Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/OH2jxM

Score
10/10
chaosdefense_evasionevasionexecutionimpactransomwarespywarestealer

Malware Config

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 2 IoCs
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Renames multiple (174) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Disables Task Manager via registry modification
    evasion
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
  • Suspicious use of AdjustPrivilegeToken 51 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/OH2jxM
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa047246f8,0x7ffa04724708,0x7ffa04724718
      2⤵
        PID:1628
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:4720
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4284
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
          2⤵
            PID:3404
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
            2⤵
              PID:3416
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
              2⤵
                PID:1568
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                2⤵
                  PID:3840
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
                  2⤵
                    PID:3172
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
                    2⤵
                      PID:3060
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4888
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
                      2⤵
                        PID:3680
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
                        2⤵
                          PID:2064
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3976 /prefetch:8
                          2⤵
                            PID:3900
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
                            2⤵
                              PID:4936
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 /prefetch:8
                              2⤵
                                PID:3496
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                2⤵
                                  PID:1200
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
                                  2⤵
                                    PID:932
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,8236898296309533910,10684727357324207232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:3412
                                  • C:\Users\Admin\Downloads\Setup.exe
                                    "C:\Users\Admin\Downloads\Setup.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:3840
                                  • C:\Users\Admin\Downloads\Setup.exe
                                    "C:\Users\Admin\Downloads\Setup.exe"
                                    2⤵
                                    • Checks computer location settings
                                    • Executes dropped EXE
                                    • NTFS ADS
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:1812
                                    • C:\Users\Admin\AppData\Roaming\svchost.exe
                                      "C:\Users\Admin\AppData\Roaming\svchost.exe"
                                      3⤵
                                      • Checks computer location settings
                                      • Drops startup file
                                      • Executes dropped EXE
                                      • Drops desktop.ini file(s)
                                      • Sets desktop wallpaper using registry
                                      • Modifies registry class
                                      • Suspicious behavior: AddClipboardFormatListener
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:3484
                                      • C:\Windows\System32\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
                                        4⤵
                                          PID:2744
                                          • C:\Windows\system32\vssadmin.exe
                                            vssadmin delete shadows /all /quiet
                                            5⤵
                                            • Interacts with shadow copies
                                            PID:3272
                                          • C:\Windows\System32\Wbem\WMIC.exe
                                            wmic shadowcopy delete
                                            5⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:808
                                        • C:\Windows\System32\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
                                          4⤵
                                            PID:4120
                                            • C:\Windows\system32\bcdedit.exe
                                              bcdedit /set {default} bootstatuspolicy ignoreallfailures
                                              5⤵
                                              • Modifies boot configuration data using bcdedit
                                              PID:2368
                                            • C:\Windows\system32\bcdedit.exe
                                              bcdedit /set {default} recoveryenabled no
                                              5⤵
                                              • Modifies boot configuration data using bcdedit
                                              PID:640
                                          • C:\Windows\System32\cmd.exe
                                            "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
                                            4⤵
                                              PID:4804
                                              • C:\Windows\system32\wbadmin.exe
                                                wbadmin delete catalog -quiet
                                                5⤵
                                                • Deletes backup catalog
                                                PID:1936
                                            • C:\Windows\system32\NOTEPAD.EXE
                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
                                              4⤵
                                              • Opens file in notepad (likely ransom note)
                                              • Suspicious use of FindShellTrayWindow
                                              PID:300
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:1472
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:4724
                                          • C:\Windows\system32\vssvc.exe
                                            C:\Windows\system32\vssvc.exe
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:3076
                                          • C:\Windows\system32\wbengine.exe
                                            "C:\Windows\system32\wbengine.exe"
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:2136
                                          • C:\Windows\System32\vdsldr.exe
                                            C:\Windows\System32\vdsldr.exe -Embedding
                                            1⤵
                                              PID:644
                                            • C:\Windows\System32\vds.exe
                                              C:\Windows\System32\vds.exe
                                              1⤵
                                              • Checks SCSI registry key(s)
                                              PID:4176
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                              1⤵
                                                PID:4940
                                              • C:\Windows\system32\NOTEPAD.EXE
                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\read_it.txt
                                                1⤵
                                                • Opens file in notepad (likely ransom note)
                                                PID:1976
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
                                                1⤵
                                                • Enumerates system info in registry
                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                PID:628
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa047246f8,0x7ffa04724708,0x7ffa04724718
                                                  2⤵
                                                    PID:4728
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
                                                    2⤵
                                                      PID:4324
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
                                                      2⤵
                                                        PID:1228
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
                                                        2⤵
                                                          PID:3536
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
                                                          2⤵
                                                            PID:1552
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
                                                            2⤵
                                                              PID:3940
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
                                                              2⤵
                                                                PID:2112
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                                                                2⤵
                                                                  PID:2680
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                                                                  2⤵
                                                                    PID:2980
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                                                                    2⤵
                                                                      PID:2252
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                                                                      2⤵
                                                                        PID:3308
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                                                        2⤵
                                                                          PID:4724
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                                                                          2⤵
                                                                            PID:3756
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                                                                            2⤵
                                                                              PID:1456
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                                                                              2⤵
                                                                                PID:4612
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
                                                                                2⤵
                                                                                  PID:632
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
                                                                                  2⤵
                                                                                    PID:1976
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,655307505796765229,13125777316484448678,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                                                                                    2⤵
                                                                                      PID:1996
                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                    1⤵
                                                                                      PID:3404
                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                      1⤵
                                                                                        PID:2976

                                                                                      Network

                                                                                      MITRE ATT&CK Enterprise v15

                                                                                      Replay Monitor

                                                                                      Loading Replay Monitor...

                                                                                      Downloads

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Setup.exe.log
                                                                                        Filesize

                                                                                        226B

                                                                                        MD5

                                                                                        28d7fcc2b910da5e67ebb99451a5f598

                                                                                        SHA1

                                                                                        a5bf77a53eda1208f4f37d09d82da0b9915a6747

                                                                                        SHA256

                                                                                        2391511d0a66ed9f84ae54254f51c09e43be01ad685db80da3201ec880abd49c

                                                                                        SHA512

                                                                                        2d8eb65cbf04ca506f4ef3b9ae13ccf05ebefab702269ba70ffd1ce9e6c615db0a3ee3ac0e81a06f546fc3250b7b76155dd51241c41b507a441b658c8e761df6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        600717b6b23d3f18d74430ed6ba66c35

                                                                                        SHA1

                                                                                        001924b873fb7620b24b0abe02d2ccea23c34d6f

                                                                                        SHA256

                                                                                        af61acd0f6224a14544e1a0515edc48bf5ea760989a71a265de1b6b0022ec089

                                                                                        SHA512

                                                                                        22d3ac69f7875d7a8fd781915153e16e44b8b172638450dd649edb2afc00d54337574a3397311801c2a466f15ee30c6a96d12dd0d22625737fa92cddbdd40350

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        57967a160519052941fce6b35b105aa8

                                                                                        SHA1

                                                                                        132fefe10085c4d7c7959f25cb0dfc59ec73dedc

                                                                                        SHA256

                                                                                        b18dfd4e55ca1c6cd4e66418b5e01a5dc64a1a5866e82c079b3bf4abadb65614

                                                                                        SHA512

                                                                                        5e08dc1e702c958df415f00ae4299c9b9ca5fbd005a2c53ce02fb203d9759444883d3561ae6fcb8584a136511710fe24eefd31562ca2e4c1909e5edeac8a3ffd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        f61fa5143fe872d1d8f1e9f8dc6544f9

                                                                                        SHA1

                                                                                        df44bab94d7388fb38c63085ec4db80cfc5eb009

                                                                                        SHA256

                                                                                        284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

                                                                                        SHA512

                                                                                        971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                        Filesize

                                                                                        152B

                                                                                        MD5

                                                                                        87f7abeb82600e1e640b843ad50fe0a1

                                                                                        SHA1

                                                                                        045bbada3f23fc59941bf7d0210fb160cb78ae87

                                                                                        SHA256

                                                                                        b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

                                                                                        SHA512

                                                                                        ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                                                                        Filesize

                                                                                        44KB

                                                                                        MD5

                                                                                        0db7478f7b56e4a98369231abf39d31f

                                                                                        SHA1

                                                                                        5def1057c0d5539870013b40b9cdeda71af52158

                                                                                        SHA256

                                                                                        842b94c65c42c49bb7b375befc79da7a5f45488ca48b5a7a94aeaa8f61be0b1c

                                                                                        SHA512

                                                                                        0e335214ddf06eef6eebbcfee94880dae96ca5a1018b7d6c0fa4a7e00d33aa55acabcca8896a14250a6a1b31354a984276c2558776919ffaee148099e5fa8789

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        8a555520200f04bb792f93b69e3d18d4

                                                                                        SHA1

                                                                                        fbe972ba3bdfd1d0bd0cef0d2ff958906e837044

                                                                                        SHA256

                                                                                        a8d4f069fa5ea6b151e60a1f0f29bb4fbba3b53307f2b36c0fc9a6280f4ce5e5

                                                                                        SHA512

                                                                                        adf0b63fa51dd5b4454fef340621fd28b6cf3609dad735f5a1583097f667a054394f7da242fa476ab79c8a7a0ddb1bc21b4e9dd0c8c28bd2425e59487a0b885d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
                                                                                        Filesize

                                                                                        1.0MB

                                                                                        MD5

                                                                                        a8d41e6dab1c16825b72ece110e1ad21

                                                                                        SHA1

                                                                                        2c30de4359604b6387ae4afb58710762f8ff5132

                                                                                        SHA256

                                                                                        cf6c3ac6a5eb192d219b4302899bf84acff96faaf6377cb0a1f030cdca371465

                                                                                        SHA512

                                                                                        ef2ab772f99d1230d20c9bd82f22181113e79b26f3bbe150c29aec3b647d5d2b4b77d50a416e79023897b6c9feff32c2a8f3163d4bd01eb46dcfeb11098ea762

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                                                                        Filesize

                                                                                        4.0MB

                                                                                        MD5

                                                                                        edcc6bccc5dabbd9506740789c9aa563

                                                                                        SHA1

                                                                                        f2d9f513a1a10ae28db25d18d60f690a0fa813bb

                                                                                        SHA256

                                                                                        e35813fae3405038d4dfcd7d573c83fb9e830fe2c0cb9fb8f4b043f31c142099

                                                                                        SHA512

                                                                                        add2727f5a2542eb1cffc86cd65f0b2a94585fbaa98f4a6a47d5660442f806936e2116b572d82353d16d1fad0bba1a2538abbda6d28e3d53d9066b0c2be1dba7

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                        Filesize

                                                                                        288B

                                                                                        MD5

                                                                                        2f6d24840f79708ad7cc3c3fe9444a16

                                                                                        SHA1

                                                                                        93062b322df520c9485f59b999fcb5edac0bafaa

                                                                                        SHA256

                                                                                        2d229e645244339e488efb72107ebc6087a963edde00075aaadb92b7404b675b

                                                                                        SHA512

                                                                                        e65e8a21f9206d1d6ba1a222b40b8012370ceac643433b4c38e39a4cbceaf0f96ae042b440b5f48148b4946df187ef6c376931bb5c5b2abf81bc4f227e2b302c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
                                                                                        Filesize

                                                                                        319B

                                                                                        MD5

                                                                                        254d83d153ae4225881350e92b8bd2b4

                                                                                        SHA1

                                                                                        d7d78275c4977ca5096f55cbff34f479afcd808d

                                                                                        SHA256

                                                                                        8eabff0b26bdde14a822182b3fc1e71ef77ed7e12bc5e7f240bddb50a7d6e80b

                                                                                        SHA512

                                                                                        98b6aeb77a75bd53734b956a4492531976c3b7fa59bdc39571d9e920abe43978575c2c1357a1aa6612d574fe8c53d3c9f003c8aae25883744193bcdc302eff38

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
                                                                                        Filesize

                                                                                        20KB

                                                                                        MD5

                                                                                        be1990848ddfa0a63a131fc07d7c8109

                                                                                        SHA1

                                                                                        347ce63086a7d6174eed8024ee808ad5951e1637

                                                                                        SHA256

                                                                                        7976dba84f648fb371b4a116924748fd7a24f61b6f6c82245339929498b6018b

                                                                                        SHA512

                                                                                        7bba06a638418ef28dd372eba337080a36bec66170e5bf99d46a6aaede010abefd6345bec902883d3c01644267ddc8c05ce5886308bc1c920ae527bfb9631f9f

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
                                                                                        Filesize

                                                                                        124KB

                                                                                        MD5

                                                                                        c148407a1c7562296db89f92bdeb397b

                                                                                        SHA1

                                                                                        441d544fdce91a976387d9452668292fa268d8d7

                                                                                        SHA256

                                                                                        8941b549409bf54ef690cd3de148c8c7999a7273071220aa867fe4e7bc4ef955

                                                                                        SHA512

                                                                                        efbba2b7bf129804900f1e4158220d90e18ea44bc04536bea6ad5ef79e70df5d30a7c68b4f69415569cb54f8accfe1ffd7f171fc6dde1e7b04d20046e0dfead2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
                                                                                        Filesize

                                                                                        658B

                                                                                        MD5

                                                                                        eb82d06d93de678ddc48f7e9ed62220a

                                                                                        SHA1

                                                                                        f8a35acbe134d647c11dbe2811dc5d614f78746b

                                                                                        SHA256

                                                                                        c0815a488dbb823065a7177d680ef26cfd7a3820484dc8edd719a6260f60cee9

                                                                                        SHA512

                                                                                        5f41eb7fcebb21b168feb10fb876f30d6beb12e1d19b6973a5e8bf4d4ecf9d0f553c698aad0b3ab30a38d958382aa12fca69f219776ed794fb6e972e831a249a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
                                                                                        Filesize

                                                                                        438B

                                                                                        MD5

                                                                                        dd3fad6bd4f350fc43e8ae92b8ed7d1e

                                                                                        SHA1

                                                                                        e5b43414328864716941bad6864f6df4f51060ee

                                                                                        SHA256

                                                                                        24941dc1e2a8aebb8d9ac3fe652830ef10744c2152964e867dd2df5c7a0e61cc

                                                                                        SHA512

                                                                                        8ba4644b20c13e94031a3ee375ffe62d66ed8f2f5ede88b177851ae8f6ff9c7d87666e8cf07d4ed960bb78a89fc7e02843562edff893ae5c5faed64ec51095ca

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                                                                        Filesize

                                                                                        334B

                                                                                        MD5

                                                                                        b4a52b902ac1ed4034d3a2f760397fb2

                                                                                        SHA1

                                                                                        be6cee10ce7679d1bfb0ece64208f48847909f10

                                                                                        SHA256

                                                                                        3c0d2935ebf50463735f8f9c605fb7d690a7faf8fa1e209ca1e9fe998d2aa5b6

                                                                                        SHA512

                                                                                        3f31bf5af44b7a24f0472acde644da31099b8553ee0c6f0eeddf82b32a7e3580527068835f6ba04ad16cdb706497746c6e546cb9d699adac1bd01dc480e79b04

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                        Filesize

                                                                                        317B

                                                                                        MD5

                                                                                        afc6cddd7e64d81e52b729d09f227107

                                                                                        SHA1

                                                                                        ad0d3740f4b66de83db8862911c07dc91928d2f6

                                                                                        SHA256

                                                                                        b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

                                                                                        SHA512

                                                                                        844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        1d80927627b26b706e6f1870a770f197

                                                                                        SHA1

                                                                                        701116fad8e849a918254656f8567566a3fdbcd0

                                                                                        SHA256

                                                                                        15ff768e1ed641a2095fa6d6b2d158444e4f33a4c0e1b6ec83d64c758329126e

                                                                                        SHA512

                                                                                        6ef1bdd40a33cd19afc6f023082b6af3da3c7fb3c18e025ac860c6c24b1624d50b3a93b5b5fe7c6ee3478340633c010c286bd80da65e268d4098997f5ffe585d

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        aa9ea4dd08cd82a108cbf8eb97b7d4dc

                                                                                        SHA1

                                                                                        77ac0edf14acc75675c2e409867004cbac89ffe2

                                                                                        SHA256

                                                                                        059a8db2955c2d4c83c48f24a79a60f2cfad0692e45464808ccc1ef185d8df15

                                                                                        SHA512

                                                                                        831d2d37ed625cbdef3a643d8b76213635e05f4c4e764b73faae00fe1b49ab831fd06d0e2f176ad89347408021c2568ecff74f68da236d72e92363dd69bb4c15

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        5cc7610b4bd6530ba55ade6692420953

                                                                                        SHA1

                                                                                        dfc31bfc837c09093770fb1a8f896452696004d8

                                                                                        SHA256

                                                                                        0c352f4b73ca9541f21dfb8e2b78dbe27966d1c2dad15c09fde8528f34bcb570

                                                                                        SHA512

                                                                                        f925940c6d9e65128e3b992c9d2af75f839d2b3e7d66ce0334a78df751de908f035cc62f8cf347f77d8eaf07d934f9eb43281139f12cca4143d0655a53d47ce5

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        7KB

                                                                                        MD5

                                                                                        b35fd8995a12da8dbfc9ff31f4797a85

                                                                                        SHA1

                                                                                        f51bbfb5896145b915522b3d9499340e9db5451e

                                                                                        SHA256

                                                                                        d137d595962bbb4ea255be348d7597f83a0a8cf8c88ba7e2e01051d796c6522d

                                                                                        SHA512

                                                                                        ddef4342e3edfb1cdd336cf004038f080ed941ae6521c46a1da0c7a2f2ba003eda698bc568f2afafd13de49a24299ae501c15a736672f95294509e1d88982822

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                        Filesize

                                                                                        6KB

                                                                                        MD5

                                                                                        3b9a1500be9ce5c6c9556f8de3f60989

                                                                                        SHA1

                                                                                        3691db0fa1cfd2c9f3cb99942e92d3a76f97a4c0

                                                                                        SHA256

                                                                                        68d62e70cf1fd6dd62f5d7bf46fb7ecf56287e43752da4e7b0e4bc95ed6f91c9

                                                                                        SHA512

                                                                                        47462580fa69b8ccbe45c5d0a3622b31c49b72dfac7bcb9d4f521b81fff35e2d0aaed1938ea7fe7aed4aed51df1524f56bb596bb3fb39198725569601b61eb5a

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
                                                                                        Filesize

                                                                                        468B

                                                                                        MD5

                                                                                        9c91aaa6cabf75fdface5ef511bdbeb4

                                                                                        SHA1

                                                                                        0fab30eb41b83498579b73c5926fbb6d8227c9e0

                                                                                        SHA256

                                                                                        6a5a1bd6f19d236cb9be22f97c4b4cc298c598a3df0563e075ddcecf99a4ca6f

                                                                                        SHA512

                                                                                        fc44f55569b6cddcc86d54f3cb466c54c995bbb4869fdce83bff92f18140cce6b9877d85e6ec5b56ec44c785bdd9be29adb7a4b14959856172879d3114683b07

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
                                                                                        Filesize

                                                                                        322B

                                                                                        MD5

                                                                                        dc94a219c65506c698733fc29769143a

                                                                                        SHA1

                                                                                        c0d8ed990ca85b60768caadabef667fd74898dad

                                                                                        SHA256

                                                                                        bff2350b58c011373d15a547e0caa9f0ab3897940277958e66bff8f46f397400

                                                                                        SHA512

                                                                                        a54895956485340529196f8977f6dfdf421c8c0298bedefde8dba2a14288c479ca62fe321b2bb03f6a63f19231fe1c4ee3a3c2584e5d9deacc8ab9098d392d1b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360081390550210
                                                                                        Filesize

                                                                                        2KB

                                                                                        MD5

                                                                                        e116c69f38d6107a3f359650e6212182

                                                                                        SHA1

                                                                                        1a00853ac61d19244ad998a25aa893cb2dd9ce55

                                                                                        SHA256

                                                                                        c316bff5ca224aa2a048c7d6dbb7b201758565f7bc455d499f654bf7016365cf

                                                                                        SHA512

                                                                                        ef83fd9024bca66dc720e4acbd72325ebc6d078060734675b9a7498641b711af9b2dc1f96c054da6151d461fc911d4e52616aac3c1cbc080dec9a7c390efe21b

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
                                                                                        Filesize

                                                                                        112B

                                                                                        MD5

                                                                                        7faa573360f302076db14c0c5e6a3321

                                                                                        SHA1

                                                                                        0f7c5dc2bbf2da25f181945fdccdd2417a93185b

                                                                                        SHA256

                                                                                        5fbf5066d3517238f172947348bd4793a6c578af080fdaf5b0af35b92c470435

                                                                                        SHA512

                                                                                        ca6d21b8166a43ee6e33a687c9953ced4776a2a53be3641944337a9565dd66533ef4fb415f57916ff6ae29ed23e9f3d3de6458dc7d91743a72769d1faf7a3d1e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                                                        Filesize

                                                                                        347B

                                                                                        MD5

                                                                                        487a72a2a6b2488e145b6e330352a530

                                                                                        SHA1

                                                                                        e3af6bd9f70da7e25e792b1e08480e0900f94654

                                                                                        SHA256

                                                                                        7a1a27fc160f7f6f60f43db3b0c2125545aef9f835df5f4388cf76006ce21caf

                                                                                        SHA512

                                                                                        8fe76c6f977daf6a362da7f6d9e5472e4d91fef39f81b49a4adf3965646892de6c4e29327940c0e6067524c94f05b56fab43b72f5320a8fe87cdd3f16b456599

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                                                        Filesize

                                                                                        323B

                                                                                        MD5

                                                                                        1944e2ef89a540cbc054d3df56b08e98

                                                                                        SHA1

                                                                                        bb741cea8220adb61bda6f8d400c82b07f8948de

                                                                                        SHA256

                                                                                        b072efdfea9a02a41d064683e25b89ffc758cc3a4e594e468326ea9a1e3a0f95

                                                                                        SHA512

                                                                                        a1bea6a59ffbabc0afac9659a2307fe66093f4ac6f4e9ee5c093b6427114663bd67c157bdcc214948b2ec041c1e389ba28d871d552f877162502a4f0dcd1cd82

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                        Filesize

                                                                                        704B

                                                                                        MD5

                                                                                        a8c9aa9e14ad3464dd64f5d57d61dd71

                                                                                        SHA1

                                                                                        bc757732361bb69504e236efe7187aec757a0eac

                                                                                        SHA256

                                                                                        a17290e46409ad3273b50edff61af9338ad7fdac1709c6f0e6c0ec3236f556e3

                                                                                        SHA512

                                                                                        578b0ab10018a13b7cc037bfed9a4a2838911c18fe46c5053822c7f4ad8a3b744618fa815c908b1ab83def409cae9603f1e9fe7925215246381c2ff4b6f5ca25

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                                                        Filesize

                                                                                        128KB

                                                                                        MD5

                                                                                        db727cf50340464a784de8ad94d1ec25

                                                                                        SHA1

                                                                                        6fe8e7047577512b678ddcb9a296585395569ee3

                                                                                        SHA256

                                                                                        8a0f23a7f70ec8226f07f954525ac25d282c159a9382631ff1b98ea3a06ae166

                                                                                        SHA512

                                                                                        40266087852c3acc51a222bf32b1ae02cc6cc2ea4c4b433bd76790348f4a314c20e2133f1339d71a3d320953c4736f2bc7c1441277abb8d2100d686bb87ec4ec

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        46295cac801e5d4857d09837238a6394

                                                                                        SHA1

                                                                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                        SHA256

                                                                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                        SHA512

                                                                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        206702161f94c5cd39fadd03f4014d98

                                                                                        SHA1

                                                                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                        SHA256

                                                                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                        SHA512

                                                                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                        Filesize

                                                                                        16B

                                                                                        MD5

                                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                                        SHA1

                                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                        SHA256

                                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                        SHA512

                                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db
                                                                                        Filesize

                                                                                        16KB

                                                                                        MD5

                                                                                        9e02552124890dc7e040ce55841d75a4

                                                                                        SHA1

                                                                                        f4179e9e3c00378fa4ad61c94527602c70aa0ad9

                                                                                        SHA256

                                                                                        7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

                                                                                        SHA512

                                                                                        3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
                                                                                        Filesize

                                                                                        44KB

                                                                                        MD5

                                                                                        6f7d873c97a7d84de72b2e2524711f08

                                                                                        SHA1

                                                                                        d28062bb2283ecf22bc77a64e87c1ff352efdfdb

                                                                                        SHA256

                                                                                        f18c439ae5804a6878126068ce8ef47114b28d7938c1ec082fc69c31c7319713

                                                                                        SHA512

                                                                                        7f40dff3d5402dd865fa52b5dba5da0a51145d2d09432a559474526ee8611cdce72353f43d336543fbd84476ebcc6d1d04d26de4929c96d49ba40c2f8031b32c

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
                                                                                        Filesize

                                                                                        3KB

                                                                                        MD5

                                                                                        160f6586e7c977ec2ddd84fa63cd7e02

                                                                                        SHA1

                                                                                        7ec85fb438d12b35993a3b874704679e6e2f1fa1

                                                                                        SHA256

                                                                                        44172a0092133afe25b6fba702135b19f2fe9991a70af08297e51f6cf936c552

                                                                                        SHA512

                                                                                        97f160907215a7ef0bc136d31377a6146c5857c01c3fd9b3d6517e55d628b5318db4a030d792bbc445f90d860835ade02f2aac2c80c9c91f282e63bee234e91e

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                                                        Filesize

                                                                                        319B

                                                                                        MD5

                                                                                        b70606beeb57ccf11ac36ac7339273fa

                                                                                        SHA1

                                                                                        1e8f888c4a2d441e5c9870fe01bc931e5cdc903c

                                                                                        SHA256

                                                                                        0998685d69932346726b6e149e3f81736dcf006111063264af85ae996a8ec433

                                                                                        SHA512

                                                                                        9a9e7f3d4c357d5ab9faf8a118540520ab140b240306f0dfb251d33bb6c8de6e67f90c7908b7135cc58cfe9c0fa7be2a0efd56fb816f1c73937fd799694148cf

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
                                                                                        Filesize

                                                                                        531B

                                                                                        MD5

                                                                                        aa69e4e5a4ef997f483344758f8a511b

                                                                                        SHA1

                                                                                        0f1582c8bf8e019f6a71d3bde3bf7bf6d4650058

                                                                                        SHA256

                                                                                        8808d2850c7721efec12a67ceb7a8efb6084093182aa95210c11468a5da81055

                                                                                        SHA512

                                                                                        357017c7837f95bb1d2c698779ab6f9f750ac38b453e5e055b2b7af5f2b17ca0dc884f8781a094912a3eae39d413b1f60038bd62e03be36ac870b5acf6e27665

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                                                        Filesize

                                                                                        337B

                                                                                        MD5

                                                                                        c3a6b481bf49ea6188f5b3c0b0bb2076

                                                                                        SHA1

                                                                                        dfe618c398826bc6e19430d62612d1b00ed53519

                                                                                        SHA256

                                                                                        c8caf182712980823516418f108b67f393bc7f9072b1146cf308ace761906f53

                                                                                        SHA512

                                                                                        310dfc5424985a1b5ab356686cf54d84aa337f88508bbf3ebdd8ce7ea457dcb3dcf374af88cc4e11a8b40fdd4a31c19d669525598bfd67e8f19ebef2271422ac

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                                        Filesize

                                                                                        44KB

                                                                                        MD5

                                                                                        9bec7fc91fff9e59175dd702b783db64

                                                                                        SHA1

                                                                                        5dedb0e184614e31d626b5404e8bc1f2ec391251

                                                                                        SHA256

                                                                                        bbd85e5ffcc15bed6ebbffc9e877d20b3222e9af4f9a8d8b0824a1958fd47605

                                                                                        SHA512

                                                                                        9cabcbc79b90736be9b8b724e28d7441c6f00ed86ff1084a1e63ea97c570b72ce566bd0808d44ebb785eb0ed72d24f4ce15c9792e681c181a1f22d5624158292

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        055a20ee4fedff08f4bdbd202923264e

                                                                                        SHA1

                                                                                        edfde0a2bfc1189e492962e9302a94176125c979

                                                                                        SHA256

                                                                                        cafb7df6ad810a62486824d645756727b4c45fe74b9582997e8aaab85ddef577

                                                                                        SHA512

                                                                                        e1d56bd1d8ae1a8f7d40850540066086d54f6ba55cc44955b4acd13fa04ab01781e303ea5643fde9274344a8b2600cf774699c328bd2e9fddaa6c44deb75bac3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                                        Filesize

                                                                                        4.0MB

                                                                                        MD5

                                                                                        31f92e2acf76c450b13bebcd464860d5

                                                                                        SHA1

                                                                                        642ae3a6ae67155be98c74d687c7e6280bfd76cc

                                                                                        SHA256

                                                                                        59c93d37ba25227483f21fdc7b3e404fa8b206e66f0e78f38aa582365cd9eb4b

                                                                                        SHA512

                                                                                        01bd409c16369ed1bdc63bda576fa2e85efac3aeefef79756b4f9450310e3008c774b670804f77e96a46a8bb00c54e720ac28ef8f0e060ed391d6130d87f3845

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                                                        Filesize

                                                                                        11B

                                                                                        MD5

                                                                                        838a7b32aefb618130392bc7d006aa2e

                                                                                        SHA1

                                                                                        5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                        SHA256

                                                                                        ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                        SHA512

                                                                                        9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        0812b3752b26ba6b06a3b969096c33dd

                                                                                        SHA1

                                                                                        8ec7045c2d83190be880034ac6fbcc79218d8129

                                                                                        SHA256

                                                                                        a9c0c135f6516c56ec4afeedd9064536763a24a0132ec761fddd520f1be5ff2a

                                                                                        SHA512

                                                                                        9a42f23f300a88c4ae0ad1f799dfa1bad667692210f4e2ee486c9fc49a877c335d291008329269eb6b9ae3628803a4e4da532ce36eca448073abbf5e37a528d1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        e916211e529333aaada3579534baabba

                                                                                        SHA1

                                                                                        974f5b45ab820ac8e89a37380daeb1accee8d416

                                                                                        SHA256

                                                                                        54368d6a0f76242b88c268274e768eba4df428f99ad805c49e712f88b7620a69

                                                                                        SHA512

                                                                                        85fc6030472be417188020347441172ad245a3d7965cb9bc879f51cb46b023d07baae393086345763557b79009fce97081dd083866604af3e2ff569b046ffaa1

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                        Filesize

                                                                                        11KB

                                                                                        MD5

                                                                                        5505289ae6d146953f62fbd8044091f2

                                                                                        SHA1

                                                                                        b7512c19ec41c9aaf06dcbf415a941c8343e830c

                                                                                        SHA256

                                                                                        01f6211b1d1b4bb984d210f307f718a71b24f1d0368b7375acf2f73e82caf871

                                                                                        SHA512

                                                                                        d6f096a0c5790666c8ccd4dd51eee65b41a37428b67f6311abe48136ce308f80db862cb4fdf9b44172c4895bf2cfc2c3a6f79c040e1dee41efbdaf7237135ec3

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                                        Filesize

                                                                                        264KB

                                                                                        MD5

                                                                                        f50f89a0a91564d0b8a211f8921aa7de

                                                                                        SHA1

                                                                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                        SHA256

                                                                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                        SHA512

                                                                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
                                                                                        Filesize

                                                                                        4B

                                                                                        MD5

                                                                                        936bdeb54fcfa58feba16db9595f9b0d

                                                                                        SHA1

                                                                                        c2cce6f4a5a5b3af6e4b0507ebbaab066655336b

                                                                                        SHA256

                                                                                        ae041051bcf5e6ebc8bc2945afe308e2b953fde73d493cc949ee4a516ee58b3a

                                                                                        SHA512

                                                                                        0d026381b22e25141eaf7d95a1cd73fddb6e2cf6211f4654ec4cac66c128e4b1a51a62b31401c2628195381f08c16d3e3c35c35f29ffb63426fab86967ac9ec2

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
                                                                                        Filesize

                                                                                        4KB

                                                                                        MD5

                                                                                        64ac84ad4a09bc1bc2ef39907def234c

                                                                                        SHA1

                                                                                        c8bfe2bb51f221a64890c323b55dbec8824c4ecb

                                                                                        SHA256

                                                                                        da26c4533ac8de46e3ef4577d563ab114422df429418e29e4a89bc1ecf511631

                                                                                        SHA512

                                                                                        775806b15673ac7c542e7668e1536be09f80045bc7dcb8a778322ba02b1cf1acd316f579bf1d68062ce5ee696ca554a88e4c89f9880649141410109db1bc2ac4

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Local\read_it.txt
                                                                                        Filesize

                                                                                        164B

                                                                                        MD5

                                                                                        13ad9b8d241c995a18f88a9847c93857

                                                                                        SHA1

                                                                                        1ff0ac1de17a26d849b2401ced3448b4f4492324

                                                                                        SHA256

                                                                                        1823c3b8e35c707e50f6c71c6e001f3e4694196583d8471515536f6d18ecef91

                                                                                        SHA512

                                                                                        550dfa28360449a631b455b5f77cb1f86400712724ea6ba2acb63fba14b2ff0b4027616bba73a52d4317cd438cbc4f1db682208310ae1fcb17a499468471c031

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\AppData\Roaming\MeasureBackup.zip
                                                                                        Filesize

                                                                                        1B

                                                                                        MD5

                                                                                        d1457b72c3fb323a2671125aef3eab5d

                                                                                        SHA1

                                                                                        5bab61eb53176449e25c2c82f172b82cb13ffb9d

                                                                                        SHA256

                                                                                        8a8de823d5ed3e12746a62ef169bcf372be0ca44f0a1236abc35df05d96928e1

                                                                                        SHA512

                                                                                        ca63c07ad35d8c9fb0c92d6146759b122d4ec5d3f67ebe2f30ddb69f9e6c9fd3bf31a5e408b08f1d4d9cd68120cced9e57f010bef3cde97653fed5470da7d1a0

                                                                                        Download Submit

                                                                                      • C:\Users\Admin\Downloads\Unconfirmed 66473.crdownload
                                                                                        Filesize

                                                                                        380KB

                                                                                        MD5

                                                                                        1856a9d790b6d8f54d28a2b5e2e8739e

                                                                                        SHA1

                                                                                        298ff743da81284f0dc8a0f624180f65c8879e66

                                                                                        SHA256

                                                                                        08dd1d97b995a0ecfbe7aaee9d72b27545ce281cd746f114b0bfe5ef363b2f9d

                                                                                        SHA512

                                                                                        7d4085a90291f8817f81fc373b7f51a1e78ccbb5a2a57cb94ce2b5b56f92c92ddd8b7eadd0ad8c22ecb7ce36095b3da86b4a3029ea37315f35ae0af687690b8b

                                                                                        Download Submit

                                                                                      • memory/1812-119-0x0000000000350000-0x00000000003B4000-memory.dmp

                                                                                        Filesize

                                                                                        400KB

                                                                                        Download