4635c9af7921ff99b0941d3d62574d39c4fc15f4897471c68734427d6cb8c49e

Analysis

max time kernel
1066s
max time network
1076s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
26/03/2024, 20:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

OxygenU.exe
Size

2.5MB
MD5

2f2fc53950b5074a9a2856dbb0cad192
SHA1

e6fddad494269767b2f3136b1c5c5793c8d5c627
SHA256

4635c9af7921ff99b0941d3d62574d39c4fc15f4897471c68734427d6cb8c49e
SHA512

1561c200e2f0126e3b9d6a8e2e4658f428c3eed8eef4fbbad3c5edeec9c04b4331ccfd27985ee763630ccbd3185e3beec550dc7a3aad7d6a2b36cbed8761fb85
SSDEEP

49152:F26vCbY8rkxYOPo4gtUUxJerbY8zBkqXfd+/9ADqanUWjuh:1CbY8rLOAmUxJerbY8zBkqXf0FhWK

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3420	OxygenU.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com
199	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{96578424-1A56-4FD7-9BE1-924DCF79A7F6}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
3420	OxygenU.exe
3420	OxygenU.exe
752	msedge.exe
752	msedge.exe
2088	msedge.exe
2088	msedge.exe
476	msedge.exe
476	msedge.exe
1376	identity_helper.exe
1376	identity_helper.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1180	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3420	OxygenU.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 2088	3420	OxygenU.exe	79
PID 3420 wrote to memory of 2088	3420	OxygenU.exe	79
PID 2088 wrote to memory of 2176	2088	msedge.exe	80
PID 2088 wrote to memory of 2176	2088	msedge.exe	80
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 1564	2088	msedge.exe	81
PID 2088 wrote to memory of 752	2088	msedge.exe	82
PID 2088 wrote to memory of 752	2088	msedge.exe	82
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83
PID 2088 wrote to memory of 2912	2088	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\OxygenU.exe
"C:\Users\Admin\AppData\Local\Temp\OxygenU.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://oxygenu.xyz/KeySystem/Start.php?HWID=cf6a7940d10411ee8157806e6f6e6963
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb67603cb8,0x7ffb67603cc8,0x7ffb67603cd8
    3⤵
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
    3⤵
    PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
    3⤵
    PID:2672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:476
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:2864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
    3⤵
    PID:1756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
    3⤵
    PID:1232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3244 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
    3⤵
    PID:3252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
    3⤵
    PID:1144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
    3⤵
    PID:2780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
    3⤵
    PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
    3⤵
    PID:1084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
    3⤵
    PID:2072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
    3⤵
    PID:884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7016 /prefetch:8
    3⤵
    PID:3092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7124 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
    3⤵
    PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
    3⤵
    PID:4224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
    3⤵
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5792 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,11054762061824750315,17954598015486863139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
    3⤵
    PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81da77ca-a7fe-4402-b950-cbff97a58e53.tmp

Filesize
8KB

MD5
5a58f50bd114191ae99f00d74db8954e

SHA1
e759e722cbafa74f12158ffdd7e1f8fed267c548

SHA256
d89ad20e28e9a85afcc2913cd7a2290bad1f391c7ed21ad305dce9603a59ae9a

SHA512
9008d2d5bbc3a2e1ea14bb594405efa893cc5bec2f8473f314f3d4ef8eb1ec6374f11aac103a4bbdd8fa3f15e65df189b224243896e07563ffd8e145d61d8630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
108KB

MD5
01d099cf1c80e91732fe9b1b3a534832

SHA1
d0b28f5ab5f131a4347c20bda1d2370abc707c3c

SHA256
c6eb0413ceeb082e3790a9de028823568b31015eb26d28b203ae36ff7a79adf5

SHA512
8c4f7d5fa45c4a0dde905f0a22f9e82450c36ef833d93121c147965d35b6be086d0e964f39d156a7dba2304247e684cc365d62f4b93b880c397dedd9dd2d9f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
299KB

MD5
130d7bc0511c56e0494312ee4f828a33

SHA1
eecd5548cc8937e5d4fcc65074d6593cc52faa64

SHA256
5a49f196d17f458f02697269fb37e1ad354f771d7438883ef83aed9b2ac6e6c1

SHA512
e4a2dd819563c9a857909ba8a091da1b5f9216c4c780789a10319336f6d43ecdb9a5a1184fcc333b66c404985a21415f6b7318d85f2af997cf2b9fc227f4d924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f87c216788311d62fa4478f3ef48b25

SHA1
2ccde90800f468bf5db2f2c8edacc56884e2e387

SHA256
db854b81172836cfbe8e727a43d49203b280726a91307c29ce5491f712f7337a

SHA512
188044c7687cef5a0faa4e4e5f34c083bf3ad0b637f4d41b5b4f42814e3789f78ad02578bcded8eacd53feb36b30a9e90e7f32d2e414fdcecc34ab72957388cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
846c0bd112b34fe03ffd2e90fa4a286a

SHA1
85bcb972783f77888befcc43e987acbe3579f356

SHA256
670269a621702e7b2e7fade3a311dddb133a7dc2c9e782de0eb54fcbf43eceee

SHA512
4bf2058f57ec80cf7b5781b6f9254e429e7e3741001cf868264638dc25d1d588cd9e3e6ec7cc9ddf05a36b2f034b180fcad422b9f10133e22083a4b0c39a6f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
36bc4aad884e47dd0dbf94de7d64c573

SHA1
ffbd705b92e06e1144b5b445087e4f705f7f2af1

SHA256
c8e50dd9aa05073cf60c5ae4d5279434f6d4a79d917a3c7d8f7d6f4eb12110c3

SHA512
44a4df3e4bc44129a0945fa1cfd0c0382238733c48c697d16c05916d3fbc807c2dd8eeb20daaae6787f6d5c5e7da1baf19e9f55072b91eed688505192eec0a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bd92c4dba2ee972f883166b47e6b30d9

SHA1
3b93991e6548a6bd992fc97cfcdb7a2b8973c7b0

SHA256
9e305567e9dcd42979f6d80a76a1bc20957faf45ce2f6291d08ac6b5d956bed7

SHA512
38b15f5cc2a8d67eb017e62f94679da7b2ab1e1a58a2884896892f7d27ea1d2cdce1aa1a56b41c012e7a90d337430094f3fb0e4e42cbd824564eeef0b9568730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e5cd3260c914a519f22cc423a5cc9d97

SHA1
805927683e5b6f744a186b5fa94bf912c19ea3a6

SHA256
556d9e6f9dce00c04262de82eddff51a3d83c8eb4a6e1281b5464a1a7c5967fa

SHA512
0d4c07bb9a2afc3d6d194df6cf46e1037bb43df2662e0db129758bf357f2388c53d8fe8726a3d450215451b483aeeedb7ac8f2c822938a476cf2c3455d72c271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
ed1647055e9c02353cb4d0c8fb9efbf6

SHA1
4eb36378dd77f73f3b796d30c9f2b21ff15c0ea0

SHA256
910926426b307e08ce400f554128cb91d55167cf096eb29f024f0c0af9ffe50a

SHA512
0cb6696fd0f2a43246e22534f11c4ae6743183f4fa2a9d4ab029157a71aff4ed6150ff78c68c46efe35be6f484f6dc58b22f32128c8b676249d3ed6bc2f003da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
af55bdbdf480e34de2ebc18518084132

SHA1
fbf2ee6fd3a81aeb8612cfa588e3669c44dd7934

SHA256
a787306286667d5e7f4122b4bf37a16eb9bb340c748dfa2a7dab2872027d82c0

SHA512
98e0f565addce7367f4d9f8f7a0a76f1ab8ee7c673240955b797dc95839eff2eb34bea8836be3e7192df709a39b1b6b67e6612e985fbe2b022f5277d6a5bb49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
49b7ebfed26b767dd02dee47ae469cb1

SHA1
7f19ce0c342d306e8a65c1348d2604dccd6dd82b

SHA256
629e2a380e6417390d65cb5503b2a70f6e2ea3b5f6c9dde3822b4e5c31ce08f0

SHA512
86861e43ab3a2400e1d9c5c68f7784d5bb15fd7702963002234e11618489aee0520b517078f5652766f8c87ce27fbb31985e604ebe030f26e237f29bcef66c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
538bfb6230102cb0f0918f4781b98f90

SHA1
d5c2fb44e75b22d7c5824dbd79b751b368cf74eb

SHA256
cc27fca857674dc02d5e5203b4b741b32e232f689c4af6a06410031f1286ea90

SHA512
0fafdb80c81e7551faccc9bd352808a6c620330e9173afcb5b710a765a63bb25222a17378ca8e4129e622fd1f36a9572139936a273fc4d337c4f7ddc9732fd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9098523bece27eb26affb2040555f102

SHA1
ad603d280cbf60735a2d7d469045c98198d51298

SHA256
e90a1d1b8c2161285ad8038e5a3c03c510c754117126621d639eb658c4d9ffaa

SHA512
8af393420fdef9c9ea9f315b2c1edd6f7dd4260f5118f4441a86773f94639b22cb12236e64a3090241e66a81320d06785a51b9b38963bf39131271048ed7ae4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a82c8cf3cf0356be98e548287223607

SHA1
97a2b9f83505fd345902ef48387c3a6faf2e41eb

SHA256
963a71fdfe00a6ea225cef0418752d60f09b9c1e2032ca60e07f3908f9ded293

SHA512
14565596f7cf3064b5f195336e3df89baed7ffda9c6c5219edc225727361e8915ed8709fd4be2c929928bfa80995c817e1a56eb099361689c04749eb75e86cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c6b3e165035602e8efd6dfd0fc3ecb71

SHA1
822536c042f972f4bea83a5dacb32daa40c538f8

SHA256
fe1eae4696db5926fde5c52f02ff5fe5461f884f5276702695c35f8865c0c9c8

SHA512
b48a9a1d26f52d0b21a6e2b62638f97ed1ba41aa6ec31c12d9cf27bcb13c596b51ec16c90ec01f15ca2b1af4e1b38aad164db47533981b145ac015cffad1fe04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5a023d37995f5d5b3d05516ce1346458

SHA1
a03fe69b8e5c5506aa0b33fa9f74c532ce260324

SHA256
893119d82e33461908e09561e87b4fc664fc3e85451d27edf71d47e34d630882

SHA512
ce1b4ed5b322192e432a00dfc62679c94ef94c3c7831bdc005f5687eff3a2266b3f447fb89a468f5dc0e0f6b51e2d2c60a84800baf4e55d4c4c992aec558f82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1844775622ad4a9f2c7cf2115fd68c31

SHA1
ed46d97239db071111c6090bb952c5c807b59c15

SHA256
ddfdbcee1d28b8b1335fea28200433418d5307d645ebe313d8f293d79d6b0fdf

SHA512
6bf314017870a97ee9622105a18f427f995fb04344e92c6a2468e352133e25b71c812f840e1bfcf0c438a1683f4f0acb06cda9c4d02c5cb5cbca9425ba83882b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67fd4e58339e621cb6c3ea28aae9c18b

SHA1
c03b3a21b3f8485873f2d3f52dd0ec8e5c215bc7

SHA256
8d5c1dc0d2ce1218ddf53195195e24ba1c383d5bb1cf79f34f39bbad3c44caa8

SHA512
688db48132fbbb517db6201ffc504359e9d58486b1c5b1df1af4892d2e9b1eb20a88bb76ca0f60e084beed7e963faa941047590c321734597a132ef3771a6ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05c43622db9768fe4b23ba9770879858

SHA1
9d30c54af7cc5fce76096bfdf325365e65cef70f

SHA256
af0bc5886fcd5239efaabd62adf8e0b100fbf7edf408bb598348361b9e3886f9

SHA512
8193daa4663497f2b63c7890c3257f0e4fe17627736b5c8f71948a03f15c28f30fb7e6ed140e03c5e657241a533c8f085716cf084181a8013161bee6c8a5b989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a558b1c22900c9be813ae0ae7a0fe98d

SHA1
9ad30adf85c60de41ba00347a90e125b011e07ac

SHA256
ad933ffdb88efa5d50c81cf91a12e531f0f44884458c646caa9863958f0c89c6

SHA512
10b28cf79c6e2eb5a5e8155f6550364a579512f065d0a6797848fac8c36dfe07e428fd3d81b0f9336aa3b5162c084842c6726b167ce6c77402d9363c318f8e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
37936e5dcabfd97f997afa4a8b1df2c2

SHA1
118b6938b605ee2bd2b12d4198e5fa4804869aa2

SHA256
cba66c509154eb72543e6ac3291109ba7066ac2e2f590e50c399e85e7d16fecf

SHA512
8d471d81587fb6dc59af752b439d09219d747593b7f0f2b8bcf458826c85b1332aae4ddce98d2f498117de64b6bb329097a7bf744d75a4d0df201d9565c73fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
117306cf95010eb3ec7302f5075fdd40

SHA1
bea0bd0c18bb7b29d64741cad3ab6e0b8d84bb56

SHA256
3b85af229a507f8190cfcf4015ecc7ae0b0ddcaec5fd09e6bcbae436d14e590f

SHA512
5f4030f1f54f92304e94df13c4387e502d94285d1550b30f48d791e0c9644862754b422c6d0caf5ba57d45b34640b03ca1b4ef0f69e8229f8c8a0da4ad43d135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc58488670ea4a31a42e645b0f0b9641

SHA1
c27c0b0ba60eac45c5227e48c58fe989c934b311

SHA256
ea802002ec95cf1b7b3096db25056fb602404ec6250b4fc7940a8a8aa158be19

SHA512
3e10bf9883db217d245055f90cbd3b678813cc065bc12ff80389f8baf143b506060d14774f86aa6916ef33df4967bef4137024ee84b67d1a80744ae35af852cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e39cdda17f009f7357199ac3e767928a

SHA1
99ff7e618417751b792a9cf7c707ca86c1bbcb60

SHA256
16f54309f00d54a1691f82e12d756e61f398f08aae07057f3b4483be5ae9e3a7

SHA512
50114f3bc4500fb5ca0d0299c49faccdb32e13ef485f75e14690b6567121ba0aa2225549389dc484b63cac6d7319642a5219785b4bd51b15468ddb3a4f943bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a01fcf2f00c3ee34afe0b5d68274307f

SHA1
d928fd12571dbd3687175e2db5c1dc77d5c1ddbd

SHA256
8dad9d7689d17609b2a6031a9acb8603181c621829a3557c4fd0935dcfc21ece

SHA512
26eba46b415800d9e8d3dc217d142aacc9b62fbece33314d642c02ae2019768afbc743a4fda1ec5bc8bb79c157b2f8293513d842382343515de3d5a7261ea870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59cc76fc592b51614032b17ffe27e005

SHA1
a3ec4cb36227637e6cb59c7fabefcb2278230e51

SHA256
793c67f299b65145a558be2fe79ac5da58f6d688e40645253b5b97616dc6d53a

SHA512
1bb518c34599ff377126ba661fff3dc8b63e04b2935ea82aa518f35c8ecf6d680e392702e747208d80ae6911f290888ac489c929461d34be195f173ee5ddd633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
08badea4d21c96bc2f4664adba6bc74b

SHA1
46fb036ed18d2a1aa013258758eae59ab39346d3

SHA256
ff37199dc75ba44012769b4ec40f0d72d98840812011aed4e1be8966863336ff

SHA512
78989149fe9c92cc350a0b479c0ed08cb990ac2c64bf2fe83a0d80fbf80f027dad4855fe0318b3a6f27bb73fbf16d6d5afb3c2c70b7e79c491f3ac936939062c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\ceff252a-d85e-45b7-9b2f-2290e584a344\index-dir\the-real-index

Filesize
5KB

MD5
4a8222c63782ec604295e3fed1a918ec

SHA1
034a9fcfb29d45dc4f55b2378a0918cd704ced80

SHA256
9f1387876e450e1cdc669eddb89bd055dfc3ecf04f9de1dc5528bceec16aa9d1

SHA512
b0613ff0955d5946ebc0a0955f23df2f227c744c8f5afb4b7753607d9e75d22c17ae1e98d18a1a90df09eb722e2767a113ada6f1f51a2f2a4e4526eef8bf1aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\ceff252a-d85e-45b7-9b2f-2290e584a344\index-dir\the-real-index~RFe5f0846.TMP

Filesize
48B

MD5
5ccf5a8e02184160387f5ff2a9391adb

SHA1
8a720282d5d07810f7b46210c73c3ac361b8b0d1

SHA256
8dd99f088e44943cec8e591bab76cea93fadc8a0beeb162ccab6ccdf76b409e6

SHA512
d04dc4d5d0f0cefe45c3a858914898c499f9239838d29c607f1fe5e0d45d260392e2359913dc9331c39da0913dc71f52d3115549a2c82a374e310b0ed5ebb5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
57cdf285d380d59fc5eb69bb73081537

SHA1
47b3a72ea5a2be34928ee9a1f4a166acbe2525db

SHA256
eedbc722ac1c9c8c2229b568ebb2b8be1a4983647d588c1502867fa92a2872eb

SHA512
52ef5d93e53ed82722f796f5c0a527ce644916dda657d5518eaa8a6a26285ebec8b50845ff43225476130caff0aeca80a50b2a7715c86af527ac27eb9b7d25f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
8a07bc10be17dfedb5894ae948f600c3

SHA1
22fb9570bc37ac319ba4e541c4a1088ed9e8e3f9

SHA256
44a105a151cdc15988f373f9ff8d3e2bb9dc5a1b7cd4e110078c256b4920d875

SHA512
e4444ea3b6c48511dbbaad6281d02972db96cf0e5d87b27ba374807c1661e5d5af8f5d616e6a34f71ffa0d15ea01d9da035e6c36ff79ce953d513a95d71e38b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cef256a4120f7c4410101302760e82ab

SHA1
485f82b4274db047d45a24dae60c33321009a572

SHA256
7a31246729ea6af38a55d80aac67be8fd5399cdd136c2aa53184713a10bcd796

SHA512
fb3c1d5e611281e045c6fc676bc0aa886a8f802b22413d685dd00343c657aa3cd2d40a3f6ba802afb10bfe8962511bd5a4a7731a5ae134b7769d1de0cc765e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5de7f2.TMP

Filesize
48B

MD5
d891d1e494b2edae92e65499a233b9fe

SHA1
02224ee4015a2c16513422196e9fc7fddf3507b2

SHA256
6f9289282abe732452f2dd93181e8deefd67379b0ce273b49289a2382544ecb1

SHA512
d45b2661a836ac18f56f6e3f135233f45ec8a84a653f39ec75f19d75ce4ad4bca60d6ea24024afde8eda7f659bfa59c6e4753ffc70fda98f89e5300e257a1148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
533ca53430e361cbe065994b916e2539

SHA1
22c30e4e4e26e3aeb6cf28b361012f9e8aff1c8c

SHA256
9f8cd2841bffd6f463c72decf55064898faa26da60ea0e7b4b04a36dbf7a247c

SHA512
791905c9f9fc2466502f0b5a5aa00c5e78121d6033b00c77db19a3b48eba951f5b0ed686fcd4917427c0c04f65608ae610c3fd119f3281424c0fadcbe3d857ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
969a2b95c065aa459d53929653287f05

SHA1
b52926e70643e46274f2744d4587e8632b66e485

SHA256
b40d5b53c20d54adb3aaba79899ba0b19bcf323578d89eed498491277e4c9ed9

SHA512
08bc83dc3293748c72290ecf5a380e7b73adfdd8e6ee3c9167beafba3f75946efeccbc0cb3405fae808bfbf018c03c177d05f2faa848776ee7415277498de578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1086e850fb15b3e6a045155e0ab377e2

SHA1
a1492e59ce4916f3afc456296ff36cf953c195ba

SHA256
beae07c42b93edb84497a4a1aecdcf4be225fe16bd1595a9a2ae29d8f2869838

SHA512
23c98ed7da9b639b53deb2e4143fb52edc755f8c9d88357ab2fd87d322a04bad04e55881e5f2d055f8e60756e2adb704ff1d0ed0f148ef476c65bf65433ff545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
68e396fc482db8839c581c310547dcc1

SHA1
5c29cc2a70d8b24cc8680c56acfbfacb609cd9b4

SHA256
cca9ae862897b0875a3eb253ef3f791cf78451c4334ba8227a6bea18121eddf7

SHA512
5ebbe913f53ef3ddf97e819e1296b123bba73ce85854629e5370eb612100383a1fd1276a4205691fc01a2221367501f15f375d4a66009b376ab9d66e77f6d1dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7f5aff661667a8f4a066866f9b9fe9a0

SHA1
d61f3f9af55b808027552be10ef0a9d689d72325

SHA256
45942b521ac55fc8f21203a57255087f31be9f7070deb8d18eb14da66dba56ad

SHA512
3cecc3742f3787ba4fd0b4440bc40cc48826624f7cc048597b406254ae821127ffa35b22dd04721ac8a80766bccefd198c316f240f828ca047ad1daa6438b402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e34225047568593563da70ba717ba0d5

SHA1
9d42c8ee5b79c579261b17ea68df07b534c83528

SHA256
a31af30ab6b6e40b87d850322499083143cb0d33a6bbfb84c662f62f52bf8e84

SHA512
ee8d4830e91a4ccc471a05790761c9b8cf1443a2545a0db920a37b83b1caef8d4e08d76090aa37dabf3c111f3b8f0be92fd4ab75940c4b8d2f2df6335a998174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e0f55ce2a5887288133807f78c06508a

SHA1
886b68761b28bcb0b0b010e831e4cdd7f6bd2730

SHA256
27a414a82d4979db04b5c1d9f9c974bc6507bf3741bff00e1352b73521f5cbb1

SHA512
b14795c665b0583ac10940920da82af48da1e1fc9a9165bfda4a4c7a4826ebbd80b539e7c95647f30406f59aaad442f476be7f7fce75fbaeff67ecba34d439e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5b4785c364e3bf463008c3eb2cc6f35c

SHA1
d936df9f69433da7fc4f7afc3832da7d7598e9f7

SHA256
9427dd5611bd72ed72a874e92081d752ee43df54b752f416e000ba0198d4fc33

SHA512
2f57e68e8e1786aac21102b07e041fa3bc2bec2d72b0ae605a7226a7554e60945b0d3903d3d54fb7864bf79e6571b5688c9aac2b41694998b4d66a0e0b35f82f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
639dd6a3dd69f5d569518f4f6234869c

SHA1
c4e594b7c67ad688f387440820fae1088f30f40c

SHA256
a395014bc658465a3b3c3ccc138d31f3b9ec77ecf7abe15a9204b2611e711a20

SHA512
06474355fe5ece4dd1aa376f3a05756ce3ac7a4712aadfba41b7ec1110894472c47518a61abf6f282d555816c8f35159c59c8abc6833c193cb009cdfa730f733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f797faf36c216f6543ff078f239dce9d

SHA1
02b045ca70ea9f4b7f520d102885fb4d605d3e84

SHA256
f2261395d2d8b1f7d68593bb278d76a7c55b8d811ad399b518ce91b5d6bd5687

SHA512
44737130ae72a7781d2b9549be9c938962643f2db5e64cbcf9cdf409bb30616551e777b6d88dff18256107d86577fa861c182db6e2461f0cbf4c300110d0101e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
18bb2050aa02a6c13a952da2d7ff9051

SHA1
8c0aa89678826522908500098df3fc85e9cd657b

SHA256
c1ba0e5c0da7546b6998ea1224efb54871001b4c265e2d507b943bfcda501346

SHA512
9926e13181e6bca93dd7e535e74f2c56fcf1109ea0dfa68ae8156dbf688e6a948e7fcb1207ada5b30945a27d2711dd12cafe71b41a2afd50fcf5a84a0e6bb88e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
372285e80dc83cd1914cd393b62ca164

SHA1
bb6271e20cb9c17ce071b87f2471276bc2d0969f

SHA256
ce709729793225309b266af33bda9c7d2386bac33ab3cde3c2cc8c246f00e770

SHA512
96905e7adc799eac46991e1acf8a3e97ba72b5ad43b47ca9c230645e5ef87e444e4c3d71dcb912144419747d2e8bc0429f3ed7ce2b583cce713189104f4fcc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d25cc26ee45dff6b2a13cd03e89df52d

SHA1
3482178cfd69933f53861fef1d45a312b8bbdbcd

SHA256
5b07f74a7eb0da5203bc5c38557c6b84ad86340a9047c048b55814ef5a89923c

SHA512
ddf33e77cb433510744318b41dbf6efa737a4e0f8b93f8492059e1efba4c0d93d63aa0d34487b4d1942325e4254898192c3e9b93af9bcd5594b356001c1c89f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
7ae255b7cfb2cd56203bec622a89e054

SHA1
cacfb2abb70be6c83b0128e03c098ac086cf4b05

SHA256
ba392f66e119a557c777e73f2f80c51a082aa3a519800ed5dd0e9e47eb3371fe

SHA512
a20d635088ef80b9cfc5680e6c30911952d1c5c022ef81756a105f6738d2ca2c4ae7ba88bc2c7c5ec252dba8e0ca02187319fa2c47a510e9872dcc1788184fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3e96b2adf05a002c1796540f9cc2820a

SHA1
9f8a108b2438a16ea1063d7c8ee715d3bc97924e

SHA256
6a5c24ab94552fd9f7f173ea5faeaa6deed16088dd79d1fe290a274db2c81474

SHA512
69152e893be226f945858192c90486de97311fc051b6ff339b8fcfcd44619c3d777ebf078d72b4d98dfaef4d57103eccc13caf7ea56eef2a1aa79bf9ffb58259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a30c1e213b0139ee6e0b6656db3f7c44

SHA1
d316f8f8ba62fd85f3aa49ac6099aa37d1b9a60b

SHA256
1c888c0a7320508c7316899fc856ba152f2a597bce691626431cdb7f86a01b22

SHA512
594f1c51339af97c8cee02cee75b0332a135e63c4b85b5fdb28c223f0bfa02e676abd7dbf51d8792f43ffe302b6c6decd3332495e4549dced3bcdb94fa9fa058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5629c5d55430d704cc8cf4f12294788d

SHA1
5a07a07649866d191c12b9f607027706a967640b

SHA256
c44079e03b138dae3749495a2996bacfe7e6f09039557df73c72d1dadd14365a

SHA512
5e89e3773f4c053d09a55000703a3142a2378236d2e7a09891cc03e28678140e74422e796058dd0b3f625188df7c2da7c536a63f6603f11d150410cabe1be3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
463a8abcfc1054955fd369660f4772be

SHA1
d44e300d9260123465b28c0f365579744c696fbb

SHA256
28a9d9ee5f23467e5ba688174ec704b8ebe82570075f947f158d6ee48ab73ae5

SHA512
c62f69ca83398f642a768051ed7637a59575bdbdb6995e16fc84211566bf0a03cb9a6bb19e6f523d518d9fc487a2f4adcb7460861b2ead8974d578d4d5660862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4e6ec86a85c1f81e2146b90cff806a4

SHA1
0c0de570ee6692d2118ebecf9080407772f81dd1

SHA256
35475f0883c4184c54203fecc9ccede1ea51f4a90ec0e0360a11816f5fb0db57

SHA512
8d6ed941a3caa33de9d2675b8371a3a90d5bd46c65c59b2c35b078e9de98d1d0102da0a1c5ba4973723e7967005581794a0d06679c9fbadba927ae8bc963ab9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a1a30.TMP

Filesize
705B

MD5
2e196caf6bd5ca6479236dbfdc9afb2f

SHA1
9159133531cff62d3ebf42f59d43ddf149f23bb1

SHA256
92f46b69b28efe05b58d6178c1baefcc41890c2f8b5697f34c4027c6701fcffa

SHA512
f154ef442fab8a2dff221c3f68fc3b0eb6be5264321bbe0d778b20d50a122713c1c863753b2eaacec3671aac74f8ce6baac8e946729eb2ef9a4b5b690a8a4011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fdc425e3-c038-4357-9627-dcb3c4f96823.tmp

Filesize
4KB

MD5
da7dc006e94a6d5b060293a9661e5491

SHA1
2e9396b7c95503a44373d4952f7cdf5dafa67aa9

SHA256
bad394376946a1a2b9ac039c0f06503c78b58bfaeb58e460bd58d950aecbda59

SHA512
855be4d1e1a16196e9ea13b9c82a6d24e046f1a2d72daf3257690e3a2090c60e0cf5fd62159971408af0faf3bbdff103395fdf0cbb95e209d8206934ef40b2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ab45130ffcbf52c243ea7e2b07919327

SHA1
7392d98fed8cadd50b73613ca14f29f507861537

SHA256
27f5f9a8b073bcbfad0bc782628de121a871acc85064f1b8b64f601d7f5b3a69

SHA512
b035ecbe27e5103b404916a09d266a37fa61e6ebe2ce4d429dd0fe77f3b0b8a032f8d132e2340b9951699f3ad587ad0e9e7fbbeffde1afe68a99eaf4ca3067e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7037a3fffa36c9812a12630f4a55a7e1

SHA1
f56e69ad9a0eef5532bdd2a2070a78f52c25d223

SHA256
641bf1319ce319b71923545c4e94e34d6f1f47dd3621cb8e54710319bb5b3ef9

SHA512
5c34e08b6df9bd56e5015bc70a24702846319da7eadd5dcf77e1db1f9d52fc765c3a9995e188100ddfdd4d1ce0b27fa242cff532e5b318cac680feda08decb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c8d36e652a6647de42956534cd7895a

SHA1
836644b8f91a2435467fff5fc6ddecc6130d930d

SHA256
ccf67348f87a54ec21452b5099315cb08036300059b89969eb9d8777b3a0866f

SHA512
e6bf93b3dccc7c61df81d3ca4b54c42abd973b057557c3464ec397cd8c6615c7e4201483539a3b4459da27678298675bbe5dc21ac13d1efbfac26dd3270df2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
862e66267b870a7f199c192c5f05f5e2

SHA1
19f3f6d3e47fb10b00ae149e0772c545ae3e7c5b

SHA256
94ee80fcf11e8e32a102b99124c516b156096173ac6739db47490bb491b0d133

SHA512
48c84aed74eba5c93e85bb535bd74b986fb3f418f919e759fce8eacc821bfb252ad097cb0a9379ad6b327f75152af4c1ffce10ced9c3edd7622fd5497f960b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ebbbc506e15e8ac078ffea6d28c34d7e

SHA1
da89ad686459d2fded0dbaecbdfacb35b2e9af7a

SHA256
b1c0edd2e4c759aaa6596b279fc14d54e3f7261012a4335d18bd47eb94e487e1

SHA512
d70d2f3b571c10992a9fb88f49d342932bf5ed0bcfc6db446457f46397155ab61b09a83efd6e6138ae40d24448d5f6e7c855b11becbf688461d968737cb351c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\OxygenU.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\OxygenU.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\OxygenU.exe.WebView2\EBWebView\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\oxygen_auth.dll

Filesize
3.4MB

MD5
5d6a98beb99e13cc1c5ed92130bf48ba

SHA1
5bc0118593d1908d874f3640f095c82eb5ebe1e6

SHA256
088242d871fc095a4a86bad96520a34923c7a363f7d272a217a136933786993f

SHA512
bbc5f3302c870ea9f51920f5e19b930d6016b05e2e52e577befa76faaf57f1b656b92fd85e8ba54532874780b1b36cdb3d8acc1277b1b7341aab60336d20120e

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\oxygen_auth.dll

Filesize
832KB

MD5
3803be11df481095187f00366525d250

SHA1
c8375d272e0b8f2dabb237a8a50be7e68396acf1

SHA256
46acf528cfa9e3954273687a3c12510fe8be9d9a8cdc45bdcc52f5b47b26e9f0

SHA512
c3ce85de4939a2e5300c67bdaf696d7ada5f3f30db2d73d772588ff6174d614f792895218a0349a538bdf222ebe0455fb75a3458e46560da36b9450172e5e415

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/3420-2198-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-2222-0x0000000006D80000-0x0000000006DA6000-memory.dmp

Filesize
152KB

Download
memory/3420-2241-0x0000000013F70000-0x0000000013FE6000-memory.dmp

Filesize
472KB

Download
memory/3420-2242-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-2243-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-12-0x0000000000CD0000-0x0000000000CE2000-memory.dmp

Filesize
72KB

Download
memory/3420-2221-0x0000000006D20000-0x0000000006D28000-memory.dmp

Filesize
32KB

Download
memory/3420-9-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-2208-0x0000000006CD0000-0x0000000006CDA000-memory.dmp

Filesize
40KB

Download
memory/3420-8-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-472-0x000000006B770000-0x000000006C09A000-memory.dmp

Filesize
9.2MB

Download
memory/3420-7-0x0000000074700000-0x0000000074EB1000-memory.dmp

Filesize
7.7MB

Download
memory/3420-473-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

Filesize
4KB

Download
memory/3420-474-0x000000006B770000-0x000000006C09A000-memory.dmp

Filesize
9.2MB

Download
memory/3420-6-0x0000000009480000-0x000000000948A000-memory.dmp

Filesize
40KB

Download
memory/3420-477-0x0000000000EC0000-0x0000000000ED0000-memory.dmp

Filesize
64KB

Download
memory/3420-478-0x0000000000EE0000-0x0000000000EE8000-memory.dmp

Filesize
32KB

Download
memory/3420-479-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-5-0x0000000009460000-0x000000000946E000-memory.dmp

Filesize
56KB

Download
memory/3420-4-0x00000000094A0000-0x00000000094D8000-memory.dmp

Filesize
224KB

Download
memory/3420-3-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-497-0x000000006B770000-0x000000006C09A000-memory.dmp

Filesize
9.2MB

Download
memory/3420-2-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/3420-1-0x0000000000350000-0x00000000005D8000-memory.dmp

Filesize
2.5MB

Download
memory/3420-0-0x0000000074700000-0x0000000074EB1000-memory.dmp

Filesize
7.7MB

Download
memory/3420-543-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download