agenttesla | hxxps://github[.]com/extatent/Phoenix-Nuker/releases/tag/Download

Analysis

max time kernel
570s
max time network
573s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 03:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/extatent/Phoenix-Nuker/releases/tag/Download

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2344-253-0x000001BFC4A30000-0x000001BFC4C42000-memory.dmp	family_agenttesla

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service
T1102

Processes:

flow ioc

309 discord.com
333 discord.com
945 discord.com
947 discord.com
308 discord.com
332 discord.com
925 discord.com
944 discord.com
946 discord.com

flow	ioc
309	discord.com
333	discord.com
945	discord.com
947	discord.com
308	discord.com
332	discord.com
925	discord.com
944	discord.com
946	discord.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exePhoenix.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Phoenix.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Phoenix.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Phoenix.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1132431369-515282257-1998160155-1000\{3B930F50-E48E-4914-B9D8-763514DFDD9C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
2472	msedge.exe
2472	msedge.exe
4720	msedge.exe
4720	msedge.exe
2980	identity_helper.exe
2980	identity_helper.exe
2336	msedge.exe
2336	msedge.exe
4132	msedge.exe
4132	msedge.exe
5184	msedge.exe
5184	msedge.exe
5184	msedge.exe
5184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

Processes:

msedge.exe

pid	process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

Phoenix.exeAUDIODG.EXE

description pid process

Token: SeDebugPrivilege 2344 Phoenix.exe
Token: 33 6040 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 6040 AUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2344	Phoenix.exe
Token: 33	6040	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6040	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

msedge.exe

pid	process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe
4720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4720 wrote to memory of 4800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 4800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2800	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2472	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 2472	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 5052	4720	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/extatent/Phoenix-Nuker/releases/tag/Download
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb179846f8,0x7ffb17984708,0x7ffb17984718
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:5324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5456 /prefetch:8
2⤵
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
2⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
2⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6292 /prefetch:8
2⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6276 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
2⤵
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
2⤵
PID:3332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6252 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
2⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
2⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4744 /prefetch:8
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1
2⤵
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
2⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
2⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
2⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
2⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
2⤵
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
2⤵
PID:1732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
2⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
2⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,11922086100477305019,15531189900191496499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1064 /prefetch:1
2⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5948

C:\Users\Admin\Downloads\Phoenix\Phoenix\Phoenix.exe
"C:\Users\Admin\Downloads\Phoenix\Phoenix\Phoenix.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://dsc.gg/phoenix-nuker
2⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb179846f8,0x7ffb17984708,0x7ffb17984718
3⤵
PID:6072

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
29KB

MD5
f94f670f4f78972969342f8a52fa0424

SHA1
f907b2dc132f8110e04130ba736272762ec39760

SHA256
eea7d75d9827b7d6f610143d3cbfc7e1c83da9324a82811692d9a7223771248f

SHA512
b038fe9cfe7a5bb571115065a280aa21d6ac16f424e692bcf93808db28a047e3d555ab30da4af4130658f8233b5576069a985669e05734ffda7f408f356d5b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f10f138fbe8b41395cbe718165eb674c

SHA1
46c090e516b5e63830d1c6527738c7d1081d7544

SHA256
d5fef01f1fbd52cdff900c284a7a84cd193318cb9724f6d9539ff7b6bbae283a

SHA512
8fac687b17dd61b9557cfc16c9d02f9e4af1d50be2a11c44b1c20ec6ea149f6b39c4264bdac59d34dacaf9b29fc1c37e96a19cd2bd26da53c56956784057a03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7abbe5b322318657dda03b3feeba0373

SHA1
12ed5c17eb91eb6bafe17f101da5a44bb2bd929e

SHA256
06b4e52ac30efdb8ee38e117f6f5636638926fb6e6495ac951f9a5f67fea26c3

SHA512
e9a2125c4f7b8f9ccaa298f130499bd02617bb374dde5c4849172265978dac4e19800b3d875119022a0be51d40e4896ea924cfc8c34973fd73273fae78a6a6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
61ce94a3d55def6ecd84cd207b70d1b3

SHA1
abdf47c9a5b42317e09dade28db913e0c36235ea

SHA256
90fb039f3c41a66731cf27130e5b65d3ee019f2f055dcbb35358eb7579d1c914

SHA512
5635e10f637b230d9c702182aa96964d62412b5d4605c56ebbf5d1d9255e2f91d0036085fc8b827a54dd38ed2b6b35ba72f845d5cd0225067e1bf8aba431cee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
440dda4ed12026f234a96aae8131a82a

SHA1
a89817bd21cc1357144358f5e4c6d89456f1afff

SHA256
fb14d7aa3fed0bc652914c58c4afee7b360326e79deeb060541ed033ed0238da

SHA512
46bd9b8fb2293ce25f3563b1ada4d348ee423b8cdaf185c35ec2656f0ef5842c47549d6ea98725d382532bc39ac64f333c3a85772df21105f29b2710f0913492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
acb6807c232878ce8eaeb5e2a1ae5d84

SHA1
12df12258bed3c4ccb2570edef99978c96f664ed

SHA256
f2b5a37aa12a544e9befecf7d8e3f322d6137c843b196ff036d6b31974de53ca

SHA512
a9ad2d6da8dcdf5ffaa54b176177fdf8a06a433d32ff51fc8f85b95b798372d07a081e8207ec9e61b8d51df669595d168b98aff34fe88c2d6cb143e615068aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
4bca2aee64633a6944f56c3ab991a57a

SHA1
9dcc9cf070a64a8b614a3841e38ad656a75a212b

SHA256
7ef1fc408c59a33d543a82244f55cb7081669f0ff400dd7ed12c48ef3c5ad943

SHA512
90dc9b59c95597de423b9d18ebc313e0146f661d080107a6d031050b175094ee55da09c07f8e2bb7084a2a331f13166e848b8c77c4d6e9e46199120a0641150c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
ecc1ad4eaafda0d5420ab1cf1066b6ab

SHA1
bcf739ed2647a45090da9980ce42349fa331243f

SHA256
f502df150bb3ebc6e37a5030d41960d7b8b14cf6be19ebf8623689a7c64f625f

SHA512
55d1af41e67c2d373c4a57bfa5292a30e4947e3df265e393043812983bd93060fb2c209c3e447afff2c337c0ee8872c09b80bd82dfa3c507cb769403e71d45ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
496B

MD5
34a72154ed9746a609b29d25ad8d6469

SHA1
ee1fc6413972b90af4973bc1c158c47011e757b5

SHA256
629a1e55ae58d7e9e13caf2aabc58ad73415b514df679a5e15ac561b1b549f10

SHA512
2789dcc6843a73666ed06d51a7bfb8e92dd7c0a82062dc0d252d883e4c943fc229932fdb1410e9d40d7a7dd965623f3df582640a0952adf7feb7e05a68e37d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
35b26b7c7298ab59c756b63725be2f31

SHA1
8e0d17f10d81fead5a6124674a7a8afde9875954

SHA256
5a73cb595f9f21e31af2306f2b1df9fb4150f74f80a4bf1cefbda314fcf7bdad

SHA512
774157eea20006761d90f548b7235474bbda4ba254c7b49f722122e6c2984090d7c8a019f5457ae78fcaae9775a92c9800fcd69ccbe385e27f031c3939c036c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
daead3b3da3bbe5a7375ac7e63540308

SHA1
617a3122a0bbc04abc75a0fc7a4a9bb2ad33f4fd

SHA256
4940ce042e7bc1420e0c5c74caad75af998764635494f86f8db327383fa4e49c

SHA512
862a7d2c50c9b596ef754ef97b4802451cde292aee567f295cf5c45573adfb8bf851f19f5f9d85f6cf3efcfacb043c97b85fbc2d9a85d4e637f001c400380327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
9c6e50fe9cf5d2d5f53a00f4e6365258

SHA1
627c6a4d8932694169c1bb51bc2e27ed5718708d

SHA256
e20447ef2186552a8cb80def207dc6587895427b5971bd2d36c22243ac641b6a

SHA512
64449ba42a97bdc84e0b8159c25b6551b04277d85157e8abf99780fa9355bb1fc8006f3202f8d7741a1c2c4e76616c325ff33b918a22af18db8a3fd7e475ce33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
9KB

MD5
fd59c0c0fe275e45d3de69e960c1d008

SHA1
57671ad386ad88ba74f13a9de7f249ec79bff8c4

SHA256
e08d5040c1ec34edfe3ea04a0e4bf7ea17c179a5b0fc091213f8293fb241fa4b

SHA512
3569a736c7f5046b9e3b1da8d47becbdb3fa4305c20a2b1038d1a5343ff8262b7c567fab4daabef2ff6e69f4c62af385407232df2c11fe6d2368a37aa79aaa1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
d30fa3a83579af6557f44702ccce68ff

SHA1
f45715226f2a2fb3a10bfc419718cec2e70b7d24

SHA256
14954ff503e826e7b7090c24fc5efd5e6f636fab3d86859fcc8e9f6a0f1499cb

SHA512
88a343b888bb0160357255de6bdbd23d402881148e68b5baca507d04c73e12c87b28dc8e42d2c92860af8560ed6a5472d7649beedf2c78f830c59678a5261f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d7df428c74850a161526e633c6bca2ac

SHA1
c93d51a0a26b916cab0549d128cb0e31bb13b794

SHA256
7b4ddebe5e7ca95add6b0ca35b8645b9b03143870daaa34ee32f79f90ec461ef

SHA512
de33304dfb717ac5683bfd4a3674dd5b0e976183e2b258c36c3702b1aebe403ab86f2bbd308607429cbbccfc0c0d2abf0f722f8a017c6ecf3431d674081e9dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
29206f4d70c0e3d7707ef433c3c97bdb

SHA1
2acb1539c5541d64dac2af21c61ac66e5a249312

SHA256
5ed3fdd56851223b1a183f1fbb8e10bb2f21ed10f034abbde55d483c7490a82b

SHA512
1ed6337f733a9be67dbb957b7409ac22227e073ba02e5a1db24e140d7d507e99d267ff5db5b08a6f2fd0f1ac92254f9101b314b8aecd17ccefd6400d5377cd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1227fff9bb6c106d59e85a6ce2bc9eb4

SHA1
6b73cd68cf4a436ef178ca39f94b2d7930dd5779

SHA256
91526eabb354cb5365bcc0e1c7350b23c5f6fa57b57b1974ddc8b716417a05a0

SHA512
2a0b9a5b4f50e876e0e2e0ce38c6de2cc5f1e3c9f4c6550d490cd0dc8f035043851483ff58461822d4d7076fa3b21fc3639c097c564f0e2770a7b08ed28111ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6a1b69fc87d0d1a1676bd86c803115b0

SHA1
4c48411e0a30fdea70182623c7062ada90cf074c

SHA256
f578e62c9365a710d7982c12e3ab64abaf9bae7d442ada0dc76fb3af66f90e50

SHA512
469e0a93e5197e13ed0848edbc0488f3cab6369136715d616b8711ab7e20ed31fc27de4099e1ab697279d071368fa1f5c6ef55a44224ed89703081e0a2f797f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d35111658a40d24d2328374bb2a78096

SHA1
fa8848cd1b047fc324c285edc77959172f837705

SHA256
4cda1c38af9a7763eb743afb2fddd24c0dc2d1e572e1972b606d68e9b7b6e3c6

SHA512
c80dd5006715cb1f0223aeb5f1bdd42b152ecea44a81af1bf4dc21c3bc93d6c7879f1a480c4e28c0116a5ea6520bd8e0456e1aa5c609bcff31dade76918fb38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b73a548d002a2dab5b1412d9cb3a5a55

SHA1
d2086fc5ae48ef719a35e03a9a64b9b7b5f9cc66

SHA256
5440cec17150ea112fc5cf845ef51ba191577af03bcc507cd929b90fc2a99c16

SHA512
6e3e4e4cd367aa7786bc656f6b99326920682e9bb967086326feb2894cc04fabbc70e65afc61f620d4a60dafac4295cf595baea6603fa0fd46fb35262ac56aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
44947c08b00cbee8605444fc61d22c11

SHA1
b438f9f386ebb4f06514e93613584ead94d81631

SHA256
da3aeec5b72ed566f9fc418d363591add62760839f72b7a64a7b9ea527bba72f

SHA512
a77a6ab4c85514c2d17189e2a5269ebd407e4e840c1cc117ebc7499a24f458c596b0ea07cb8eb657aac381de4df84a25b7c21491f55bf900d338edf959db69bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
55cb900e660d61cfca5b9c552817d447

SHA1
0b71f4bc1785690c1466a36e6b11feb71f7f1ed3

SHA256
1f4b74680ccb68ab798dd3e415d1a3a9eda83d6ee667340d8a08deffb6d7799e

SHA512
6526e370b0adc01c1486ced4fedbcf227f85201262880140f01edfe057a65a4159f79b8c901a4cafcb9d51775782cb42aa69dd783155bf12b08dc88b03f8f6cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
382a7152728b5e6d26ecda25d241d924

SHA1
d4e34312f694bcc3eb1025d59d64d4122c9a25c7

SHA256
da3317759e544727fa7bed6eab6142111f4bdb2fa78ebada56c7fa58ec2ecc06

SHA512
1883cc7c6c54afa8c5a29841fefa9f8ebe2b924e78923a7c456dcbc650d5423523d0b05fb6c2bbe002c1f0819780c620fb4466480b10646d8628262bc71c6671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bded33e22e576ece6e73678a38f9e30d

SHA1
684fe3a3171a63c1af4164190b4768deb9c97824

SHA256
30661a9c69452d0dd8e60483439bd09f4bf48618930d3f3e53e80eb4da5bf141

SHA512
f408bee8b4c2209c3ae670dc883bdcebf0fc3a60c5591358a4b2e1e1ff028a0ef919524fbbcfb539f639c8c499cabd3910978a305a35e6a87456524c4b772370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
13ebac82c93ab0dcb39053f1b7f96ffa

SHA1
6d608ddafed8f1bb66e1626f6da770138ec33ffa

SHA256
654ad8868a85bd4b27e36e5643ca7c9e4b4f97d12d6774c2c45093d87c478dd7

SHA512
f7b91ecad3d394c2d1ed319952f39f28734c95f9671e2c9c46177f01b7213f04b32beef0e49694276a139ef76f8f5427769bdea6f662040003f331f68a312af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f1aa4f1d6dbf9fd4412ecd46b763a240

SHA1
39d421e3b49127b3ddb2209785c46bd3a730143f

SHA256
a645e7f27fb77e685bef03354b45a1344a7be460062fc1aabc801762df1aa90b

SHA512
f5d3965b33748b8d2f77c3c858554cc4b0c0da45de0505865c0c3fe7d4c52f41ce6f89ab861c18b0f010ebe7b6eef865e07fb6438217a0d02756e643b2091920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
de4b1194580b7bda28e72a69cb081d62

SHA1
7f9466c64a34e3fe6c1d74650cb0e6b075d66f39

SHA256
b85bd3a6cd3f6ee572f98152c701606e6204f282e5bc7bb18f1583e1b875f038

SHA512
9160844f552b4986ea4b973662fb0dd9e8b228f06910d58354e4abc523c7aa13ba9df8db06c11c679335737b9f3175b472e1037ddf100e234483f588211bae09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e24ccd927f3beab95ba155ef3555da37

SHA1
c762761f2e2643c71af640c8e0e2de150b116098

SHA256
16508be5c18974e644eae2ccfc72ab067c006917722a6219af66d3976a6415b4

SHA512
7ebf35f508835cb9bee8550f5b5e1cba4a1e07c37de7a594c645bcb6a3ddc26b9b3e15ee81c281c2fe4ec6e4ddca508f903901750a31c8e95f260cf586485923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
81db248f9a5fd9b058b4b4ca6233c812

SHA1
f66332dba8c5cf073e22eefe72d6855578368fd0

SHA256
cd1c9fb70ff35bd1844a5a9968eb86f0c547da2e6bbaa8c87e04a67d6aea0a34

SHA512
f5d31ea9b919b3cb301eec348462a5d9385beb99e1223e02d0e86ab0847a11241210454e1875ca10b55295184d293944491ff6bd653e933e37081138b628aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
a2878b2ba48138f66d3dc869f9fd0dfd

SHA1
8b367c92752b22b8fc1e63048edd6494ee1ac195

SHA256
678191d50eb505a0d676c935c65e4002f729edb59c510cc4274d7b9d0627f87f

SHA512
3c62ed966343a5ebad808515d79faa73c1edf1a1cc0dd59577cb367ce474aea49ae870a70a65150c4195a289266396ed77e5b6385dcc9ee0f68780e0ca1bd195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
497648a484249978c7fb3683ad9e2eac

SHA1
efc7cffa38b22fce6cb458c8ebd8083d5637254a

SHA256
6108a482758c821a44904e5dca750ee6fe92677de61094ad682a8ce95416a9d1

SHA512
f47a2b51808e3f2ee1221c2731a79eadc1928702d74d04e32bcfafb68f6e8bfcfb3f14ff1e4a59955a6a075544fc65f5577c5759db879c213b9fb966900a6fb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
416bdcb864e11f85e8b65d746353bc35

SHA1
8c9c661d8fb104418047cad2310f56b051075c7e

SHA256
5b37406906c52eb5d1037c44b64b212e79c27edddea4bbb28d2fc63aecd1b380

SHA512
ca9bb91003e2f3a525f09a369bef20e6ca8f20c9e663db6815935c23a41bff745add55e9e547288277b5316c36b3356cc1cc8e21f1e9a8518e1bd86e86cf33e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
89eecdee666a278c867aba70305b8cae

SHA1
206ee3beca78a17cd4cf8a7867ac4eb7caa4c796

SHA256
a5b39c56d306c9ac823f089bc1ce755594d1b4f88773422bbeb961d3b66159ea

SHA512
78a379873e5393d9c1c3ad2bab643ccc562bbccd20ef346c1a1b15bda2dc541c2c398b4347f8f96f8b72364c603117264f897cc4919e8fc529d206599913deb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
8f064a4139c0566271b2a358f1ea877a

SHA1
a69a1a79c080cf72f9be5fc41157ee7983eb5577

SHA256
ba7df518a445e8ecaceb6ded8611adced21e5e63a9dbe7ed2cf3055943b6a37a

SHA512
f87d88975945b4636d75765bb6b59c76e63a32d24e5902791dbc74886f6f330fc545eafaa940f64c82001d27b2cbf7abc807a48ec5a6e8a1fde8cfbf9fc29d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a729e75b4efe77868a969629eb2a39ff

SHA1
a2ea676c1e4da5a7ab851fd28585f10e3f0b1c75

SHA256
98dd2533c5593fcdfc48bad0d2e99e7b705b618f9ed1529e53baa8abf01c1c52

SHA512
43edf28b8e9063d95cbde4b8381c20ea305c04ccd1b4ad97d6fda94f1be36fb1805d087b1219d4534cf6cf877332096f619afd42e74d787e6f22cba9b2c50b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
864B

MD5
c802839880f70df96a03614b88cee4df

SHA1
acb1f148fe9d4e61b6230fbd91dcbecd7ccfd5e9

SHA256
781c0bc9808dca831788b85d23479ee23e73d3d5a29f7554ded1c98902aa59fc

SHA512
669e483eab5bb692aa4057e1207c2e3edb4e60962b390dcf1c577bc6f1ae4b0d9c2fbceb0526eecc2a5843f635cbe12d3939d66119a43e9b3d11d0ef4d76a60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2de2abcb4c2827d87292a651cf0475bd

SHA1
d5d00fd33d2e2ae62cccff423474a97736e0312b

SHA256
ccec118ed07a2073ab2e3643464104406c38ce1457034bbd45c95f1421d8572b

SHA512
9a6c574954dc922e53dee9f4e85da2dd033b6b92b8995365e0c685bb783e76cec6a4800f3fbdefd6376fcf7b9c38088c02a12f59bcea427da31bf212deca687f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
2e96acdacf6df2a17b243f3ac8f1c265

SHA1
3df6a2efc10a15f6fc9b0e14366aa69709a43346

SHA256
f8ac4c21e7ac76baf975e32ff61f0f622dd6ac4ed975fe43cf3c3cc795b75f93

SHA512
8730e07c2dc9f03cfbb12af100cbb1e244e7514eddf6db73a0f9970ce7302cf2b8983089a99ede377192d1f7a2e9bfef25e458622d5f69baf2ff9fc4909cb8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
a269cf9816fedca54cfafb218f828ffd

SHA1
7503f8d5d8804052d1af5e43ae0004bf5b2ef85b

SHA256
569cab23b58bbc727bd2ad22f5bfd3c2fa2e797ffa7e0cc04707fa9b27382484

SHA512
0d25bd1804b3df2cbd039da2b62f41f74af322fa8604961601ea6fc21ddbd7a5f5a28003a97f1a9354b056782e59d25518fc9f28e5fd21483c9b6859bfc7acd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
1b9e07697b036359aa21624b517bd417

SHA1
b732d63ff2321fdc0da869e36e39383cb45dd963

SHA256
425494880ffb6fcf34898b4df75fcfa0b1012834a76b9b9413caf896d345674f

SHA512
488e8f8f4aa4d2bf788e90e5b097f2088086ce862b18b245da41af8a77bfd9b0ce2f1b057096a7c4a9fc5b57312aa3d702ce20dc54cd15783dcdad2629d5a4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
8557005184c28318e0cadc58fed78dc2

SHA1
626f3da4d30e22210e7c2e4cc702f96e020ac923

SHA256
c5f680efa25ebde886de25f00ba1f4d46bff56c6e31498ba0d4d93543f85c8b3

SHA512
3ce82578a5788884e966905bc79ba0eb3b9c13d12def157158d015784eda5af9cc68a65161abfab146753723968a66cde1f35e84ff8ce40584b54107912d03b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
933633ee1bfdd73cb0faadf5843bf093

SHA1
1876f093d2cb5ad517f04100d49ed30d37772177

SHA256
0bdaf3227f2a6aa61bb2fb71e5438375832388bfc8931a7bc299c0f971b36acc

SHA512
445bcaeb2fb9df6e6856149b7a6a80b55dbb066b2a514d196478cd8796682acc2e28d30ce478dd535b95d1cd181090b929861513ebb794103a909d8a9cfac868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
41abab4677ee736243a698df103f93aa

SHA1
b01599a157f9655cd18ab60449492580ede2be13

SHA256
228270e26bca58b0bac73b7673a015d5abede2b52f802a4c4d2ed1b410aceac0

SHA512
dccfce6893ec769127f57cdb4c1cfde579a374a92c12efdb14f2fcb3970350497cf31eab887eff579eae7bf992e60a2523b4d5cc4c0434bae69c899e14d8ef91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
244ac18cce20b13dfa34685998f6715e

SHA1
b87c401857f6fddd0dd06dfea9f51d81950eb48a

SHA256
4f132eb1fa00420f549b0831a476939584ea6c85701026d3bc9eabb7c304819c

SHA512
7bd2ba93f8553e2161f45c700dc7c76a35b2d0a80dbfc71dc106dfe99313fd38bdd2a40294b56f6f369a0129eadcc3238bdc7280fa846aba05a5cf0504f4166b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
7621beb57d286349b09e1301674dc311

SHA1
9f549cb598f1a234354e7634fdfc3b6a0a7968b3

SHA256
cc0eaca911ddbd6c2cb87414e5a963f53b194b70b09daf2fb5f0f025cb9a5e9a

SHA512
daa9f0f38b18d0671f3fcc1d809be45d3fd685bc92584ead559b770bfce35247b37b2b67c6fd13ba006ee5b73f021d7440e19a3d433b99eb68f7af18239cc708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
e878fed8f5687b2d6463b28e1441d65c

SHA1
44f35df4a683536380347472cb368d2625c1980e

SHA256
ff82853432a786f346c58f4894c07260ad59289ed65b5a83243262583f0b386e

SHA512
24484c878b5deccc06c05fb080bcb5f6e59621dff5bed1d11d411e05b6282f1862b87b57a77a62e00ed03e23eea0181b8c096bb2e6543ee2c026c071c02d5f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
7ca0ed548b7bdb3211a27b0f754e47d7

SHA1
83727ef77661f8f7a3f82d6ce2830c7637ee73c8

SHA256
b86c27c51ad12e780846ed8d06cd0f8a6808e6a0cafb4cf84a9ff8ccf06ee83e

SHA512
0f6f3a7f2cb5b0db47b3dc303a5b88a36dfff11ca66c5e86adbd74d3e439e73ac30fa0656c42a81cbaf98765a2eac1b6849faa3c4ac39cd0f0b9538b4a4dd7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
5a70c18129654376a061fe051879e0f2

SHA1
c23658ddd3ebb2fa2655d03088dd0eb650fa23d4

SHA256
679b2a14510d72c242eaf3e868b53da2ec65639ceb11cb6679ec7d6e28625a6c

SHA512
be7dc1d958a09ed73232baa6f1c534b8beefb2913175da6b6b594adb54b04f9ed42590a612eb81f9f1e9014921c82709a946e1c34062789a1ba0a325e965bd71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
459c079ea87a69771cae90e0012300e7

SHA1
47f1ebbcd74f4d5a800b8194c7c87754fcf1406f

SHA256
516f21eb2f964f23059965f5daf06c870e207406b75c329c39f18e1b0b244ea9

SHA512
b11275f0a544f226706e463d6cc2181d14a32b5fa90057017ac524a43edf289b167d6079670bf0466803b453cf2fe0f0c3c2b5031fa311d6b1c83b8e9ccf2433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a400.TMP
Filesize
864B

MD5
af2e93f0336a19608983e7a254ad79ae

SHA1
0bc15aa3ab471063b33fe2433fc7384a5e89f82b

SHA256
8622b1b5fd7dbba420f88ab9a63c430c1311d6ae290c9fdece86ceeac0c5299c

SHA512
f970db0d9544a8da2eeaedfd5803025bebb7156c083ee3208a535c8d3d3752fc127802f5e87e58f7c85685f611c6478d54fd0cff1e5538aa3b12ada582f9a761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2607e924a3516f227d6ca5802fbf960c

SHA1
98965c97708bbedfa590f49fa8ca9fa315ced3ea

SHA256
560cf4dc580c9e43977efc708b741b41276956c44b568c4b90844e667714e529

SHA512
2bb7ab8d42ce9b23b9cfb14d322314139dbb6e075000507e8f17ea622a28ad9f9821d0943f818bf3937474b109bdc5528846ca864c813da50b1feca576ae88dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
393d387d3b0afa5dbacb26b62900bc08

SHA1
f57afb2c4bc3cb10c9fe3b825028f6c64723c1a3

SHA256
dc752324658d0593a3a67cbb3b7897d126b041b140c9010848687ea77150b145

SHA512
6a7a7713c8daa3f396f0d53d73ee94d3270aaeb4de64e194526040f71af31b8b019d6f5418373905d32a4de36e20091b099f49289d0662c41a8015a25d7ddb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9ebc9f825beca5f0a068f9ec896fa6ee

SHA1
6e71da072ccf0eea967d96aeb4c7f0c7409ff03c

SHA256
53484ffc06ce6c59da7a04891866fa25b5a57350077cc324282f6ba7a2259136

SHA512
44f78b4df1157c0bdd887259f8bb98348fd2541aef502196eb2398b5663b03b0af7aa3fb1ea12418d4e997c052c2899bce2e5ba60d22469d6a95b87588f77fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
cb32469600e338e87884d6b7a6bc3cd1

SHA1
b8dcc30106c5abf49c153f9df5bff3feef61ec04

SHA256
a03971ca64cbb211e4c05fa5903e4cfdd856a7090af65e6ccd9a6cd75acb4b6e

SHA512
b455780decf3701d37c68b70c306ccbfe42d7b0dd3c8eb4a3cf377ba899542b203c65f7f9af7975c10f9a1490258c6dc1a7dafd419076d2335179640c8cc681c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
b231363cb1cbd7f95bbb850b844236e9

SHA1
10d38955152c10bf870881e2893d9ec90cba1f54

SHA256
5886d8dde6378d3353d57a160f4eb5f9ab5c39986be3eaee23fad85664b5b803

SHA512
91f264f1ceec88661e7e2b4bfd669839bc3a526616fe7261e7989a19cf4f92d6766052fa38b04204be2df64d87d87251a4600d4cba32a0f91ecff64b678b1f62

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 39635.crdownload
Filesize
4.8MB

MD5
e02610619e7d819e78f43ede2d4bc840

SHA1
fcb2ad77cfe155398d7621487eee239bd63972ad

SHA256
035f44cce07f951f0c65f1431efbdb466cde75e78335fdb9914c78a9343875c2

SHA512
3f0bf6b8250f5d5646decfaccfe9cca0d05778e676e67e296d74e134e0a9825315ac7013aa9016d00b98e38e576ae43ef7bc677f05814db0f3a978bfd67b63ff

Download Submit
\??\pipe\LOCAL\crashpad_4720_ZBQEDMNUQEUMCQTK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2344-254-0x000001BFAA5B0000-0x000001BFAA5CA000-memory.dmp

Filesize
104KB

Download
memory/2344-253-0x000001BFC4A30000-0x000001BFC4C42000-memory.dmp

Filesize
2.1MB

Download
memory/2344-249-0x000001BFA9820000-0x000001BFAA1AC000-memory.dmp

Filesize
9.5MB

Download
memory/2344-250-0x00007FFB01D80000-0x00007FFB02841000-memory.dmp

Filesize
10.8MB

Download
memory/2344-252-0x000001BFC4760000-0x000001BFC480E000-memory.dmp

Filesize
696KB

Download
memory/2344-379-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download
memory/2344-378-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download
memory/2344-251-0x000001BFAA560000-0x000001BFAA561000-memory.dmp

Filesize
4KB

Download
memory/2344-377-0x00007FFB01D80000-0x00007FFB02841000-memory.dmp

Filesize
10.8MB

Download
memory/2344-258-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download
memory/2344-255-0x000001BFC48D0000-0x000001BFC4982000-memory.dmp

Filesize
712KB

Download
memory/2344-259-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download
memory/2344-1442-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download
memory/2344-256-0x000001BFC4810000-0x000001BFC4886000-memory.dmp

Filesize
472KB

Download
memory/2344-257-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download
memory/2344-1470-0x000001BFC4750000-0x000001BFC4760000-memory.dmp

Filesize
64KB

Download