aad9891446ad324599809

                                                                  SHA256

                                                                  14a45973819b46767cf163c0714f0445a7c81c710832eedf4d896da30a857d9a

                                                                  SHA512

                                                                  2cfe5faddab060f2f7558b9da8a8e1a1f13ab9f0a1baaa075dc57945313e1057ddd2359669def0b47517d30197df6f82155ce99e1c098db20aeea5b15499dd43

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  50KB

                                                                  MD5

                                                                  14214f80d13c3ed8eb60754f6bfe1f52

                                                                  SHA1

                                                                  ace6f15db56b28d7d2ba7f8d7d55e3881e21e05d

                                                                  SHA256

                                                                  66ee7f4e3f142043624b43323aed361213d99fe88a5b5eeabc1f24e780cd5102

                                                                  SHA512

                                                                  e0b52c8d5fb19fdd038828313fadd10e32e1b4cee3822f49e8acb4ccaeffe0ae6a8096fb7b379314f6886f6b28053e21a2a13fdc1da7535c35bc10ff6cd3f150

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  50KB

                                                                  MD5

                                                                  637eac7a2c86de6abe9fb534e5761af7

                                                                  SHA1

                                                                  49a00d357f736eb5f9c85e471cce319a33cd82e0

                                                                  SHA256

                                                                  314b185509f169ffe6592aa07710c388a29bfc2ebb91c734fc81a2e1fda0ea81

                                                                  SHA512

                                                                  829a35f5fed7a2b9e41d41323c3c8189f49200fac965c68f3c0f964ac0b7e9d0ed0c7cf1cfe66b4b4db5eb13277513921f838b8f9f23716770d9a25647ff6af8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
                                                                  Filesize

                                                                  392B

                                                                  MD5

                                                                  7e8a8594ec9e60a4ea07004f0f4819ee

                                                                  SHA1

                                                                  07ea0b92a34d524e2724533b0315288303837e6b

                                                                  SHA256

                                                                  1ec0c02d6e4ffa2d3244be682b4c3dde3346bf31671f69d2426f2b7694609ef0

                                                                  SHA512

                                                                  a4f61e2e7b9ab1985b1e9b87ddfe6855f9b91fc2e562c9ee343eb48054dc00934bfc8da76f7c00a280edf6b1d3ade7c4f6f012686f45cce6325ee71ab03489bf

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe583081.TMP
                                                                  Filesize

                                                                  392B

                                                                  MD5

                                                                  9d62525a93b96116a837d3743265a1ac

                                                                  SHA1

                                                                  41d7af3e3cc2350aab396651a3867b9107f15d74

                                                                  SHA256

                                                                  5d5de90a5ce8128b2828433482110ca4440cd073ad2658a9c1af391f5985a75b

                                                                  SHA512

                                                                  5167297655cbe971be4c6613ff82573098a057a02c5d746e364266135d0638b17b50d45d39daea5f7df2b3283f055fa040a8f2a672237fc1c2122bdf17736fe8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
                                                                  Filesize

                                                                  33KB

                                                                  MD5

                                                                  d19e60bbdc313dabab262e6142531273

                                                                  SHA1

                                                                  f20f45126747ff2c86722efa9f1da0ac82b7f47f

                                                                  SHA256

                                                                  886ce2c8777a3d411185ab3066c3824ea0a045c328e3f3a008c63c0706e56f7e

                                                                  SHA512

                                                                  698b9eaa0e7b4246ad4c60d93d77928f7d7ee4ad3bc8de3a6d045b4eec0a076847c397b6aff27ed2a52333f877d87d3f2dd4da9e2d43bdb776ea00ae08ff1f5b

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
                                                                  Filesize

                                                                  32KB

                                                                  MD5

                                                                  d9340bf11c8f6e3d87ed46301e6db0e1

                                                                  SHA1

                                                                  543f8c90191cae56201ea83ad06e0a09c7802620

                                                                  SHA256

                                                                  644876b4121f157f7216e5d2c12706d798c31ba1cb4805289bfc750ceb31e94a

                                                                  SHA512

                                                                  5cda3180442a4cc4dbb253932fddd8638be6b5c3f1f1326fcc4ae3ec9b9157e154e3eadce43f238e90bddfd9f819745ae07958e6faaff3852b3d47000c57406c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
                                                                  Filesize

                                                                  26KB

                                                                  MD5

                                                                  eafc02315d4f96a1eeedd03897341820

                                                                  SHA1

                                                                  64f03a3d38609b449a3de5e216e2b2da947e1732

                                                                  SHA256

                                                                  fc00cb73828ed9bc8499ba4bf373bd5b2213060a6ce5045e5d045f0ddc2f918d

                                                                  SHA512

                                                                  ed4e7b87b7998d4642fce946e261e14138567d18b07cd796a2514d86ebad0a23fc9af3bc46aff6d51f0afe7736ce1cdd0225181568a9f6d7a1d04692b9db9f5f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\55NZQU9U\www.bing[1].xml
                                                                  Filesize

                                                                  328B

                                                                  MD5

                                                                  e4267d7f048a1f8d6fa84b06f6cf66e7

                                                                  SHA1

                                                                  0392c55d6cd6855f53f2876af07292dd6a3c06f4

                                                                  SHA256

                                                                  a3085c69af34970e7685917e03bbec04458e0a8e1c7cb2ce9a4f1f93b81ef51e

                                                                  SHA512

                                                                  4422f1a052e7e0f708d873cd8c9c346e252098fb66c2edca2bfc8bbbcee6e82a30315917419237697ee0a03292e0839b002626aa10df7c15628bfa5bc961cfce

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\55NZQU9U\www.bing[1].xml
                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  0468090157acfc9d3d329562dabb31c5

                                                                  SHA1

                                                                  efc3278fa2c8286de1ea7a21a1ef388c511a9e1b

                                                                  SHA256

                                                                  bb7d5b6980c89576ed18786060a2eeb136dd38fde232f6267f1267e32d818f21

                                                                  SHA512

                                                                  63b633335601c9a80add9e679f4d32f8c5e9af3ada505d7e5d6db004b1de1de691e28e0f59fcd5e0bd4f2ebb9628996f66e1ed7a30bb12728358378bc4085f53

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat
                                                                  Filesize

                                                                  25KB

                                                                  MD5

                                                                  e41c7c7b4dddaf560dec9f2eb9075209

                                                                  SHA1

                                                                  abab5a0506e4e3fae015fcb19ce34466c234d8d8

                                                                  SHA256

                                                                  836b973e691661e5192950189bc3bc722c0d1098f79d96dd30279210db5c275a

                                                                  SHA512

                                                                  9a1049243d5a758b34119d52b0bdec1c75c1d5e0eb0c825c0b3477179e15e04f87c49be4ffecc07a9a6ae67a1accde069e0f6a314cf9f9e725dc8ecda6f038e1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat
                                                                  Filesize

                                                                  25KB

                                                                  MD5

                                                                  dd2678f95e9d788b5852126a95aeff71

                                                                  SHA1

                                                                  782a3f297f6a7e6cc409fd8d606761437e989205

                                                                  SHA256

                                                                  72746472f3e5090c388733a87e47c6b868cecdf28fd452fc4eca9aba092027e5

                                                                  SHA512

                                                                  7e6e23ff44bca08c25f00f69e42ab98c88ad0a42ec7f315b1e9a581fcd6bb860df7b8208700b3219528e00d5267968c2e11c5c394aa7fdb5a8416d936460f3a6

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchUnifiedTileModelCache.dat
                                                                  Filesize

                                                                  23KB

                                                                  MD5

                                                                  84b5f1bc195a6222f206b17e996603b1

                                                                  SHA1

                                                                  0977d729289199370a82df58e2a5979e9231dec4

                                                                  SHA256

                                                                  8c103258f8f41d60bb852ca9c6da03f32db9dde9b8c5a2a5e688e776619d6a98

                                                                  SHA512

                                                                  453ef62fa26666512bb257c5c9971ba0b87d47412a8b7256b62a61c2328141442c55f2f0183c7acfabea02285fb0dd8611dccce75635a3074857d0a6cf2a3072

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt
                                                                  Filesize

                                                                  846KB

                                                                  MD5

                                                                  766f5efd9efca73b6dfd0fb3d648639f

                                                                  SHA1

                                                                  71928a29c3affb9715d92542ef4cf3472e7931fe

                                                                  SHA256

                                                                  9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc

                                                                  SHA512

                                                                  1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h3q2uzis.nl2.ps1
                                                                  Filesize

                                                                  60B

                                                                  MD5

                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                  SHA1

                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                  SHA256

                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                  SHA512

                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                  Filesize

                                                                  2B

                                                                  MD5

                                                                  f3b25701fe362ec84616a93a45ce9998

                                                                  SHA1

                                                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                  SHA256

                                                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                  SHA512

                                                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\ae455890e2123a9d011e47065828b0a03c08fd66570fab9d0340d2f5d5eb40c3.exe
                                                                  Filesize

                                                                  1.0MB

                                                                  MD5

                                                                  205589629ead5d3c1d9e914b49c08589

                                                                  SHA1

                                                                  3c1d57a054f3bee458754c24de73af6450ffdfb4

                                                                  SHA256

                                                                  ae455890e2123a9d011e47065828b0a03c08fd66570fab9d0340d2f5d5eb40c3

                                                                  SHA512

                                                                  8b81546112a6f0b4c1390c0da318d3f7431e34e750ce8718e95c3c9da69e497aec617102e17244bce0439b11bc7addd64f89463c9f1ee9346f50717363ab193e

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\ae455890e2123a9d011e47065828b0a03c08fd66570fab9d0340d2f5d5eb40c3.zip
                                                                  Filesize

                                                                  415KB

                                                                  MD5

                                                                  14116f81f9bf4ba8697e6988cd9f26fa

                                                                  SHA1

                                                                  bd4b7bf8bfc3d6608cd53c4ef1a8387270c3dd5e

                                                                  SHA256

                                                                  937d8725936519a18fd6097b10a27d36e4a50270a3191b3f2671b3afc795a761

                                                                  SHA512

                                                                  3fbf0832f7621ffb30473986fa667951fc3207d0ffb1f063301718e14920acded953c137e56256200af58d841e178f56f8a136f5a14b6f299f29fa73e8b6b935

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\ae455890e2123a9d011e47065828b0a03c08fd66570fab9d0340d2f5d5eb40c3.zip:Zone.Identifier
                                                                  Filesize

                                                                  202B

                                                                  MD5

                                                                  518ad312db4f64d83ef8494cfd4e93c2

                                                                  SHA1

                                                                  98d937cad7edaa6601e2ae2b8330bc1c844012c7

                                                                  SHA256

                                                                  6b694a174e0fc4d89e9ace978c7724e253d6dd68a3fd3b52d5191815af2927eb

                                                                  SHA512

                                                                  87a436dc1048b3d3bb1c099ef09ec907678f67a91e8491e8c877d677f4237fe2563b44a8019fa5dfb66963a05c328f624fe85d3731a6a56928a347bb9e1ebe7a

                                                                  Download Submit

                                                                • memory/3120-600-0x000002C883010000-0x000002C883032000-memory.dmp

                                                                  Filesize

                                                                  136KB

                                                                  Download

                                                                • memory/3148-16903-0x0000020477320000-0x0000020477420000-memory.dmp

                                                                  Filesize

                                                                  1024KB

                                                                  Download

                                                                • memory/3148-16901-0x0000020476040000-0x0000020476060000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/3148-16783-0x000001FC633D0000-0x000001FC634D0000-memory.dmp

                                                                  Filesize

                                                                  1024KB

                                                                  Download

                                                                • memory/3148-17010-0x000002047AFD0000-0x000002047B0D0000-memory.dmp

                                                                  Filesize

                                                                  1024KB

                                                                  Download

                                                                • memory/3148-16904-0x0000020476750000-0x0000020476770000-memory.dmp

                                                                  Filesize

                                                                  128KB

                                                                  Download

                                                                • memory/3148-17008-0x000002047AFD0000-0x000002047B0D0000-memory.dmp

                                                                  Filesize

                                                                  1024KB

                                                                  Download

                                                                • memory/5508-16800-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16798-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16799-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16796-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16801-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16802-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16790-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16791-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16792-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download

                                                                • memory/5508-16797-0x000001D2689E0000-0x000001D2689E1000-memory.dmp

                                                                  Filesize

                                                                  4KB

                                                                  Download