hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbTNTS1V0bDdKNTZVbmljSExkcUVpQjBtOVpNUXxBQ3Jtc0tuWVVjcGZVTzBqMHo3cE41bUFlckdSRUVHRU93WjdwbUo1dUFrUUNxR1htUzlCdktsT3VodURGdmFMYWJKbXN6dFd3cFR3elJkcXRHX0lOUFFCY3FYRzBBMDBiREpfdTR2SzBBc3Z4S3J4MV9Xd295WQ&q=https%3A%2F%2Fenderman[.]ch%2F&v=xwJJkvIsEJQ

Resubmissions

16/04/2025, 08:58

250416-kw98xatqw8 10

16/04/2025, 08:56

250416-kwfdjatqw7 4

Analysis

max time kernel
812s
max time network
814s
platform
windows11-21h2_x64
resource
win11-20250411-es
resource tags

arch:x64arch:x86image:win11-20250411-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
16/04/2025, 08:58

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTNTS1V0bDdKNTZVbmljSExkcUVpQjBtOVpNUXxBQ3Jtc0tuWVVjcGZVTzBqMHo3cE41bUFlckdSRUVHRU93WjdwbUo1dUFrUUNxR1htUzlCdktsT3VodURGdmFMYWJKbXN6dFd3cFR3elJkcXRHX0lOUFFCY3FYRzBBMDBiREpfdTR2SzBBc3Z4S3J4MV9Xd295WQ&q=https%3A%2F%2Fenderman.ch%2F&v=xwJJkvIsEJQ

Score

7^/10

defense_evasion discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
568	[email protected]
4116	[email protected]
3068	Free YouTube Downloader.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\2503326475 = "C:\\Users\\Admin\\2503326475\\2503326475.exe"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\Desktop\\MalwareDatabase-master\\trojans\\[email protected]\""	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	[email protected]

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/568-2327-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/memory/568-2383-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in Windows directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	[email protected]
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	[email protected]
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\edge_checkout_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\shopping_iframe_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\manifest.json	msedge.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	[email protected]
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\shoppingfre.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_880048751\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\edge_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1246080404\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\edge_tracking_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\product_page.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1246080404\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\auto_open_controller.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\shopping.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	[email protected]
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_880048751\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\edge_confirmation_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_880048751\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_880048751\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1246080404\typosquatting_list.pb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\shopping.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\shopping_fre.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_880048751\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892675105908618"	msedge.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "139"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2316063146-1984817004-4437738-1000\{988E3693-D040-4B56-AAAE-1126356161ED}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2316063146-1984817004-4437738-1000\{13D582C8-EAB7-40DE-BB79-21D432516AF2}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2316063146-1984817004-4437738-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MalwareDatabase-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
5148	msedge.exe
5148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	5820	7zG.exe
Token: 35	5820	7zG.exe
Token: SeSecurityPrivilege	5820	7zG.exe
Token: SeSecurityPrivilege	5820	7zG.exe
Token: SeShutdownPrivilege	5920	shutdown.exe
Token: SeRemoteShutdownPrivilege	5920	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe

Suspicious use of SendNotifyMessage 6 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3720	msedge.exe
3068	Free YouTube Downloader.exe
3068	Free YouTube Downloader.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
6052	MiniSearchHost.exe
4592	PickerHost.exe
4116	[email protected]
432	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 1376	3720	msedge.exe	78
PID 3720 wrote to memory of 1376	3720	msedge.exe	78
PID 3720 wrote to memory of 3464	3720	msedge.exe	79
PID 3720 wrote to memory of 3464	3720	msedge.exe	79
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 712	3720	msedge.exe	80
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81
PID 3720 wrote to memory of 424	3720	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTNTS1V0bDdKNTZVbmljSExkcUVpQjBtOVpNUXxBQ3Jtc0tuWVVjcGZVTzBqMHo3cE41bUFlckdSRUVHRU93WjdwbUo1dUFrUUNxR1htUzlCdktsT3VodURGdmFMYWJKbXN6dFd3cFR3elJkcXRHX0lOUFFCY3FYRzBBMDBiREpfdTR2SzBBc3Z4S3J4MV9Xd295WQ&q=https%3A%2F%2Fenderman.ch%2F&v=xwJJkvIsEJQ
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x300,0x7ffe85aef208,0x7ffe85aef214,0x7ffe85aef220
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1752,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=2580 /prefetch:11
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2552,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:2
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2220,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=2436 /prefetch:13
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3412,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3336,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:14
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4812,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:14
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=es --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4652,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:14
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:14
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:14
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:14
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:14
  2⤵
  PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1128
    3⤵
    PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6140,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:14
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6496,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:14
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6412,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:14
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=es --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:14
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=884 /prefetch:14
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5740,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5480,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6760,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=5348,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6504 /prefetch:14
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7128,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=7112 /prefetch:14
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=es --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:14
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5380,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6288,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6936,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=7144 /prefetch:14
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6532,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:14
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=es --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6708,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6892,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:14
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5464,i,8715783299863554956,16982143358685287740,262144 --variations-seed-version --mojo-platform-channel-handle=8168 /prefetch:14
  2⤵
  - NTFS ADS
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ffe85aef208,0x7ffe85aef214,0x7ffe85aef220
    3⤵
    PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:11
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2160,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:5556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2512,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=2544 /prefetch:13
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4512,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:14
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4472,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:14
    3⤵
    PID:3836
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4472,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:14
    3⤵
    PID:2752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:14
    3⤵
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4560,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:14
    3⤵
    PID:488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4624,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:14
    3⤵
    PID:584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:14
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5116,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:14
    3⤵
    PID:1800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4212,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=760 /prefetch:10
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4024,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:14
    3⤵
    PID:196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=es --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4268,i,16068841590107728194,15702862504833940642,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:14
    3⤵
    PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MalwareDatabase-master\README.cmd" "
1⤵
PID:5884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MalwareDatabase-master\README.cmd" "
1⤵
PID:2864

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\MalwareDatabase-master\README.txt
1⤵
PID:3736

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6052

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\" -an -ai#7zMap2451:1352:7zEvent10744
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5820

C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]
"C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:568
- C:\Windows\SysWOW64\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /r /t 6 /f
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:5920
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3448
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:248
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:976
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3812

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\2503326475\2503326475.exe
1⤵
PID:5148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cmd /c del "C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]"
1⤵
PID:3040
- C:\Windows\system32\cmd.exe
  cmd /c del "C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]"
  2⤵
  PID:3208

C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]
"C:\Users\Admin\Desktop\MalwareDatabase-master\trojans\[email protected]"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4116
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SendNotifyMessage
  PID:3068

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
1⤵
PID:1784

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39fe055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:432

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
a098a0abdc14a5e201c11b1f0d330047

SHA1
d860ddcd58bf87058e95b10d12f84de4e1c10cdd

SHA256
6112734ce6e67afa0b01f00c2ef230017c4785d58f09f3b6ace2e5308e16ed26

SHA512
72c10f7c212b9eb6eebc7f129677b22afa7de01699f131f1425959a7dcc9978f0b96cf2fe773bec39cdfe54c3b79d05f45766149bffb6610144cc57a424751ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
332B

MD5
c0f65dba2423a62c3f51c7805e126151

SHA1
97cc85b6049b9c28e84071d8a3c774ece530000d

SHA256
bf323abc187c81bf4619cf624d36a69d251402a7d4795d36714fd6bfe79dca92

SHA512
1e511f0dd8816515a4f0e932172d791de358f736f8a0433b18e89a9d343d5af89184b9b558707fbe8633bbf81bd01016940f172f9daa199dbacd62d8734c7671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
80KB

MD5
1a1349792c698a87218fa5d41dde8023

SHA1
30ae0a2c44bfa5b33720851f28f244831ab1e6fa

SHA256
2b7929633ea1f1485c93276e9da2a6b21bbe430637202983f865249d6ca65738

SHA512
1b789a0c91c4b6ba0f3c09eeb42f76a275e3593c7225130508dc378ce2dce2d97fb36fb619377401aca52e8b58baaf23679fce4c6b24e4adf4f5caba508e7977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
c12cb6f7e901e1b236dba45050471f9f

SHA1
918a8844b002b2a2a72fbba39728d69d1ae6c307

SHA256
3c0cec9a974638ae21de4534f288e0a84064bbdff164046936cec54b4a351c5c

SHA512
75f5c8e1d64782d45d9a1d308d5ff88da469da9d8c51ea29afa968f9ef820ddc2aceb99acb59385923c2779a7b8b5ce72d9111c79f74425d9644f6a792a72fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
5570d1b735c6df95d97f7dbc2dc502ca

SHA1
c721bcd9024a9ca0bdd1c7364629a401935a02b2

SHA256
237debba9e21324f01e568a156df8d508f9c824a88d9c00495455e48f14fca39

SHA512
2f34486931a6bbf3c5bdd780aac43d3eedd619259c041bcb0bffc074598d6294384d30a1447c6d42d13f8ad3b2184ee623ffbcd3757116393740703f611986ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
12.0MB

MD5
6a81f36681d784508e31b65f40dcd027

SHA1
7363053f611d8e0d3da26bf958b4688eb6d825ae

SHA256
c06711920cf89dede7c181355b36c48050bd9269afd0071755964d4698031f60

SHA512
1389ee789ecc96b5b690a565f8ce17ff10d668fca2bd19badbe325ae7ddba1928abf07af1447e18bbe6e13cce058b3d79678e5b78e378f76c3cd3edb05084ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
295KB

MD5
2470a681ad4a0bdb8f07a8d0cc374472

SHA1
b9abe345611b623675b13a2f57c6f4e49ecd786c

SHA256
926a94d219e9c14c1cf3c889e9552aa0b462a0ee958c61e76e1ae4c0f48bf7a6

SHA512
8143cd404697a65b90e81cbcff12121fb7871f28e3a07063a0b1d798faaa8ce0644e6125dc6dc216a0b34485f6a7bd794cc77c11484c21425054e9d5dcd7209d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
19KB

MD5
084de261b09d464b6e8b3ca716872687

SHA1
acd4e09da42d9fa300a69a090658935342fecd5f

SHA256
f6837d3ba48cb89546ccc3bbd62f8817606feea9a05d40c6f2d56edb4ea68ddc

SHA512
234bac4f580b515ef563924ec2bdd7a3e4d9d2fe4b41a785043abddcfc6b38ae7d0297c6c0d812734326f4ab2c6dae299865df4d5816e0611fb4cd0fc3ae35aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
79KB

MD5
a839c219f7a9d75d655c36dc3cd649e6

SHA1
a1b0bc36d212e6c3262074292df619750f4c3d6f

SHA256
4b0d3ed86279a0d1a093dc263a9385771f0174175741794bf2141d45b7751a8a

SHA512
d04d5d97760658d1ac377be5895ead0189cf9c94e95cf4d40dfb0dff616596bb3a9add1b0225668eb71d9b32e7ed47903110ecd56cd85393da0366ca3094c99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
21KB

MD5
6f14c069844c00853fc518fa8eb7adbc

SHA1
673b0acbfbc740affc2f32f8568581c6d554d108

SHA256
a5ef2ed1a2b8f2045085b9c726c3ed0ed36a06056b01bab6b854c97f39f7bf81

SHA512
8ed2c0f5c72868cbaf186c353975d106b4f83370edac2e7374cee03bebb72b7cc0359a5dce9dc79ae8ef3d5de2d2dc7cf4d05531e779309e4de8a9d0f54f4069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
16KB

MD5
cbb756cc8bb58ce6449450b37d21f1eb

SHA1
a5bbbfa82611f496ea8fde13248d9ca25ec3c55f

SHA256
eda5c60d103bba492db405d4412445e55cde26d58948408525888973a969684f

SHA512
52498b9f5934d0e3ce3523f92ea6e6cf57342a2310bf5387cac0f8dd08261127a663b415f95295f54cdc400bcf6c54393e41c3b46810751aeba2c49abdcad45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
16KB

MD5
ef48f48597f537f5d50a7e3c5a5141c3

SHA1
75df94d9ed7c389c6fe34afbd2b0f12e6e5d4000

SHA256
c4f37cd6885c90352094b7c8e70c8d0da160fca1efd7b1018ad5e704c693e078

SHA512
a4fc82949c9fd721c55399a26cf48faf3f558317f19afa86ae163db8011f1e21e5dcd204f1781800b81c3836ef3b7fe305b02d425cdbec281277e5455ed1e9f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
18KB

MD5
16a2aae2e91327ed7da5b999990c1d46

SHA1
a0f8cc16d7a503a5c6afbbd2fd51f6dc7e83f702

SHA256
01dabd36a8704658b264d5ce2d4edf6c359e2999070efb97afd46a5cdb390222

SHA512
52814577d311af03181a2cddf8d124f1f1cc2a290a1b94af98c246856ea07f1fc885a3dca9fa7f6d96b9c986fb90aad7baea1b3924c78b44143ab7eebd15012a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
29KB

MD5
96089de94437dea5b10442b14b2e0eca

SHA1
e69d1817481693d79bdb5726e0c9fabdf9215122

SHA256
289ec19209abc62607b6c06efabca1b4ca0851d5296f81dbc7498e4a82112f9e

SHA512
01af87e998ec3ddf31c159e4463d9a1c6a7df17786ab0b052f5ef3a61479818af4188e1ac6ea4268b2dbe64f585d6f141505e574e1162fcd396b13e3f98f05e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
37KB

MD5
be4c2e4a48d2aaa789e1a89786cb2abd

SHA1
58ff66ae405035460b0839ca55582d42c09d5622

SHA256
6b1388746f3d61b7185d21ec9a18ff47caebb06a644b8f193f72f3f371715703

SHA512
3847f67646674d566c98ecc4c0273beca5542c46e0c721679209cc4e9d04432d99c4c6802fd8c84eb81e58152a5bd30eb4fe5ebf44bc0e1b753bde4c047d8a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
23KB

MD5
e1b3b5908c9cf23dfb2b9c52b9a023ab

SHA1
fcd4136085f2a03481d9958cc6793a5ed98e714c

SHA256
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

SHA512
b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
105KB

MD5
1f48a6e2f63e25312ba9cc0b98b8574e

SHA1
24eb5a0847299aa1e42196c99acaa393cfdbb6d1

SHA256
efc9e1fc3b22b1c8fa66f0824ab29e7d7b1029445b83f4efc63f66bbb8365e82

SHA512
4c15843d23f3470d2913076897a9d94297a42860a720826e02d65174a2b015d9bbcac631b3fc7b60f56acf8d088de4ef0a1b12f5d9ed049118b923133da2ebfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
138KB

MD5
950829244a061d6a93ec3730704b2619

SHA1
138c8e8da5065d022e3e407232f0fa37edb0a00a

SHA256
3f323f5562812ad6c9dcf7d9e39d803b7b8067937b7ac4631a4ccb7932f84263

SHA512
e6139ac2d9d31a747e911f0adbeda262718a24af8b5621678426a95d0fe5b301acca5ca8b36ad006262f01e4b23f9ea7ee0f7a607d50eca7c52416b4e0efe1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
18KB

MD5
db0013e1619962aab99b75340928e1ae

SHA1
33364b9eed88c3f7a05dfef15be952d20b5c87ad

SHA256
7ad0d922fd468d2b28214e0d5475d75f7301b362d55b2eb5e8cc599cbb758aa4

SHA512
0d8e684dbd3755c0664b513ccfc351195517fae6fd8ed20bb2f4485fae2824c784014465344f42438b22099fac4292cd404174013e6342e576e19dcb1852e048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
229KB

MD5
2adac3eacd100bd5916787b689ce097f

SHA1
fe92de47c3791b0cba8c595f264e7ce41f781035

SHA256
ccac3b5288dc1ec521927a514f5ba6a99b452a95f602b0ff413ab113d940eebb

SHA512
d53500807eb07b449d377f15f0ed28dc263e78efccf65c3b7e2663d3092bdd4371656184b87b012b024dae4ce17863cf47a89ed018d86d33bf543ae5f424a7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
409KB

MD5
f16408b20a8970e1cc4c0e5d8ef795ec

SHA1
bd987223428c8d8b7f46e96dc76c36ab6da3a724

SHA256
06931d3913cf6e8ecf3d7f5f366cbfdf061901d4b8a3d81119ff250e7592cfb0

SHA512
b4e5900d8a1a0a450331a4f02228ff838312fc8e512f017d3d2add127f0b0b66853661f3a7fe13910e1405d32cf4fdb2f94c87f68ccfe49ebc5fa468cfc4b5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
1.4MB

MD5
aa2516c74618483bdc1fc6b3f1f26394

SHA1
39821930e501ba4881de0501fdb221957f8c90fd

SHA256
aa40bd21e3904cc801ae4895279629a65dfb4f6af4cb8a17d17d96558ab2d1bb

SHA512
6ad7642f65297500aa915f45c90a1dec60117b83d5705398c681a522ec6a74dc86d2dfe96dd223ae64793368baa3b1a42f3e02ee2a8b0368d158b62b8792c088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d2

Filesize
58KB

MD5
e4a1b9ec0a89b51ae850557c7c3585eb

SHA1
fe1a43859e4bab0f6e5c07191c30df90bf997800

SHA256
2a03fc00cca6bd838a3a28b107bb05895d75788e7d19f37484a707d7dc523db2

SHA512
03f3c11e1f832ffac52717e6d5db16728d5968f7f49f1bf59c986393dc249ab7361fc491de8c83d85931465eda7cb3871770d833e168cc4b8f29bb1cec741677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d3

Filesize
355KB

MD5
63f3a7c908c79b479bd6eb12f525da13

SHA1
75ff0ffcd25333880f65b07c45ba14998fd58ff5

SHA256
38bd5a0cc1dad0605897ac5a824343382f4d58c290eaf7483d6e11fa2638e7bb

SHA512
b5e0a79cd13a688159ef8f6ed150a65140425fd78e8cb6554214a3245b1cdcd3b27e82e5325bec01baf869abb382fd968c4cfc19f822da48b112e80aebe0aab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d6

Filesize
128KB

MD5
50490e74744e3484057ac4261edf03a5

SHA1
337c73d6f5bd0929b217d7a9cb1267e8819c7b08

SHA256
89f37126b7f65f86ce2d62dcb0186b7d87f643fbea80e2d96428173f24cb8dc9

SHA512
83b7a2c5b4a38ea1a26d1ae91640e6a0a289550987e6553898c8389e844652db5675a4b971a71c942b83231fd041fd09ea7bc1b7c60722dddb2a0930db72778f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d8

Filesize
128KB

MD5
d5b28ba63bebccd78e52bbd3ab140e5b

SHA1
dfc6785f189dd9a79d63527d225bd6d8cc364f20

SHA256
c899559439c661257707437a3af341477badc2d54e5eac52a716d8b94ca78914

SHA512
d43603749fe1a8472eb169e34056edb13c9c7a0d4ac1a902497f26bc56ac1365460c9c788789b3789b9684df9f9da112464a2f4bf2e4574724517217dca1f95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d9

Filesize
256KB

MD5
aa7aee683caaa7dfb9c4d39781ee05b0

SHA1
067f48736e384f4c864ce555147d57c0fe3baa41

SHA256
89ded4305b9b3837fe5364b27305a2950dcf97291c5f6cd3def3c8d30be1acf1

SHA512
3a6541da82f438d256ec1ff8f9a3b4d8e2564b64f0f4649c84297e1364b8e9eefdc68bbbc5857f1525cf146c4de155cbca49ac15d5ab13d236bbf86b93bdab7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
aefacf7e96ede143e1238c6ef2272d97

SHA1
2957e3a3d2327f894cd03992a2b74cfe9fbe7e84

SHA256
5f43aaf3d7cc54e5c59a44cd09d06c599d11c3daa4b0fb71576ec09571b9bb41

SHA512
d462902b52bda84cf1816b4a35f5f09615f1e0b0ceb94a6512ab003be4f6077434cb02683cef7fcd1a02105162e7036d77024a9c0a68122bf0147aa646323242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
6982aa10c5c4e90cb18b55737ae55cff

SHA1
4b0db02d2869a97b4b619d77a3fefe5a670a15ff

SHA256
44d6d3ae31f21d6b37fafa1631d0ab858cea808c20016fdfe116042204d3f7f9

SHA512
028ceae9ce6ef8025e3bd28480c62cc61a4a57bd75a4151fe7363234192ca90bdaa70bab4439e5a0f6c4fce53789db17aaac2033232a0efe2cbc62fdbe6c2a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4e4a3809935a765632346435a0e8b3bf

SHA1
0c56168873cb310f4510ab9b9d30f364311b8f8a

SHA256
0671c6f9bcc1b7d773e3f9025b9a5a25432b5b2bec5288975fe7efb03ad6485c

SHA512
0ce3fad3f40f58c36c2f89e25cf175db46d63e93106f3a58a0213355e35746f23de63060eae948244c633e5e20023ab63063c6706f1210a14b7bcdba1c953ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f8d7.TMP

Filesize
3KB

MD5
b50d9e0404252d08b20a4a90a6580c03

SHA1
133dc151e9e60ff5666d767ef35a33ede8f0c2c7

SHA256
8b0b76ad929b8110cd9dae30415b8954673f8a2eb0b8f98d05aee73cf7d133a4

SHA512
6b6ffca144b548b65d1fa7cc590aefe267a6c8c7f9b39b5941825586d3568520c9c153e68e6413b222a9cc5dcedf8c94cef3e531fa80c4be70ba703d40b5e25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
5965275fdcf683b3ce99e66356f1d171

SHA1
9816089257cf596b158c10eb34a2003e794935e0

SHA256
125a6635f5ff3be18bff92df4000f6a1d129df6c48daf489aba7ec7f893af34c

SHA512
6776401663b70f6821a1cce29c8b7c68b297449a292367a90dff6ad530ae1228632c497a2e27ff9aa1ea4b0d80ae8e774a97f09ff6727ec165c3ddd9f3a3ef13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
108KB

MD5
ba4f41b7fda0f213c7d7d5b88fd57038

SHA1
ae4542fdb858e4af0dffc32bcde1b4e76e1796ca

SHA256
b23c6ab80b6ccc32e0412d27dd754b5dc0457cd57990c0998f9b1bb1fbd532c3

SHA512
e630c96d4d49f0c050de922b4d0ab5bd4103b6f7d1425fcc8211737980e2200b20857efa1b9e7b881632e85082f88ee5b63e03f78f0ae29fc02290fab19088a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
a13494a358c2ed8754e0bcac4e8222b7

SHA1
531a50415994f5e613d14e3412195d201cd4155f

SHA256
3f90cfdc9e9ce3b462af6b26cf55882d6ba5c0734b718324720eddc508230f7c

SHA512
dd7ad5f2d1acb8974958296678d87d46cda539a5e439df7d597f583efef11e99568b86bad5783c0374b7ef7cd47069da16877e75aff492751b8a29a973994d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
37e0eb5edc2af6daebd29574028d96bd

SHA1
0f2344c42a43b71545f51aa86bf781c0a4413771

SHA256
a67da6db28b3161921c77d2416a7b586377e76fa8bb12cf8eca0077fd012e9bd

SHA512
abda17547c6f0827923919e12a5649b66877845dc85ddb898363ba80b08d3b073511e9211dfa386673a5a270565d5b6242afd1213e88ae5947eec618d9984e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\b7ba821c-cbd9-4e00-bb54-ac87746785dc.tmp

Filesize
3KB

MD5
0693ff0fdc4d0f4a6550fd0de22864e5

SHA1
c7761d4c7f3dc2982b9aa8beec5cb44fd76ef50e

SHA256
a52aada18d7af58d9da4009d24ff7953e3f3d88a571477542359594c2fe9001f

SHA512
208932b913ff3e59396c1d6110040a29d9d51b65db6c84d6b467239ac50bf7312028e49ef8bb8ce22d5f38734e238dff0bd02db526914d42d3519e24c6143d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
1376471c55f26207f6d40cb491c0d7fe

SHA1
f98de648292e172ed94c372ff9f3257a4d618665

SHA256
ed5cca887e5f748d64b35d28ad56686bc2db488f572c4faa9031fa58ad379dc1

SHA512
c17fb7e78654595be31e2576034f3a836cd17cf16811bf56520b5c9ddc95dbdc46af1e0eff4500deab68af36a36fc1b876a6bdafbba29bf2ebdac2275c582f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
597bccb2195019a7b803d271ab2c1233

SHA1
3487ca1b92d87df2b14d806f231201d085da7655

SHA256
97ad3710011de07530b9258084e05401d290b2a47b5f4abf078c20fc4b577d3c

SHA512
c1e7db4be7b849a48213e4e6bba8d2ee248b3bfbe8073c78a957e3498c75587b1a133d1de75c745fa76b4b35819d1904880907e33e7dcb24e46a64a20287bc9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
411KB

MD5
3df6521aa79a954efed3665885dae266

SHA1
e9cf5f0bc8166c69368100edbab82d14480f18ef

SHA256
24bdf3123f9112c4390f3642db11a2e5134ef9fb16953dc45977eb59066184a8

SHA512
2f67cab0cd0e704ae1b787529dfc29aea6b265344435c0c32b04ea0ca99ee8c2d2b5b1b01a0aa41c127c0e5912ccee5b7f72563bc2332d04f11f259bcbf2ce00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
411KB

MD5
1194ddd0dcc5b94892b00d9e0fe98bc9

SHA1
9b4bc795fc4b5c380cbd733e6263744796485388

SHA256
5352005dd4abfca5b23ba00a0ac79a104ea89176fbfefb563f2087af5fc6d04f

SHA512
291ff5a9891c6134f8fc7ee8648f9260986264856758f2b383654ca18683705f42eb708e58bb820c7ddafb64ec90cb44848103712fc2b9e457bde3ee3435d865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
413KB

MD5
aaa1e86f192681cf50f437fe08faad61

SHA1
feefa787f1c85b3f8c24acbffe7edc1782eb34f9

SHA256
c0ee403e8e007cdfd9652cab038cab7762e710a5e15492d34807527421f001cf

SHA512
f6cf4519dd78e83c2a40816d9edb8f609d483db00070cf2a0e2fcd4f8f6d16c2b8e1e24294c69f34f0f8c5ab70617ba73d52126608a37d25173950f0c4de8ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
fae5b8eedb0484f6e5f7442df5b5f24c

SHA1
e099dc4050ebc2ef8fee21742dab3b219b6456ee

SHA256
d5fbcd9e1a9462a694b400692cb4e45dc7ea221730f40e2fd52943e3462a54ac

SHA512
544898e302fde30237827b003929b6ee4cfc25821ef5b0cf40cf1c48bd5939156b7cb36ff853e3e79b71fdf0123eda9fe52f1b21fa347dee89dcd891995192b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\03218735-8790-4a5a-aa93-fecbe871413d\index-dir\the-real-index

Filesize
72B

MD5
75876945a8510334c757d6a7c1c2cf72

SHA1
17de9efbc1850dfa560cb92b96a9efdbc5df1107

SHA256
c1c61b4b63405f17d3e89586d6b5f0e0f32c82ae979a65ee97dabe24c9228314

SHA512
70220a44147df6e8e403ca48df2b78a4cbe8deb9fe8f6c32bd7307c1d1042e27ac6f9e0df63b0ad5e9168b1aba1c66b363ad9ed5be095d8c4d9712e069b2b9dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\03218735-8790-4a5a-aa93-fecbe871413d\index-dir\the-real-index~RFe5a71c6.TMP

Filesize
48B

MD5
977b4da571c4c86c17f520a46f9078b5

SHA1
67ec57af5ac81329c31ffd955326cd3a213554e2

SHA256
46477e872f2682bcfd94b686aba5a57a93434c9c4c73820ea0fed1d5316ff72e

SHA512
762d2aa85dd4002f27d6797c96ee49a2158ed8eff81d53a9f4a1b6f44c1c28895ba6226e6fda0b340aeddad740bd1342b90a3477e58c520112be1cd651c191b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5664c43b-6669-4a06-9cd2-f1e026a53f44\index-dir\the-real-index

Filesize
96B

MD5
d1b811a831dec36440b62e178d8db76d

SHA1
3a733bc592c7f223a2c9b4ec4c2f779ce7712560

SHA256
9e99821e2152ced124ee0f6a70b7247ceac260a1a088ea158551c585ddd7f16b

SHA512
e0af254877064b32cf91f7e9757ddfdcfec84e30c22a5c681af568dfc2ac31d0da9cf553b124a678028a99b979a550561492a7cc8db35f780874fe1218b04bb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5664c43b-6669-4a06-9cd2-f1e026a53f44\index-dir\the-real-index

Filesize
96B

MD5
b668628eb3541c1ed000e77050b4e983

SHA1
d6ec0e0cbd40538e29772a61f2baaed09484d1b1

SHA256
91638743d4b42acd522c057ed4ce74b16432295aef4ad23a02184ae2087dbbea

SHA512
4c540d1a1abaa5501589297a14ad44aed9f7dbfe11deda9e85c1dd01d3f6320b3ab35f9fbd46e9f5150ad45a04e47dc2dca2c35bcb68cfb5dfd875cbb682a036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\d3ff08d8-d8dc-40b7-9a1a-09e9173259d9\index-dir\the-real-index

Filesize
72B

MD5
5f4b4536548288eae7a9350d1f0ad9f4

SHA1
a9599610d763682fd3bfab541f848e8bc31b7db5

SHA256
fc533f5a6e17245336d10b5fa3598baad5530b8d8b27340b42afe512681eacde

SHA512
44a0c6e42b02159b66c2b7564275eb43ea8f649212e255d73fb5c587280e79e35f81d98d3268217933892ed75758ff67d232a7ce8a607949eb2f5c7cdb922262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0631e4f-572c-4490-b8d7-80ec75ff9b62\index-dir\the-real-index

Filesize
2KB

MD5
0c0f1dd089995ee9c49f648cbc60fea2

SHA1
a7000bc399d57685877688c76db2e4e4d9794da8

SHA256
3b2bc43a00fe811292f71f2851f4767a21e079922bbdc0df782b6b4c51e2fc3e

SHA512
c2e15632638e77f4725df62712a03fd3997a4227c92e816e89f215676e0164b2443737506d68188a90e450371ae6aaf28cdddcbfa33ce05cd7bad56839ffef4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0631e4f-572c-4490-b8d7-80ec75ff9b62\index-dir\the-real-index

Filesize
2KB

MD5
4ea94e8680c8e6637efa2ca2a4e8cff0

SHA1
0f57b649a3deb085c37cc894f2344021450ba34d

SHA256
d77d63b768cf00a198bb7904b1ac8734f5e810aca06a5781e1be91afe48b3e77

SHA512
a14339e177ccf3dd767ab45158b1787203c4a280a3c2974a29147939842334e160879c66111a98c8add4f9337dc0f1ac09b692682b7587369ef6f99c4b89ec19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f0631e4f-572c-4490-b8d7-80ec75ff9b62\index-dir\the-real-index~RFe59f582.TMP

Filesize
2KB

MD5
f29e14f6d990ca455e93493840fbee96

SHA1
c35396692cdd5801544880e05e971244f0a6123b

SHA256
0b55f3315aeda3e4edb82b9c1c7dcdcc08bdf73f07d3b2727fc2a891ca0e0590

SHA512
81dfe0706c11d781ae8df9320ae2966c123ee0e4215abc5b19e891a85ceaba5c0e32c0167cc4d7a1a5408a82102ba88f04789ddd152a17003e2372b22e6dd26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
607fb9df25b8de64ed1fa4c701bf4a48

SHA1
bba6f91f5a5e5ad85ce0083acc4a3a5d5df60294

SHA256
5521b8a98a3b083a0343f04fb8cab696a9825356d6a3f160a8168bdda4f0f2ef

SHA512
3c517aaf0abcd50c23513541abd18f9f32c29c1234138a2b24b4eb1d164a86df357f810e5c96c16286e7f2210830ca4c2343e0bf68efdb572cc88461cdd26ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
aa9dd4815b09a4c3d23d1b561432b13c

SHA1
32b0b4f4cd01842bb6e5356541f308886162d433

SHA256
7385cd1ae66eabd4b858012ef0f786112ce50c52bdc6f9ed2a3fcf7192d0870b

SHA512
9867ad7f93e295dc2a4e0bfb459e7802cf8912e259a4b3ed186a8fdff5c8c0c0509d28d52e1f1ad7cf3875b64c0cb10dbea10cb22988de3bd329e68c318ac36a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
acbf3b7c4958ad1c713bd8c6a911b6aa

SHA1
e39fbad28e624cfc9ff09c92a98fc63b0801a3db

SHA256
1f929d3cb4de382862b5798b7e200219b5db3cc79a0f66504027c2a431a8738a

SHA512
e772cf7aa3401e7186317cbafd364cbc838c3a07c79be1ca0c1645a352d28348281a0c52dc887986f577558ac8f6f04597f9195eba8911e47db9a5551a5c9ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4a68.TMP

Filesize
48B

MD5
a0d314af3fe8c4588bd17f3288c7250e

SHA1
8ba89227d699fbc42d54eb4ac334e4ab618d67a8

SHA256
6bf8401893661ff9c0a21d14ffa70039a9eb12730b77021a8236d8713397f7e4

SHA512
c43b4414de297a1570a1268bcc77e29fbece39ab9efcac568c8517c33ac06e796f3d3ef8ebaf45eb193c3c532bd78c04d4fe1b6df58c0455601fe8ea9cf709a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
91ab322444d5dd96f56afb60eff7027c

SHA1
605d0a4ccac74993efd1d7f658780a5f3030e6c1

SHA256
e57a11cdaf8766b02d7f13689b9e0aa7fa5ee29afab5eab4b7f9a46a3d8bc2c8

SHA512
2418fb0dde1e4cc73c9f726ff1bb456099516f07c95461b4f1d3892f97bbbdadc471d2946e9eac24c63563190224edf1516f43943f08ddff4262f09f41e2f95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
24KB

MD5
a994a576afccbb26611b92d5f146d3b6

SHA1
e8e7544016892f09f70c8e0959099d6f4f225e9c

SHA256
392acb508575b8aaa206980b93f793cff4cc49ddd9928a2389ac3926fce4b31c

SHA512
d33bcd1013ee4d2e9a639c26f3e56ba2191cbc93d95a59a9a97249dc5017310fcce814d5cef8b7bfdc5d651552dbd9e8a422c47ec8c427da4c0e5a7fb0f1eb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
82B

MD5
9c12ec41b948e46a5108b7dbfaf1d16c

SHA1
860c5126809bae1950aa06800c5c1bcdf05f6c53

SHA256
34291f16a0ca09f3129132c388fbf0d909778432ae92059c6d85f77a622dc004

SHA512
a93099ce7e7896b91fe111c44df3beece4828d40705f08f403c63502cf778822f276a3d40f01bee3433b8b1de32cfeef9c8b445bfcfaf56befae6b3ec43f463c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe595450.TMP

Filesize
146B

MD5
ddabfe5663be0c0bcf9200fc97cdb8ee

SHA1
a1d2a636c95760040e37a8ecb31ecf8dd32c5a03

SHA256
e75db7f029f878a2b8b069b916fc166d63543444be7b52aca5614026578c322a

SHA512
c9c55e5d9990fdfe9314aa1ad6c83a7bc2aba50844d955b2ac7ae9f32fb4e92e67bdd51e1537d40eb9752b506361915242d21aa6ae07a226bcaeb4253c4695b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
6288b0d5355c0f5940a9b016f3bc7b94

SHA1
616af25938c146f8fab08125acd1eae5f0d41db7

SHA256
fda50593917a9bad51aa8f0f075b076d6a90383322ffe0d5fcde44f9fc44bde2

SHA512
a6cf3eb57f898faa00a269e5f829adb5512f3590d967e0d74aef1ff4063b9c72986786b14b7a0a945a5e9a1a805761fe8da25f0d34c1b1ddf54d3342f58677b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
458B

MD5
8d6a7dd48c2da4b9f958ce208883cc7c

SHA1
d1c4cef380859b4f4f0fc34e40aea22fb5347df0

SHA256
0549e434b7585e031e3f9a6487b13529f24ef4de3191920eefa60df7fdf186a5

SHA512
0b85078f2e03b2490b268e1659c34a1084f02f9b155cf5fdd6af8635c995b412a42d46629fa6e0ad202820a242d3c77d5e20ee7ed9c021f4727f3ff35fd51293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
9330a8a30c6075fc8c7c36b66719301a

SHA1
5b3672156b887db09e2a68d62585dbe1d552b61e

SHA256
5290cab286166fed1f074cc862eed8229e03a7f0486cca672205427140002b29

SHA512
6a1bff4ec2958ff5c6dfc74b55dee5d7db500a0cd54859bc3426c27c094bb7c10412e2dbf04d5572e830b081b92afa9ca7c244b3cbe6b5d550eec8d0a27e14ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
2b3c1363f7a23e76d5f34df2fa06d40f

SHA1
48d176cf6266aa7561bf05b5c166761c728ccc77

SHA256
c023c2eb9e41cd9f84cf1f0938000d3b2f08a7c7495058bcfa36d9cfb29034ea

SHA512
553372a186f14b549ffb633ae9bed5b009bc89d18829beca1e6fa1df4a2e02bc93f4653b8c6886cadd583806f0c6c242b81377552e4d879adc260ea2164cf9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
4ffe84249fde3c3eae2df64c7054c8c2

SHA1
75a2451affe0d1d5e1b16a52929dd83a006e9eda

SHA256
e57d2ec9f10de4b92eb476ae08c40f9d082a68da68092306fc19e009091c1ee5

SHA512
53c13a281374ab0f6a77e632165554186da63d4d1c1cc2b1a0bf493fe9e06f97715f1b3403bb856a3a6a9a272c836b03109a196d437696a71167124d3322c708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.38.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
7e5fa4ed6aa17f661f32f60b1528b8cb

SHA1
fb8fde8a15183eabc587e9e141499564c36e73bc

SHA256
5699c475bac8a24c856db71228628d0cfe1a6ba6b1c6be6a14e73d6aa835cd28

SHA512
18968db3a1cd8704ec7e9e619dd025c457085e81c27ffd3ab4af707a2daf8e870790175d93a0e6992181187a62bfa19b818c262bb0a1514ac15b3598a7e91551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
1f2a02001d639135ac20e7b520627b5b

SHA1
5fd1d84796e3a23e99932fd3194f31757bb0dce0

SHA256
8b5c7b0edf8e545b20f79871bd18bbacc6c09ac73a9995a92a1b427bf40517d1

SHA512
31192f9c9668768c665fc03358f50d0d19161fca8bfdc81e48b3ca7f5a90d6fdf72c1e7875d82f3eb78a51ea0d023f9448610f3c8fcce16e00bd1c08662ad32d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
9a3bb586b7bf8f210a2e6f3b3299878a

SHA1
3fb6ba3c11a324014ac6b3edab6abb69e3f92dce

SHA256
f6122a744c2cf609b7973b41ef46826f92ea6f1c3fd273b1007afdcf0f88ed69

SHA512
b950246c868492229e00a60414e08ba732ae514945f44fa3975d07ce4ea446ee182fbbcefc7a0a0e75b454e0f8eeeafdb151c7ee6b355dc4881e7c603b0e1b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
a631837c1f4f7c689c6af4bbd07e95e7

SHA1
c0bd3d662db53888c3dac2d2facdd5dd8625c006

SHA256
238d4e2f3f38249117b910f190f2cfdff98028c0f2d7b984a3274fa84936f7eb

SHA512
367a8ccbca5d3671f0db2e1452490acfa6be98813d8415d27de0f05c13cc655010e37d58c9af91a9a3ae6fcacb3618dfc913d6ab9085518601ce5fe4574332ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
b0857c97f641f9e6be29f63be95a1ff1

SHA1
43fbd57b7fb3a43ad4a4bf08ec120699a16b1965

SHA256
66ff0563de573c16fc8fe610b3288333bc85657c00c18ee101cc944dac5b2c4f

SHA512
1e0bb437a2578ed5aaa672fa7b24f55b202ae35c3f0c10d26360c5012fc36732b8a0be2ef34f7f095c1f26b52bcf4a93dde374ae6f60b3e3f14086a1e3386b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
a84740625e950ef404b977c32639eccb

SHA1
7e014029d6bcc969f2e996908374663642c11a5f

SHA256
0f7252b0cd3e288eba9d054a4118142917d365066a12dd6fbfbe1140e3af9889

SHA512
f8061df89543210a52faf868fb2fd25e51ae34ff7f98bcf1c46415f3acde82c1c14456c4f7693d258e4bc669b0c939a15cfc99293ce8cea3cf15323044abc246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
5b201bbbe933a386abc8b9e8649128f4

SHA1
385a24ad76801117c3149d4d050fdc72cb3f8ec1

SHA256
06731b66d75e7efc54cecb04cfa7a065946fa5cd69aa7afe79200986474bcb18

SHA512
0563308cedbeaa1dae811a12004975d25c51bbe2b167533e6d64113c1bb461f6babacf17c53337d30b6bd0e4bc707474fd46db1a3026306ff97e17a33e9038f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
a6f7de22acaba7c2cfa06acf1a10fa9a

SHA1
9218868f4ab46b3bf6a746298c9207eff0521f4f

SHA256
c525ed065e7a40e437a55c2dbe65929214336b5191f6b50ded6d8507624abced

SHA512
cdeef03ae5d49a722f8ee9eb33e9006387f47ab57840b133e2ac18f587013c160901416165da9e98cd81d546152b14a11746c2aba3b65e150b84a39a0e0137c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
dad4468c71c4e5a442885c663907b1ec

SHA1
6c8a512acc19d99e134f2a93969c282172113ebb

SHA256
9ae68f2369cbab0dbd4708e1b35a22cd62a707528a876172b251769f403b9638

SHA512
7ef440b9022609e10d167b9b996e9f20621c7ce0e9cc6a7c759a77580223f99a2093e29c7553385b42d3a5989e0b0c7c9a976291bb423ffd7aa6766eb1062f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
8ad3c372d18b4f97b071f3ed2919ca14

SHA1
8dae8746921e3f00324a1cc37d13f92aa6699984

SHA256
06e9429a600991a3c783b4342036de01bfdb45e07f8a366e192918f23aebe347

SHA512
35fee5982b31ad1490a5ac53aa1a63968706efb478b4fcae7ea1fdb4dceda7954eca359dedf76fc4bfa42fd9713fb6fced7dc7bc84b4d54da9c2bc95e5065470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4b57b8ac51ff91a3f8c3478c8315ebc9

SHA1
e96acf31eb7e3800996490486ad0e39eff837cfc

SHA256
a7c3cd38a60e1cedebbe2e1db12f7764b34a4c761d2670b173c22e5bc0c4d05c

SHA512
8aafe5ed0e280a4448dc1cc529e67f0882783395c0ec5af3b7fa737776604d58ea5798cb4f73523281821fd4eb36ed7971901c7a84ba0918e53596e33d28ce03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c961e57a4913bdfb49f7c1d06110c9b1

SHA1
8a7cce69679357df306ba0fb5f993d655ffcc631

SHA256
9421c7fc2e854b3cf97175485e7f3fd43cf6831a492ff36d0fe51240df4d8fef

SHA512
ca4b25acdac05ce768e108a6e91221b665ee1fabcb4d75aa034715236f173361d2a940c5449f0c1979c1f710f71965707e3367132c680de5c30f5c676e3f4415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c328e231926b1c589119d11c14c4f441

SHA1
b67594372f9f4f1cd248e91e15c9fba1b445ae27

SHA256
836558489a9e1c9d2a1fd523b9ee14a491300727d7958630fa9744a11a572be7

SHA512
9a81ae86133f089b8c6b9c9e87623df866b0b93e953745af7f204096dd7c5986d6bedb6c9ea249b078ca9056375637ef8ee2c959a456892492faeb50e11f4f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
738c32db609405f6436ec4d16a6ce30a

SHA1
92afa3574963b03c44e01591f34e63dbcd766f13

SHA256
5057fc2616e46152c2fb7489beb22e60287f05fa10c1abe2b5345c0ff482a97f

SHA512
8c258152523d1d830f343094990d795f0e13ea131ad24b17d650849d930d8b3e64a8ccc045ac004fc300c87c0a016af1856a856865605ec8e213f55e5cf1eec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
63cfd465095414763545dba3615c3219

SHA1
85252c259bcf83e62dc3eda7027e492988be3826

SHA256
9fb91e1fdf6ad82b0c573bf7ccbc2cedfe33ba66ea2c8e208de49a5f4819a41e

SHA512
364922eaee0bde74fa1cbbe8bc6ed5ce3fb594b43453d6b02c62ea3e2f6d81de19c328c275d5519d418504f1e1749e97b00a1a108442203156b642803053a3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe57d15a.TMP

Filesize
392B

MD5
38cf5872d7edd913e316d562c74549ee

SHA1
c264003a036de81f52eda4e1007951358dce1378

SHA256
ca7f34356de614ceebe56eb11de68b0e16e396dea23695bb6d0b37fbb1935e84

SHA512
2756d2f1e503c7551926a61a970d8897212f28ae7cd931d5e029580b7c916cab1cb5aabd1891d8cadd70f536387411cc66482cc24b76230574e399179086204d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
d8d294f2eb14b58270e0c2569dd021a1

SHA1
fff00c9ad73e126a4974495ed5887678fbec8ca6

SHA256
1323b8934caf1fa8e7b0ec569ac8aaae4a40534e8be09b0c3bf687a71715e52b

SHA512
f349ab8bb577b18c57fd566d1ee9e6e344b5f87f7fee14a0be068fcd582979aeee3b159a8d17eb3141b793d3c7f9f948419b21be4a739222febedeefbebb36a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.16.1\typosquatting_list.pb

Filesize
623KB

MD5
efe2d1b6a7a71b28f1af830983f6174d

SHA1
10c212bd4c687b896415d56043a74af12be6d2f9

SHA256
550bc3df5154df6f52d541448794a642eed5ee44c1ab90c27feb35014157e1bb

SHA512
739999121a9bf35c00060fce196b1f772d892b6e5ce1d869f5cd543225519b42deb584138a0f432dabe20e241216e433dcbf265c5193b272968629d6f300b774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
a0f706c28dbeba1855d7f06b0e3eacdd

SHA1
be450405a3b79346b3fc7e2c7530e95b2f13ab14

SHA256
67c31fc6ee0855ecdfce96b2cc68c30c0fa69a8ec5bf22663e8d9a8554946284

SHA512
6962bd05d641a39403caa6c2eaccbd3fb8f9ba75913fd5366593468b3fffed3e10735b0686ff16e4318bc298169b32fa0800787f81c437a446155103afe728af

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1223382157\manifest.json

Filesize
145B

MD5
6d9ce9f996b9f9fe10bf9546dd82f952

SHA1
0bcf62c147fab9f8eeaf575902c2b6e77053b88d

SHA256
c94951578b17215081e5ca755033993f5d50fc812b8d5e8cd4bf6a6c68b36a55

SHA512
ae6ba65587b6b8b087c57a2f0fcbb529764891eb9e4d3b419194501020256872878af14484a1909cf2293a3fa80c0e74db13dbb3a6b5289c62df3f69a4c7e3b3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_1246080404\manifest.json

Filesize
118B

MD5
b8435fa56036ff5ac2b3b95cca535196

SHA1
2d7ada6f7fea8142daac15c8098df9bbc08663ff

SHA256
1c262e30d188bec0a1698f0e4f37f19772e468a06ef9442a088db5b442b36185

SHA512
b5285d826ca081eb7265afe1ee37f9d82bac47b097682180347373f2330db854fa431515fded5f3bdf8f7dbdc7238ef3f0b578eb24d1ac5c66f4bedccef33d23

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_617742444\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3720_880048751\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\deny_domains.list

Filesize
12B

MD5
085a334bdb7c8e27b7d925a596bfc19a

SHA1
1e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2

SHA256
f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85

SHA512
c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\deny_etld1_domains.list

Filesize
6KB

MD5
93c7fc76f7223d043593c999de1c0bea

SHA1
dd7c906c629466fe53a29d3945e31801065b5b1a

SHA256
0db8861eb771d2662ecabd8c7125c5453d6f3d976c14401ecb252e1f85b018d6

SHA512
55c752b20ebf883adaf0bf696fbe7c3f94b06d5bff907b39e9f43358ee7a58336024145b77ba315393609853c54a701ec25592ffc32b9ed3e2ce4857a4186c8e

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\deny_full_domains.list

Filesize
9KB

MD5
a3b6c4249c181157cf292b749209fb49

SHA1
f3704c2d69b8f1c7738104f2d9fadf5ae644702b

SHA256
2edfd6823e18cb7a1e9e6abf571ef33c5be863cb5ea891ffa3df9a06fd0bfe98

SHA512
113df193b92ac3312b4e983434d0fb61fde5f3675ea00687ab6f9c53f17635bc5dba2970a5af6dc176618d962f982ab514b82d9ffbf894e315a31797887d35f0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1207162654\manifest.fingerprint

Filesize
66B

MD5
a287310073c3b178dc97cb38269847da

SHA1
ab283f53827794fffcfbf8603d33a3d9f6a5bbf2

SHA256
3af99da8ebc689d4324a15e3f059e379c9be7e523b5b26efb9261cb507a6f6d3

SHA512
bdd9f96341fc74032c9ae8677e6a06badae1ab60f4ae48ced84853a0a57a16e16c68d636bb821f10fbd06779462ed3fca5d4eb903e5235f519dfdd46b1d7e95c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\_metadata\verified_contents.json

Filesize
1KB

MD5
68e6b5733e04ab7bf19699a84d8abbc2

SHA1
1c11f06ca1ad3ed8116d356ab9164fd1d52b5cf0

SHA256
f095f969d6711f53f97747371c83d5d634eaef21c54cb1a6a1cc5b816d633709

SHA512
9dc5d824a55c969820d5d1fbb0ca7773361f044ae0c255e7c48d994e16ce169fceac3de180a3a544ebef32337ea535683115584d592370e5fe7d85c68b86c891

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\manifest.fingerprint

Filesize
66B

MD5
8294c363a7eb84b4fc2faa7f8608d584

SHA1
00df15e2d5167f81c86bca8930d749ebe2716f55

SHA256
c6602cb5c85369350d8351675f006fc58aea20b8abf922a2c64700070daaa694

SHA512
22ed0211822f6f60fe46184fb6e5e7fcb2b3a9d2e19f25fb6e84e1ca3a5d645183959309549cdb07c999b345cfdd9a1351f3474e03fb8d451b0f093d44844d7c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3968_1270589589\sets.json

Filesize
9KB

MD5
eea4913a6625beb838b3e4e79999b627

SHA1
1b4966850f1b117041407413b70bfa925fd83703

SHA256
20ef4de871ece3c5f14867c4ae8465999c7a2cc1633525e752320e61f78a373c

SHA512
31b1429a5facd6787f6bb45216a4ab1c724c79438c18ebfa8c19ced83149c17783fd492a03197110a75aaf38486a9f58828ca30b58d41e0fe89dfe8bdfc8a004

Download Submit
memory/568-2327-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/568-2330-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/568-2328-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/568-2329-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/568-2383-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/3068-2362-0x0000029F92BD0000-0x0000029F92BFE000-memory.dmp

Filesize
184KB

Download
memory/3068-2384-0x0000029FADD40000-0x0000029FADE42000-memory.dmp

Filesize
1.0MB

Download
memory/4116-2361-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads