2e68b7e1a68dd836e24f2e19ad1d785ea0c6c6ea349ffa0d11c8c9b92525a066

Analysis

max time kernel
33s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2023 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
Size

1.6MB
MD5

8c5aa14b001bd42148bbde24159c1602
SHA1

912a3bde9b3a4fcd714d42e14b61c1105ffedbf4
SHA256

2e68b7e1a68dd836e24f2e19ad1d785ea0c6c6ea349ffa0d11c8c9b92525a066
SHA512

49ef2059d082ef8f6773407d11cd2277b66ee166d72e3249af70519a6367bb24a3cc7b7d66153020cd07c7bd255f1a46d3b19d82572baed53d5f2458fb350752
SSDEEP

24576:FcuQIWzErfPc16ijZmm6W6RE/VoTtnkW3tr6kTk/OTsyhDSVXT5XicHya:FcuO1rYm63RE/mYdORGXT5XicH1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
1960	msedge.exe
1960	msedge.exe
3744	msedge.exe
3744	msedge.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 708 wrote to memory of 3744	708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe	85
PID 708 wrote to memory of 3744	708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe	85
PID 3744 wrote to memory of 232	3744	msedge.exe	86
PID 3744 wrote to memory of 232	3744	msedge.exe	86
PID 708 wrote to memory of 5040	708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe	91
PID 708 wrote to memory of 5040	708	Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe	91
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1308	3744	msedge.exe	90
PID 3744 wrote to memory of 1960	3744	msedge.exe	88
PID 3744 wrote to memory of 1960	3744	msedge.exe	88
PID 5040 wrote to memory of 2928	5040	msedge.exe	89
PID 5040 wrote to memory of 2928	5040	msedge.exe	89
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92
PID 3744 wrote to memory of 4796	3744	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe
"C:\Users\Admin\AppData\Local\Temp\Resident Evil 4 v1.0-v20230424 Plus 36 Trainer Updated.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebc0746f8,0x7ffebc074708,0x7ffebc074718
    3⤵
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,8249789079513496108,16478615669026650664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,8249789079513496108,16478615669026650664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:1308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,8249789079513496108,16478615669026650664,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8249789079513496108,16478615669026650664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8249789079513496108,16478615669026650664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
    3⤵
    PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,8249789079513496108,16478615669026650664,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
    3⤵
    PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/resident-evil-4
  2⤵
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebc0746f8,0x7ffebc074708,0x7ffebc074718
    3⤵
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5872380442300227770,2310060542826287585,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5872380442300227770,2310060542826287585,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:1828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5872380442300227770,2310060542826287585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:2996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5872380442300227770,2310060542826287585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5872380442300227770,2310060542826287585,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5872380442300227770,2310060542826287585,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
    3⤵
    PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffebc0746f8,0x7ffebc074708,0x7ffebc074718
1⤵
PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
60fe01df86be2e5331b0cdbe86165686

SHA1
2a79f9713c3f192862ff80508062e64e8e0b29bd

SHA256
c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

SHA512
ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
300B

MD5
dec6bbe308eb44937f77160a25ee32db

SHA1
8f08a4b641b564b67205e00106ca6bd9ca46fc6e

SHA256
68a71de28f488586c2b169f4652347e0a1fd632d48a6d6725393607bfa18bc7e

SHA512
6c2d684af52588cfd34a682337749b829c2336b34d6add7e8bd6e0c641862c26889617b4d6e9f298fd177b89527deb696c493a205ea8490bb8aee60090a68475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
27f8fcb7c88a0577adce938aeb7f11fc

SHA1
f98a74c203a11ba5584581685ed5707e070cbb6c

SHA256
a5a9b05da00edaf714a266a6434962de32f02cada274b895edc229691cc8a461

SHA512
6cff872a182a89f9a9281c73211278bc597af694b8b2ce4ad3e240d58d094d2bba03bb789a13bca5a4765ee7ebec960369e75046e5307df0c8e3cc0e593166e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
37d2523d157f14d86efaef259a57fe9c

SHA1
52e4b03f531fecd44aa5ca0b601cffe3ab16c466

SHA256
1c376b2f2bac72d76326ffa8e0c7cb6d4b53f9b2559f001e90a13f21984d4444

SHA512
7377daa07bf1476819e60c97b8c22a4a9bd1981d493acab534e5325ee8026c0a51af33905f659472af1855ccf5a1aecf6c8d4ce0cb35c72b218c26854e2720d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
13a1107bb246696ed5de845b29391809

SHA1
6e391c8c7f0115dd9811bc637f05495f3afa494a

SHA256
e3a5c6d76a12c6c2c80f792342dfc2a0ad082c26db6076c90fdae1c25d023c31

SHA512
c80c5b53576951e409c04f8a73fafb646639d00e9791b372835e83f82b849d022fdf1f3590d5f3a8272d4d1bd8c349f3835b181bc0bf01aa7cc6a8d8095fd9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0529da218732828ea402d5bddc8bd97a

SHA1
f08a4dc151ac96d18187ecf8150c9242b1afb566

SHA256
2f401c3838a6279c203713dacbc800d9c8fe536308d4ba546bbd6fea32051df7

SHA512
4407dca9aeb016a3348c268d7ab56e5f022131484baa981dc3c278a10c35970856294a42018eaa5db4e1656b55002b9ce31535a5a2531db062c998dd15b04c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
80246927c36836ed68259bf9471fd6ea

SHA1
70767c688c9f1fe29730d477577c601e38dcbdd5

SHA256
c29c16b045a433ce3d82f4659e441a79288c21f12c33ff2d3d5d5ebb812f6405

SHA512
349adbb992fe3304cbb204f144ebd4099176facf9012e1ad00480b2094d6a4d4aca26dc7a9fbdcfc2c375c979867893682eb191afb79298043bb510da286141d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c0cfd4224056e9f0c45de5fffee9f86b

SHA1
ceaa604d557ebfd5f223874fb4a3e83d1b8f1bca

SHA256
ccf14be9adce3c63248e26c65022665ad3284076e42d3c7d750fa96c51ff686d

SHA512
1a0bd7691b74c9a2e289aa7a0ed6319173fa07d5cd27cc04343a943121ef75fe95be91c9de3628fbbfa6c0d0b30e3f87a54b4c2730d47c0d58990a98b36e036d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
cb55992ce9604ff06fa85fb93e52614d

SHA1
4be3db3af0fe6875702e925becaf83135d9ed7a1

SHA256
c3707155af46c320f4c6b1150b4493b4687bed184525c265a4fba485f43c1b5f

SHA512
0457c4c2c60975a3122eed88343a0f448c864954768060f383962e80c591bfbbe3bf07e9668f6d702812a082bb32e750c6c17ee6e8061a2c12202f4dd0a40824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a48fa7571e2dc3013814cfc7b0d3844c

SHA1
b749f56db2a1fed9a7c07c3084592083605c84a5

SHA256
4504fb7cd9d6f13b132180c5974c96ddedc12ca76c5b0e6d143aa6d618467b91

SHA512
54aa6d96d56912aae01500e87dd95f651fdbd56cd4da0d841c0087234955d1d30f0e364580ff8cbfa0d2e3772bf89c6082dbb862ac8eed9511114703b69a0380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
34KB

MD5
8c91894fd272a1dfd4a217aaf99c563c

SHA1
040b39490edeb78d79d05731963c564642fa0b6f

SHA256
ade54c249722b24c1b74b20616c656cb79f3932386e6da33d24331e4180cac23

SHA512
223901cc562d36501f5c6fa3f44109f3ad46e70a5027a89f8fba32f0f2896d38b91fae981493a64ac454cb0f995a671ca95ea88236f20efeb884537d1e778d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
41917264bab452b49c0589f9cafc23ac

SHA1
4942ccce70f9622816c1a2e223098fefa0cccc7d

SHA256
f0a7f72c70e4ae71df93fc8f83a6943a60dc084ed8975baf4431fae82f32ac51

SHA512
72bdc6918e61452e20c8d72a7a9420bb1aa29ec13431775af5a2067c1a8362efc56fcd13ef5d44728363cf1b9b605f4c0b03bfd6892467a9d8101f626adab640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
31KB

MD5
22ada11f495b066aeccd4a1e5282e56e

SHA1
61d24ae5a0f2f25b7acfea82ec7aa93046d58b4f

SHA256
d4550888ad9304626c8e4d07f022834175600920393d8061237a3cad620900e3

SHA512
b2e671fab32be1d4eccfc5557d83ace1e41ed3bcc4ab85f63b792c011449966bbd09f755022dea402733cbadf504d70298d6ddd4e1ab78c8ed745b58e8f8a173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
74KB

MD5
b0513d752ca28d3d86582bf4016ceec5

SHA1
469b6253820f8af4650657a4cf2c761a23511d52

SHA256
fae740dd8359eaf1df8068ba831d5d0b727d5f674d68894ccf31e8068838594a

SHA512
5857514d6b367c3dfc77f60d96debe31a6a49e21233a2287b9c7645aca4df253985950e01707006778098c3d09478b7be0142c8b1b757575ab9c89f7c1287e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c9892bb03c3be03_0

Filesize
249B

MD5
e40fc06d463dfc3a787e7dcd40e0ae5e

SHA1
e2cfc461835e09a00433d1422e33e9c212b23fbf

SHA256
a78ddaa90faf7ce81df08b0505a3b594f95776601764c0ef132dbc1dd396cc47

SHA512
db044ad53a27b649b3da05b299b167f21b94b3bd7cd4031f38fb1e46e542ebfff20340663d57ca2671b6cd6f24c269dcdafc19d73f45e739a55dbc9d1063a4dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28ae65f7174a428e_0

Filesize
241B

MD5
f695ea27cc9e8b11fd3ad1a720174801

SHA1
ec4e52cba6549b3aec2ce66eb3fce41160972ab2

SHA256
84a006a243718f8eff2c37c6f6e98eced407c4326caecf6c3289e8817c5f41bf

SHA512
25f050837c4e5cf8abf25dfd4d705f309e47e5efe81a06779c6749f419f6d69c70da8e4c4f6188e1710533ecce84456599b8a0049a52e838674c37571854ce27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\703587243c8dc998_0

Filesize
244B

MD5
d84b73f8a3d24dd9d40c1bcfb42b7ac4

SHA1
c4c5a1a7b31af1b767aa0a63e2b7e043352e2467

SHA256
773ded2d03be258f4d1ca880454027fd75c30212c99a3f356513d188f2f1d58f

SHA512
a623f8779a3009b0c6f7c3efd97fb453905d8b97c2eaca54d7659352906c3d02dd086deec5dcdeb78b21cca6aa9a7c9ea0382d5773cb20ff16889d5b684a946b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b626ba16ae767344_0

Filesize
277B

MD5
f00c7af0018c4f87baf83a47ee9714a7

SHA1
5ed331df67df1c354e464e4ab7aaf7b9b196a290

SHA256
842f997ea92038ae275b410a4e96c9d72aa44ce92c0377413521411c52226d30

SHA512
462366c0bf9d26a9fdd714c3521efd60b03b85530fa97ec208bbf305d8d564c1f452fcf277052e5b47a78a272895a96184fd9116fc6f7360953b098514a5e506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf641ff56ed6259d_0

Filesize
263B

MD5
73ea9ecbb614ed094b2ae3e20d6a7f77

SHA1
a2039f2fe1709cc76347718f041451074f2a5da5

SHA256
118af734a8fcb243b747afaadd2f7cf09cb5fd41b48e8fc713bd44de35502093

SHA512
90a3fd82eb8a18f3f5e2042d11a579264792f2446f35307a6ad9552fb38c63e07e346c9debc7807300871ebf06e916c781c4867aba26961fe28a52a25a8ca5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4334e3b392ef1d0_0

Filesize
252B

MD5
e5bf93d7eddf855188618771a68be1b1

SHA1
02a57c83b64e13281acee96f8ea150359c0250e9

SHA256
8029abde9d360da7ee998f1f4f652c2377de15dd6cb790c26ed5d33311d0c75b

SHA512
0624db30ce7b8ade0a037f2765d71d54bc9409a828dcb36e9ca1d65f4e2ca0b584500267367f5ab08f0423d3105b76df63b6dec7aff72dad7e962af3468d573b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d0aac32fc08a9aa6_0

Filesize
261B

MD5
1caef11cca8e73da80300303e61f8b89

SHA1
df5c06b2fc476edaa33a4b601da9f40f90ef50c2

SHA256
db42830ce31b49efa76c9183131310f940f85eb668571d88616861628f20051f

SHA512
6657bf94b8239b314be80c213e574b936dd0839df48babef398f166ed03567215bfdef302c097d96c40508e254999c96c4bdc6201dab64e38ed334a9104313cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d274497ffd13ebe4_0

Filesize
253B

MD5
8a22a21fd286e43c79f7ccc3bf902ffb

SHA1
da41d9735fda66daf546f0c3be48c65f88290184

SHA256
fbc793c472740a1c366e8019e85765bfec2ed53fcf79f9f3715edb9acd54d59a

SHA512
b118e32bff021ebc1a9b6e6e12cdf41976ab2cdb524648d164446b032af3c0c652c067176fa5159f85bad29075545d9abbb130c0c36917000c3a110daf229c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2ac85976b4c2532_0

Filesize
233B

MD5
6f20102615ee08f8dc52b1acc241bd0a

SHA1
2a8e7b222d605cddd1de866488c04cb2af95927d

SHA256
15b46498c91edc4a201157bf275aa70e25a2dd14cca9cf38d7d2ae2e4841aa3f

SHA512
25541acd550d2ab4cc2d9d8b9fa7f2dfe09506fa613717360d767f39dc29e76d698245e4d7afe78ddcb8019ab80630bea7b687fd4b3012488df62e6fbf61b4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6aa33a75240a436_0

Filesize
273B

MD5
ccb1621e84d46810afd02c6a224c3211

SHA1
b1fea0a901c8b92ecdff76815f314542d210b74a

SHA256
c99a88aa37da92bda88d5c22f3f1c1d1a652bd96210e56e28d90f593c49e6325

SHA512
f5ba591c52d8b16ed052e05cc1c7fa1b461f33f322519646340aa66bc246d2fd9a5e85e9c7b2894cd88b681c26797fb294a1b6348776fbf5a943eeff2e586851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8cc348eefeec6c6b90ede6607ea74cfd

SHA1
c961ce71663ef1e10c5788cdd6f3b6ba9f7d206a

SHA256
9ab0a82d01e5c1c92c34b31a3e8939d22b27b1dd34c41fa16bebbdd1494e46f4

SHA512
7b42b1e421c79d8a7d465da94fda470fdd1f4612308f18238b3b8cdd3a73db4681f4ee661eaa801be2b3fd500054e3122b8b03c903052a967d19575c4c626fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
8cc348eefeec6c6b90ede6607ea74cfd

SHA1
c961ce71663ef1e10c5788cdd6f3b6ba9f7d206a

SHA256
9ab0a82d01e5c1c92c34b31a3e8939d22b27b1dd34c41fa16bebbdd1494e46f4

SHA512
7b42b1e421c79d8a7d465da94fda470fdd1f4612308f18238b3b8cdd3a73db4681f4ee661eaa801be2b3fd500054e3122b8b03c903052a967d19575c4c626fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
34e717f3324aaa26a7d9f8223162ac36

SHA1
849fccf2c99a523f43fab021216599a227b9b53e

SHA256
db8dc95b6a8990457709ce8a0aabee23a47d82f432da8364e68fb1d81371fa05

SHA512
ee872c05c76838700d50044ac93ae3f55b76c9aa6e0421c3c1f114580fd426d637ee74becb39f6b5488fb19b8082237c65b6e9c61e7a3693e703b8af8db60e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
9438fef1621e83331de46f3665b647af

SHA1
b25ef2d1973007a3737eb33b4c76ac142374d206

SHA256
49afdcb5a6c1706ef1efb894c0a0ad492bdfc4331af38e5935358bfaa7a1ad73

SHA512
d92ac8e2e8e68fd94da886431b7458715611af9cad365f0fb807a8609e663e320aa0698de5797de190a78c57620c1e7f9a808bc5fef9ad0f04a0d606ff18780f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7179e4acdaa918995da1fa31641d983e

SHA1
877d10948d2a6ddbdeef3394e4f502835bd24426

SHA256
414004d6b585557f087aa1c8eb987887c702d6135b823a9187833027e0b77068

SHA512
58bb657435d8986ea679743dc825aea6d8d3a918f526465df496433a7b98cee4a1e9880b965f6961535920d7534ec93ebf82e3ccc7c40969d37cfa93974f91cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
235a9845aad5b2f87397942ca837e5ca

SHA1
8a1306b320589c57f7a991120ebfec6e5b092ff4

SHA256
aea3c99f6d3296791f89e45458b9b3e844834679e121b70cb8800cc647dfecb9

SHA512
f15930598f11a5a87c2700012922e2205aad6247a04c7c3d96410a5b2c8075b9df850db558707daca362d68ff92a4f1b2a769981b36657e6d20bbd086a702479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
851B

MD5
763814bbd59da84c5fb8dc7014e0af9d

SHA1
ee1b13b38972db9830c625f9e3feba12ab252e65

SHA256
09ef489030fef35644f503e87aca2b8b414d132d4cf62daebf5db3b0a8460ee8

SHA512
57a658689b73e23993a49e54b7e281eeb706aca633aebd572e2a749fee7f539362f614f0a7e0fede821061665ee6b0afdc0d8da32bd1f1aec8b94b73c5f43913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
ee6b7be948c52845b81cb101f61de671

SHA1
f1bd8a89565550ba42010ecb96bd0ff16cbe65c0

SHA256
ebed61aab08c55ee4cf2ad652ac8c1d7f59b9e1a40968941cc11df5c54a384bf

SHA512
9c198415c8170c8543bebc5bc9bc46401bab83c7f26f2065175951e3af128f16a2edb3f7b35a7f28828a9aaa7d5c595acccb58b8a98086bdf295c083e55891c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
dde0ce92246c013b7cd6dfc892c057b3

SHA1
09e9fd79a8311231fb1b01accdeeeefac310780c

SHA256
de06e28a5ad0ea433ecc1c7eaa6777f6ae2bed3836776c6dd44fdff05ea8ffdb

SHA512
28c50327bfcc2fc45eb843af3c4986b64212a67a7f3b57a33e847884d5f47b0d814b1c0f0f27dcc2250d142325d4d5db63d302e526dab5493635d8ab863ec5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
586B

MD5
840d4d0a6b36be6c6eeb5433bd6b9417

SHA1
565ded0805b5af9f9dedb2e96d3317a63b80ce05

SHA256
f0887e4dbd7d5257832723acc530d3ed820d2e89bc12aabc77d9fdb8fd3b1b29

SHA512
e95828471e5f192d1d876d1c14083c242c48f124c94cdda3097f404744d0af7f299edf0d0fffdae310ed1a50d89f2713c0be63663e17e14c14827bfd7dae8f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
586B

MD5
840d4d0a6b36be6c6eeb5433bd6b9417

SHA1
565ded0805b5af9f9dedb2e96d3317a63b80ce05

SHA256
f0887e4dbd7d5257832723acc530d3ed820d2e89bc12aabc77d9fdb8fd3b1b29

SHA512
e95828471e5f192d1d876d1c14083c242c48f124c94cdda3097f404744d0af7f299edf0d0fffdae310ed1a50d89f2713c0be63663e17e14c14827bfd7dae8f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
679a67daa313341e45043250732c2049

SHA1
e83bf14c5a7ba35cc78e3bf1d0d5c190909b7dde

SHA256
a602285d2330af38850e81edd0732703652ac04447018b31733404a7f83a9b36

SHA512
6131be063a732d633c144b76c381cfe5ca96356fe66af1d34232b28e867cd494f410659a04fc0a61430ab08f309f140d2947910bd019d70e559bdb827103d80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
424d2fbc697055c014a8c2ef3c792806

SHA1
5f3349062d80847ba40ff3a284147493bab4b7c4

SHA256
2f1cd612e1d3a93a6eaf6583431d54dea2b95331473ecadeb44ecb4d5a02cd8c

SHA512
93fa05affb1f95d33175a214d3cab51d5c41dbd168b2a9077348477d067742332aae4e0bdecd238779bca2aaeba448bf99ba2469344fb67fa654bb5daa62c883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfd8854188c930da80dbf2d2cf3650fa

SHA1
d95f3a652568c079b48d484430677b32e2ae5493

SHA256
b7070d453fe982ac7db654975d786ae442b35658d9770222e6db263daf2568c7

SHA512
0f38556f8d44c06420c4ac863e0960bda81df8899d9e1c82ac077fb95bb7fcde189d6de762817fd329da9738a6fd50a79fe72e6cd2a12c86bca558bcc2e87d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfd8854188c930da80dbf2d2cf3650fa

SHA1
d95f3a652568c079b48d484430677b32e2ae5493

SHA256
b7070d453fe982ac7db654975d786ae442b35658d9770222e6db263daf2568c7

SHA512
0f38556f8d44c06420c4ac863e0960bda81df8899d9e1c82ac077fb95bb7fcde189d6de762817fd329da9738a6fd50a79fe72e6cd2a12c86bca558bcc2e87d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e92e01c6632485c086c28ab66b4e9eb9

SHA1
880273fb68ea9b58e545c7f72a743675fea1a8dc

SHA256
78b4ef4a4bf3f6082b7b2c0b39224a80235047b19671392f5834ddb346261ec0

SHA512
36159d85d1c59d729a798651c6e572184e80325c7c9eaeafc7e1e020e91f64d94a8cb967b6662eedd94ff3b612627e2c2e5e71d4d08d9ef5633d3a7c6e306316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0ba977458cee639dc4d9d0c2388bb40

SHA1
eec8ab90ba1bfb885a9140836659828314100a9a

SHA256
dfe1160e2dce6d024c0fd97d3aefe86b934a66d4a2b910097bcdcc667c74047d

SHA512
0a71809997d347780247253e8d8ac2f1b63a04a270ceaaf387968a1e1af0fa247d751c349270cb88c2ede83b24519a4a50ae5ede37ef35622befb896b1579054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
e2b7342e9a57929df39b20ba9fd9fe52

SHA1
c2b31630ed3b6791b39d7e166c9005207f0a144b

SHA256
5669a5832574f1225aac2066a0944024f6fe9a61fa411f1e3e24334225bf8610

SHA512
1efcd1a964b72e7e232c6128611d0cb7d66efa2f8a5bd621e0f782095206a1fb054515c1eea5478e25cb942f08767f5e58f147b799bc0bc0bc460636280567a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
abd65d08d82c49029498834da40c7576

SHA1
7e75eaa5666383f4844fd7ca1a2e7d9e4ef502c9

SHA256
a4e576ea63453d3a0ce9d81beaf08023e9cd0723b8142a14a883ff1ea21d2b96

SHA512
47a3c461fa71987a2ffe01e785278d4af2b12e5816497e6295fac43314dc234ee9de2fcf05997600469724308086991dc36f34da016b04f896258f3c6f1bf2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
abd65d08d82c49029498834da40c7576

SHA1
7e75eaa5666383f4844fd7ca1a2e7d9e4ef502c9

SHA256
a4e576ea63453d3a0ce9d81beaf08023e9cd0723b8142a14a883ff1ea21d2b96

SHA512
47a3c461fa71987a2ffe01e785278d4af2b12e5816497e6295fac43314dc234ee9de2fcf05997600469724308086991dc36f34da016b04f896258f3c6f1bf2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ee14899272cf8191805bdf22d8d17f67

SHA1
e8be777222c8c9b4ae30380119e07512215b658f

SHA256
78ec803fe285d06ad3ae6c7eba8a5220363a4fc82dd0d8c986efc0a1c053a8dc

SHA512
0c1e9084a936f704d6ae1916ce882194da1e52c6ed0f05f62e43a0b8b7b524bd01858366359b96875d9adfd2a08d60d4b2d108a6572cdc20c83c7a50305521e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13335568159645382

Filesize
2KB

MD5
897cb5a06179f499920c1180d3e7397e

SHA1
76bc416518f19786ad93dec99087edfbc8c37b94

SHA256
ee17e5a40c1002d6d0723bcdad5fd49e90cbe55db27066cdec7ede77c9da2996

SHA512
0a032edf4ccd11d8b20a367155633853d05ef3d688a09449a24199caabfa9774220e9e0a83cf7cea704c150ee0df6abcc21e523235258d39ecb0c6ae03f31b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ef530ecd8b839991035864272c87d3e6

SHA1
411a5f80df739384aed92841370fe3325551f17d

SHA256
11fa1f7c1c5668c0356916e15906896a4c76eb616d8599db86d47b6281239818

SHA512
b84d06b8b9f4fa16c9ea31f6b6488587ce9d59b0078520fc8ddadc6cc6e1ae6759fd2f0be21392c77ad39d50cc6786607cade09b17b63ec09cc1e3e1327407ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
62848f2554a83fe85d08adc0bd98174c

SHA1
aeb7332c05c9e4dbbb2d8a312b193d743a39fca0

SHA256
36b89032147be98047b7bde4d252c5f8b537ca2ad4962b6ff4f66ef9f5d77047

SHA512
34fdec6bfd36e05e7fddf508b09dabae49d1ec9359152081544aa1010cae64fbe1287fbcb81799094dde688fa88104f295dbb5db6ec723b2862deda7b844a7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
af692b0a42760ccd418b6871dff1a2a6

SHA1
51adb694387b1da627cab4f960c440873bc89ace

SHA256
237d1c471abdb7b5d4cee770e2399f402fb6a5f7160445cc1f123dd10e30bfa9

SHA512
c58873dd03ef41cd6391bebf1ed8ad702b36af32bd914ef9dd6543d9d09969f4c31133d0a737815132dcc5ce00a1d0ac72b7bbcdcfdd3ac7c582ea45ba439855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
846dd62356d90f165cf8a514638b388b

SHA1
b87cde5f4a26b23a204bd40d17436e377c9ea6e4

SHA256
ef05c68c2714bd1a1ab5712d401221e65827576e0a14deb54591e99ec185deac

SHA512
e7589baa3d3ec90eda030ac224549f0b2cb52dff87944632b5f0f68ae9d9cbd446ba419f6a1a62cf1a14ac573812d3c9b10cffa44f78034a9aac6ba65e1a1082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
309KB

MD5
501c22ed65dddaed5bdbc9ce7199092c

SHA1
2e0ba70c3f1d3847bea484aff486490b157c8792

SHA256
30469c360db3385f64173156dc6ba4827dd65b65c5c4cd26aedbf224f2a8348d

SHA512
658461b6eaefc4f4dec8c69f1004cce52294baa9a0b89aef69048bfa7efb31028eb197bc4e5924131fb582a936693228ca6ef6c64e71f9a5e91d79acdfaf5c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1e7ba29b744a5a9ea46b2fff327fa9bb

SHA1
5a4fe3886be04c8bea03b7ab094ae1fa4a159670

SHA256
fed21902737cbaf8ef8336740219d0b5e0d71da8c852b2150c90d0a3e9b08c73

SHA512
7bb7b3db91b573d1b8ff9e5a0f5ba60627695984552acaa04358c48dac9de35fa445ce52255ac6643fbd3ebad187ac2520f2097aa0df98cb341df813ecdc2964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
a3b5359250e8ceaef6d265424c906d25

SHA1
2c0517a3ed45441f62114efb2e65e4de64d97b37

SHA256
accf43a09e5e22d368ba86870d4ba11b3ba9b70d37e44ab2a92dd45573addbb6

SHA512
e9a36afa84b29680c9550c2ed87733dfd4fac6e909b23e827fa40885fb66d9cea40ff3ad1c36de2e27e3b73c6a7fd285f6c821063d8a3cfea7586a61a6310d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ac448d374c378ea26b63eb088bca0e12

SHA1
f9c2310e874f2acf73f16c67fe957fbcab445c1c

SHA256
068684fe2a47e93fb1c00518a70fcaebc95f8b640680d2b606f72a66bd79fe1d

SHA512
500105ea9139078874e0c452e89be4f161809576198e1bf738b5e54b6e4444b30d2709ad75c15c525a1a8707216cf11a8677da50d3768d450717206073da4608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
231184a5a5ca8a5b9f32536e3531b6d5

SHA1
b533e343d611efb1ce523b2c79b40231ec32d3ae

SHA256
176e4c1a335821d415c9c49bbd7f9c8bb0f11ac37fd65a7606ee7b9929fab266

SHA512
7ab389a91e26669b13158dd3ea415a0fc0a7c9f5f379c1e0db7867dcc9ad39e6b5707502dac092e75b52db41b6851bf32318172fe84a4be94cdd33baf219d168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
da8d9130c8e70905f7d91282cf152893

SHA1
f83c26697eafe6700643f1d791aeb98cbb67e581

SHA256
740bb4a341e1ba6c95015df12adecf963e2e1bf5f54c964985f18e92f1385daa

SHA512
21853f676cbab7f9a76e5f8476ff7c3918811d0639491fceb34d710c3f569db46d0febd1941d203e982aceded450ce996da5e219755ce3248f0baa17f8f2d641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
fb8a025f831cda6c6b4d4f6055addeee

SHA1
7594f72e56bb98c8f9d76d0ec81983589223a2b9

SHA256
97489aeefb4699c5894279aa480284457656d367e88f79f80661adc9d8856d5c

SHA512
4d8ad8c102979a93f47b577485985556c9aa0d4ad60108aeb0006f46bb54a5708ceaa78ab6a91dc3cef395a57f326ed7cc91781f65f766c4d4e25d1429263b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b388385de2bc8fde3b48c4b670d73e3d

SHA1
9bff74980e26821333312ffae29a3389d9b83cb1

SHA256
4f62df30ca835f5cb68cdad88664c1bfecd57a43d6136fe67b9087043c75f4d5

SHA512
0f8c35def53c33adc252d62bb4129729947d7d7ed11266c2dabf124b13d1ef6beac1bfa6833fa275b4b98dac487f61ba50dd9c4ae6e0d5ed25b53447c7571461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b388385de2bc8fde3b48c4b670d73e3d

SHA1
9bff74980e26821333312ffae29a3389d9b83cb1

SHA256
4f62df30ca835f5cb68cdad88664c1bfecd57a43d6136fe67b9087043c75f4d5

SHA512
0f8c35def53c33adc252d62bb4129729947d7d7ed11266c2dabf124b13d1ef6beac1bfa6833fa275b4b98dac487f61ba50dd9c4ae6e0d5ed25b53447c7571461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c4a3e25af0eb451a065648481bab13d7

SHA1
01cae3cdc8ec1032408aea44a3ae12f6074d9531

SHA256
924e1e8b358324f726de49f8efe7c7cb3938a0a995eaaeabebf7a05ad708b157

SHA512
13480ec04f266b3edeb2694a4a66741d26207bd0f89018c5352087467a2bb092dc6fffb3df44b6426df035eb397bf72a4a99fd234e919ff22749dff1606b9d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
memory/708-145-0x0000022EA3BD0000-0x0000022EA3BDE000-memory.dmp

Filesize
56KB

Download
memory/708-138-0x00007FFEC11E0000-0x00007FFEC1CA1000-memory.dmp

Filesize
10.8MB

Download
memory/708-143-0x0000022EA3590000-0x0000022EA3598000-memory.dmp

Filesize
32KB

Download
memory/708-142-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-141-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-158-0x00007FFEC11E0000-0x00007FFEC1CA1000-memory.dmp

Filesize
10.8MB

Download
memory/708-318-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-144-0x0000022EA3C00000-0x0000022EA3C38000-memory.dmp

Filesize
224KB

Download
memory/708-135-0x0000022E87400000-0x0000022E87434000-memory.dmp

Filesize
208KB

Download
memory/708-221-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-202-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-165-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-139-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-140-0x0000022E86F30000-0x0000022E86F40000-memory.dmp

Filesize
64KB

Download
memory/708-581-0x00007FFEC11E0000-0x00007FFEC1CA1000-memory.dmp

Filesize
10.8MB

Download