431a4eb262c7dc33dfd3c9b657c261fb09f4e52f6587e5ee9f53cf93e614fa31

Analysis

max time kernel
300s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 12:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
Size

1.5MB
MD5

79c84517f14e137ab073b449f1284710
SHA1

b305a63d6e89420f65882a12d26ab9427aba703d
SHA256

d399b13b2c98c2dc3bba6718817eef17313e8002825dd622df64c133bad09cbd
SHA512

98a677f3a80c53093a2f4241f1e4e89d1b971153b6960312643eee75e38f3429fa88b068435e49dad417db2a3d359345d9ce46660c4c912ef899a66f70ee324a
SSDEEP

24576:oBKRIxNuLCyBcs+6pIB7QDMuya8DSVXT5XtkD:UGLn+vBcAu1xXT5Xt

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4960	WeMod-Setup.exe
1040	WeMod-Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606810668430026"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 371167.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
3060	msedge.exe
3060	msedge.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
Token: SeDebugPrivilege	4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe
Token: SeShutdownPrivilege	1488	chrome.exe
Token: SeCreatePagefilePrivilege	1488	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
3060	msedge.exe
3060	msedge.exe
1488	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe
1488	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4960	WeMod-Setup.exe
4960	WeMod-Setup.exe
1040	WeMod-Setup.exe
1040	WeMod-Setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 3248	4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe	97
PID 4940 wrote to memory of 3248	4940	Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe	97
PID 3248 wrote to memory of 648	3248	msedge.exe	98
PID 3248 wrote to memory of 648	3248	msedge.exe	98
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 4240	3248	msedge.exe	99
PID 3248 wrote to memory of 3060	3248	msedge.exe	100
PID 3248 wrote to memory of 3060	3248	msedge.exe	100
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101
PID 3248 wrote to memory of 4340	3248	msedge.exe	101

C:\Users\Admin\AppData\Local\Temp\Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Medieval Dynasty v1.0-v1.5.0.4 Plus 11 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/patreon
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef37046f8,0x7ffef3704708,0x7ffef3704718
    3⤵
    PID:648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
    3⤵
    PID:4340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,463387915905015886,750783352445173510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
    3⤵
    PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/download-wemod-trainer.php?name=medieval-dynasty-trainer
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef37046f8,0x7ffef3704708,0x7ffef3704718
    3⤵
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    PID:2720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
    3⤵
    PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:3280
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
    3⤵
    PID:4304
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
    3⤵
    PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5068 /prefetch:8
    3⤵
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    PID:3020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13127762419557504080,1946690099782902560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/medieval-dynasty
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef37046f8,0x7ffef3704708,0x7ffef3704718
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,10447808522241107399,4738402566934933924,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,10447808522241107399,4738402566934933924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3
    3⤵
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,10447808522241107399,4738402566934933924,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
    3⤵
    PID:3664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10447808522241107399,4738402566934933924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,10447808522241107399,4738402566934933924,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef2c6ab58,0x7ffef2c6ab68,0x7ffef2c6ab78
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:2
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2300 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3032 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3968 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4632 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4404
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff616c2ae48,0x7ff616c2ae58,0x7ff616c2ae68
    3⤵
    PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3024 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3032 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3280 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4356 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5312 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5544 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4388 --field-trial-handle=1936,i,18268084674567273540,17721054670140304178,131072 /prefetch:8
  2⤵
  PID:1428

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2344

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2556

C:\Users\Admin\Downloads\WeMod-Setup.exe
"C:\Users\Admin\Downloads\WeMod-Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4960

C:\Users\Admin\Downloads\WeMod-Setup.exe
"C:\Users\Admin\Downloads\WeMod-Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
299B

MD5
5ae8478af8dd6eec7ad4edf162dd3df1

SHA1
55670b9fd39da59a9d7d0bb0aecb52324cbacc5a

SHA256
fe42ac92eae3b2850370b73c3691ccf394c23ab6133de39f1697a6ebac4bedca

SHA512
a5ed33ecec5eecf5437c14eba7c65c84b6f8b08a42df7f18c8123ee37f6743b0cf8116f4359efa82338b244b28938a6e0c8895fcd7f7563bf5777b7d8ee86296

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
04ffaf7f27f0ee32d82e485eeaa7b841

SHA1
a5be6bcb66b14a4822179bc6b935c9cc27567f79

SHA256
e69a77800f83123728820787be754d4309cce6da8beff6dfeea3f7eb46bc2c9f

SHA512
5241f878edb0ddf50a2d9a062e2f8aee90deab1ef000f2aacc2a119f26da7fb059134ba250ca616950ac543099aec2d07777fe2b7409f002423872a59d7e1e5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1B1495DD322A24490E2BF2FAABAE1C61

Filesize
192B

MD5
6e62602b69aff6816203fae6d0d33111

SHA1
cd8b82832a7b7e9901f0cd721a7431e93bbf049d

SHA256
bf094b8bf1bd574ff0a8fbfcbfabf10790b871dff58d50b333464edcea5bc832

SHA512
19cbc2868c7d093431095e16ed834855fe982c3a255ba2acfb2600008a44fa4135d610df8ada6f19a1bbefea9cfd4395c669de32ad6bcf0cb9c5287edfa63bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
1024KB

MD5
4566a2d79d0ffd99fc45d31ce0c6f14e

SHA1
7bad824171684da2649d195d5bc5b188a15d3e85

SHA256
975e52f0677196e5e4d71a5cc4deb087edd981c87eb1889d8e83963a1265668e

SHA512
678c0b19e802e117fc01d6d7513316eed3f952f431021008b191652503e1458a355645b95fd17c4345ef88dd2d002981bb9f50fe0c2003b86dd5c6f8281f9dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
e68e3fbe8a0f92d4af215372151211fd

SHA1
7ea8717338a3d7c4750ca23b02577894e06d3258

SHA256
4257e82f44a0a286d95d54ef39dfb0f17c4ae61f135f12bef93fbc2ffe7cfe95

SHA512
fe9d9eb6764e6a4440d98979251c3fc30bc9b1dd0ebecc48be513250dd123baf726e209b6c7c60826872b6616dd6b66584afda652e4980759a4c61ea4ebb240c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
159ff9622fcc33368c74aa754b0e9877

SHA1
ec32ba1efbde3e0d60eb0240c7f84485d2cc6f4d

SHA256
80d099e31e247a1ec942f93a6c389d49416dd783a01936df08abcb0db16050dd

SHA512
2802b797a923bea1dd440b829586f83c463675dbd92604c1820123850dedd34581dab595b358d214d8262e79ab8e155b44ceaf19de546e70b15d42fb8aa88ad8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
2eeda2590ad6d132aa37e839704684e8

SHA1
45c66c3f7834c8e9f0451dfcb172107d740a1b39

SHA256
edea22cbf72363f81d0b67cbc008a78e6d339b336c3a7a19afebda4c0d6438a6

SHA512
ec3838e2ef9a182b83d6ec0ce0630ae0731ae797fea8c752f47b73a2881315c03baa36b18d3e02f05ad715c360f4d384960f80924f67dbf045861a1f3ecf2ebc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df3e6be30b87dcfa016f031477508102

SHA1
cbaea2d8f6b82e4e76cdc0c23e556d32a40ec373

SHA256
af70f22c70cdf77627830ec1ee7413d906dfa8be184b008cf4741d5f56bd2503

SHA512
e7b93a3cb125208b46472629b4115b2b802f48d407703336ae9fdb89cad8fe04606d234c0f9d50f480bf844e57bb9a1a18c4124a9f3136082e596b67c5837c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4c2774eb6df2ee808ea5bc47e9aebcf1

SHA1
f0ab4fea7ffecfbf8e916be6ccf2964676dd4bd0

SHA256
dd9f92e1909af5071426dcef2901e154847c98531a248d6742bd8b4533fcecfa

SHA512
b39ba06cbfe6737ec620025e0d66f7ca411da59336db77a701cd18d57299b5e7d851d3fcd6838fe9d9c52efd1e519b68f5a08d0444b5ceab932f97d1e3b113e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
11ba96abf60f898a9dc5e398b631f7ad

SHA1
ae21b88bf13ceb1ecf9409b922d9c633e96fd2d7

SHA256
257fd929b8003d2d6803f03c0967399e355256118e9ecfdf5fd4ae43172dab70

SHA512
402483131e5233912b9dde230f681d9adb3e1fce1822799767b80e4e69e79ac6b5f4a8d70ea8bf750e7a05a6b7d6a76c0ead852169a91c25995708ba4f77fbe9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
49f34aad165b863dd3baaf913077282a

SHA1
c26e0ee57e079a020f48b50fe2d1834eb08242e4

SHA256
6a9ffdcd11ee89cef8e079be62d320f3cd41691a05e923f72eb87060505cfd98

SHA512
cd38d6775d9ce90fbb1b107c3e836d17a8eba75606f65c19b85bd8c95919d4c623612a3055d7f4c7d2e87759f6a64f52cf7e91872a4a1a6a573a1b3b15dcff79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c2dda8df83fefedb9859e3d71c1dce28

SHA1
62e00ff3262bcdb87d65810f64801bb415a4eb59

SHA256
489c012e35135d7db9db3a852e1190acfd6fd98cd3f4f1391bcb021b5d5ebaf1

SHA512
7268eec57128fcd3fcf7f6b8f96fcaafab5bf6c6ae5424b1cd4d9dae19ee13c57001fd1c5f7cba1387e9c4a711186c7b2155711ccf85db15dc83f86d0da5068f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
da2d80fa446212647ab3296aeabe748d

SHA1
ad6b86f5b7ccaceadc3935d6da794238af294a81

SHA256
d355616d6beab89af0194e9ae25a98a089c3c589b79a5a1a69fc366baf9384a6

SHA512
7a4dc0d8ccde0aa5006ef0cc7bc5be78d80d8a31308c4873d1082647ca8bcb6cbc78b7adb17d3bd9380169f0b46ed80f184d949b806027683dbfd850116e807d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
6780f7d5d80b2db01188c8c89a714080

SHA1
36e6bf0737b86b6e85de54cb689f57b874fa3a42

SHA256
a4cd7ee98594f8de3d0e50d3253a402df185dd44e63b92034d6b6af0bdf3cba5

SHA512
4fd24335f04e81e9850146de7d16cb45a0812accd5530a603ae0cded9f96b7496f19b6d1148c54a09976d694576a5a3afb669393f6e4e3a43f110817bf8d9dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe594b86.TMP

Filesize
89KB

MD5
bdcb34ffd7e666e6311199a8de748b93

SHA1
962998a43d32861eda9d7756f727bec54fe4b39d

SHA256
df40976eb47a2a83f57151416c0e76fd36ccb917ececf1a52d0628814fba64af

SHA512
4afa4fafda5eb035f2c6844603e60cef8be168edf988024fb39636d117bb8f12f9a35f98e749e39c2a60c79861556cb6ea2f8570b1a0c7d5e0b747ec7e5a53f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\53339177-c37a-45e2-a049-f95ebb770bbd.tmp

Filesize
11KB

MD5
993e42fd51bc275c476c6775c10fd470

SHA1
fdc75759ac0b659483020d617acc746025b35557

SHA256
6a48dccdc244999ef5ec306e1106ba875048f4410f3c9d97976e1225b89febcd

SHA512
ab1625b620ac66e683320da718551085f3dfc0c1f4301755fb077f185826973105868629d2adfec2f1fececd7c55eabee51f3b63eafa8d6fe6f0ecccc942fa62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
677f6dc7540868fc2b4392cf34944a20

SHA1
9bd459c2ce9f43b854466b9b59b18107c7dfe3d0

SHA256
42bdece12283cd52dd43665fd2852cbfd2179e3a6d8c7de1aa405c96b41b0b80

SHA512
6fb8162bd07054895b804929c8b98c352749a4081afa7b19e07363b06bdb38ca0b0e7794f017e0b5469e994b8e70032a7d6a4a7c208d687355cd6046969054d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd7f392257954f1edc345932b4fda013

SHA1
d0a5ca70e532b852d9c37c2c4259486a0bd79b70

SHA256
c9720ed47a357c3b5d32205b62ea1d6bc9ef50fc38673371d26b1f31b493f5c6

SHA512
e694f8712d32c318cf9b64bcfcccfdab25aa5bd023f789856b3b40bfd58aaaa97cb49c76b21833e3c31dd31be6ca3418008d9d4613c55316a2066a525db0256b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81cdfb24b7cb373078aded6989ce96c2

SHA1
6a1d8044943b0d7079af6a4464319e8527a2cb33

SHA256
8a588b00a12b871d90a765d9ea7676309dfc2a364c95b1ac68fc7480517210ff

SHA512
9a30fca805edd2902bc5fc88dca7db5dc85c62cb204a8bb3ddcc4cbbfbc2c3f65b70349195d1f24bf3473afed828f77de9ebdb88074409b960939e0c2d4649ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
faa07adc54a9626ecf34136348ea1043

SHA1
4c4aa0fd61941039e00400b9541066d2240d140b

SHA256
ea3678127338b0d55c497c077f37391365d10bc78f58ea18c698b3659773b1f5

SHA512
1dd08736813b3e2ae2d8dc032b345646b0ed25760e293cdcccc959704cb01659a6dc5f8bad65ef1462baec6875e97b515e98e80ec0c95d9c09e615519bcaa8bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
e9782c59390d47d356f1b3cdd9b47918

SHA1
6332b8d2a4996b0e7bca50d97dd5b3efd88a82b1

SHA256
92f9b410e5bf65a6c0e8f175ecaa5a4586e4e4aef0a5af46ee68ad33e91c55c2

SHA512
75ca97b9d339c8969701e12994fd94ce2720fee0fa5833c5e564fe02a61d988de146f35982d3bf3c163585d0b1e51340a0f140c71c406b102bb64259bea4fce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
a13164c8b5a7b3f2abd2e06f2c4e9d98

SHA1
31ca469525badcd353c8b3860860fd8eca013934

SHA256
4a0a9b81ddb478bb1375d1783bbca9d11b67f1b3e23c9466794ba0b9e0bab4cc

SHA512
7ff77033ff3a3bdc1867644d86fb105a7830e40902f4ea0d39c49a2c6f934279e12ac8ec2deca4e6b1849395333aff940d87c4b769cb2174d1053ea7d02b5452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
41c2f90c0e3d772114135bd2d8d8c769

SHA1
b8b6dff6c9732c7951dc050ec2e485cb5f2ee4c6

SHA256
2746d361c3ac36e10873bfa47b367d81edcb7553e600343b7ac7d6ffe485c6de

SHA512
c436e1f7e0579242af4731b08f4d6fa430efe28f10bdc4a8b0a9597a13c1568325e18c3db36fa999ce74b76d91b878abbd33188585813848b6b8fdcf12277b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
204KB

MD5
41785febb3bce5997812ab812909e7db

SHA1
c2dae6cfbf5e28bb34562db75601fadd1f67eacb

SHA256
696a298fa617f26115168d70442c29f2d854f595497ea2034124a7e27b036483

SHA512
b82cfd843b13487c79dc5c7f07c84a236cf2065d69c9e0a79d36ac1afc78fa04fba30c31903f48d1d2d44f17fb951002e90fb4e92b9eae7677dbb6f023e68919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
43879400cf8ccd912d4b6bf1429ed463

SHA1
f19bab8034de65465125bf321f56cb3f2ecc2993

SHA256
4ef76a7526999bcfa0120c09b23d71689ab16d1408832bdb688b0a20ead876de

SHA512
f106245d6a8bf0354c41ebc844de90e9b21ea70b364ffdd718c93db70b829f4245df8ef8bcf3078d1645ae9ecb850af36bc78dd48ae5373958dffef49ef7f0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
303aa3db0b46e51c46ee7e34428d3ba3

SHA1
a1742f17299f6c698c63e52b9b43ff1cfa6973e4

SHA256
160a7515fef5b886d909af3e232b4b91ab2f6cd8294e762e6ac0838802c9d896

SHA512
19a6f630a44d5d3b64bed98e389a3577f780246eecad245d610b2cdf8908f7178499ffd8dda69a88608cb264d9a34d6650607c86d673b12ec1ad90fe38f3d113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
cf66112afa173d4ed096dcc5c508e08b

SHA1
b1d86d6ef36b1f35b0f04ec91b25565d6f197543

SHA256
0894a9d26c40473b17c64959666efc83d56c926dd1659a83a24e60e81a3b71dd

SHA512
91ebe1a165a12b98dd55ff26783fc75bb8c0e3f3c19734741c08a72ccaadaafc1ec2093bac0e237d73f1ce4272372fc0aa17349790910bd7572ff1e80256d5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7cd8bdc6e1290a636eb6e57b9d181413

SHA1
68ad261ddaf75ed7e95e5101e7299ed675c58323

SHA256
37e48a63752e2f194702de419103c3f46bf5906eac223a7dafc4f15f2c36a971

SHA512
f8b2c43a34bb7b370f0668e7a7e14514374de73bd4cb931136fa9544d4a0e0baa6637aa1347d5ce586669dfc69b665598b1eaca2eafd51372d0e614a15afd759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
a2839032299d1a7af4946c783406f844

SHA1
d09a29f3d8ac76f72497650bef1963202ec5bff7

SHA256
a7f6debbe1812b6daa77f3265a7ef6f9edde43f7bed87ba9f5a9c790c6f71a54

SHA512
e5d6055d89fa94024b530eb0efcd1be7e2bac18a7cab2644219acb8a88136b03c004852db3308b04bd12a794e50e94daa392cf46697dbe3028b3125a45f88aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
f9998498b22e817515f5292b65479a82

SHA1
04f33be2a0b448ad16523c8812aa11925130f96a

SHA256
0ca7db80d2eb6d1e9a15c70cb5c7377b642652ec556c6ed2ab4c62c1806270b8

SHA512
993679b11c75bacc79ea00301c2940f944816f4182a6fa63b135559a53ef59a51d50282cdfe2be49a81cc9777e1d2d351cace2fee3b32fa66be750c4362490c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
892B

MD5
c3864abe67df7ab0b4c9302487aa62cb

SHA1
a35410f1a7a5e6a9640ad84a4ce1c623723d3478

SHA256
5608822a4f032f8b7ab707f04b546c3bf5d8870a33d54acf87b1275d2d1a6790

SHA512
064d2d3894a2ea3a6962de6ca08c40ef8935e9a695f05e1bfb9916fecfcf84375b5899b1527b152a6efc16de22122d7833c8d168836a7a05378cdf63d62595c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
19KB

MD5
91524af16eb562d0c0c1e31234daaa48

SHA1
a4dbfde3ec5fab032f5dd5c2e02537078682a11e

SHA256
64be319a4aa84a8457354e3bdbef721d4e8fed2bc00ea78e8dc623d6cb554384

SHA512
fe2f0539a8a6236ba5a33451132d5029a9bd9e2fabed8148d8cee82e0209b1fe2459fbd275196ef88c2b4bdac71dac0f110261029a521177323d5eefdc019fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
6677729cd57c5a8293dde3a26684d7e1

SHA1
1277a589a11ebb9ce6bfaf660f3e36aec09ee236

SHA256
0e705df1ba2b4af94de856a63a11c304a78a3c755d787de8a9a97b0bdaff2337

SHA512
0c6374f622469c60b171c9e47bdb8d618ce21cdc9923023508f3282c7fcccd4aed633c2c582ac84dbdcc418ed31c10039da7f27a2103721a91a69cd0058476dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0a22eaaf5b4c1761a7a23460f66a51b7

SHA1
66dddcc6e1b2e0723a5643a8df163292408e717e

SHA256
de517e684609d2486c9e80111ed3daf2d602bb54cc0bc7b74c3ed8c700fd90ad

SHA512
f1351f20e8f40550ddf3add8690fcaaa6fa9a65436b917bdb3c63ae7e6caedeb2b68e453881a9432cab026dab4c69c41d3ccd8e9075e59bdb1ae9b1d2c6d7743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d11262a22eaca44e63cd5bd22f9ef74b

SHA1
fab1b366fb9a7fe8bb48eb1d826095fef284d14f

SHA256
7e9faf0eb16703e2d53176311bc3790fe1adcaa403602f321e2240d2f04e611a

SHA512
f004ccbe3feb77e96d7218ce652f8b095072a8db930df630b415417624c812ebedf5c04cdb1f5786e0351de1a861fd426b38f08c7069c79239d0be906832c3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
aa4625fae9f900ba1e2ea22d67d09f9c

SHA1
52ea6a4d84f55715a22a8323d9b5ff9fae84d019

SHA256
3a2fbcd3605b8fbb106707f6b5d0bd4cee76105a2085da0c22cee86c0ba57b5b

SHA512
c9f733237a963c8208eb1e04188d32b8f3731602b160239f1a2aa5f5da8d63356ace5444b27b609952eb1c957906e51ac3e3006536583e58e2e4a8e340bdc40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee38e76be36bf94a1b3cabaef5353561

SHA1
e08dd90d010ba4e9dca6df3c6541fcfff02008b7

SHA256
793215e2e10edbfcdf3b7db3f98fc83525aea12257fb94b96da2a9ddd2c0f0b9

SHA512
2cf07371474c1de7eb9997225857249c70220e090f5e4cd42fdb6e30db08975eb682616b721ce8f4070395374d20db1c171329008e011f247007375ce746d5b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
23cf3250e6accafcabb092478223fa49

SHA1
37fb3dff1c266186ffc59031291e0de50107cc99

SHA256
310ae68deb21691c32a6387d2349eb1d886107e849eb05762a582cbcfde023c1

SHA512
212439395ab055cbbcc1dc100636f962b3db56154d43e01c7ee6c4ed999cb9933530927a0850565a8b39d6865827c65b260f6d828bc86087b0c5bd699035b301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05e5bd0ecc8b1fff250e945e33e6dff7

SHA1
d5e6d19a8602619d610ef4389571ddfa0d7df197

SHA256
721fdb51e8d5e2b2c30fcb8f1a88c8af9feb87419ecf0651092621bfbd31a627

SHA512
0fc7ff9d7216a2670c46b0c744a784259767543d633f839af7eb4557618aa43e982daeb16ce8f51008aab712a4174b691ab73e7ebae4f96a3bc574626c4908a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d96812ab9c6cb16a344278b936ca7487

SHA1
8d4596b10911243c237c4f6874b63205238092c7

SHA256
057e3894681545ecd1a94086ab69bc7b911fa12e7551604c1d4ebba09e942612

SHA512
a5c65148268163afa802aab040e3584b67d5c2ccffc04b40e7c6af8ee7fb6b066f45714ee0a0a9ce10a3af074034660b8f3f94226165c0724a7bba820dce1d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f478a2f35fc2b7c6c458103a240fae7f

SHA1
5eb7bc741a2cd8ae73aca32ed01cedad60e8f308

SHA256
0454d740bf5652d6f36be45cfefba932a15af65031fa3e2d52c166c00c7aa55f

SHA512
1903cce873606c290738e8502b258535309677fc31014c6a7ce12ba20239569534f790a2f24c2f76388edd7d3adc462c511857130ed11fb9b61fab0189a57a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0414ba2a0ea43149e080301ff6a1ce82

SHA1
1c95a0ecfa5141b05dc74602a94ec901d48205ac

SHA256
e4f069024be1c6c4e186aab6c15f2b2a2ba14754dad6972181d3e8f75fef5fd2

SHA512
c97748f6edbde7078d4a8e28a3b152a1eef4088dfd570f75b4c65da8ebc08553a639b5f756b7feba2fe4ed7f5fabf378e3a8c6b2f09a397aad43dfbb9724b3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9b797f4f5ef196256c44eae8fed1d10d

SHA1
b7063968cd385675ace55e114e06166a5137d9d0

SHA256
a3e14ae3c569c0802511a91f2eee66b055bb9334cd836975d3762c0c6de7f55a

SHA512
686b86574494edba248495b1bec006e06bc0737b062dd61667065be071de292cda9dd372305f1bf8ea3c181a6201632d8004bb67fd5051787a134e7f4344eb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bf409ba269bb79a2959d2f5e3b1a21a4

SHA1
02ccb03c0748a3a8988a5d8c6c41f9add8d9149e

SHA256
667d1da13cc90f2207379ce66e69356f9880f01b9a8cb2386d0cc1cc8e0070ac

SHA512
9e163871c5716e4cfb007fea550a14d7e0164e94a59347cc70d06e169d75f06284eed2a8f1ea85c05cd209f6a172d4af69ba2645444e82838732f0ff4d073a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
8079898444ed609c6402aa2f51aeff41

SHA1
e02b5c96ccd6e8cce6f03d790a9639bb25f3f465

SHA256
87b622a049ec439692d0a22067e21819b0644ed05c1263b04c81ae1de57be413

SHA512
ff9c097169513757339b172c875694d80c44d66ac5e7dbadefabc559493ac1f4ff2b12a31c78196e9825d08a9e0659f189f97f62a0b32770569e157ecc9f7e66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
5087dfcdee1f7d54e8f17d15d0b35bf6

SHA1
25c4f22f38be91bad4cafbec9d27f4274ff8a61a

SHA256
c4b59f553e20ed7e51a7e1b5390e5ffe083770665a8b2585dd462cc0d83bcc91

SHA512
bb04a0e4996a3efae234c93eb36a8b519dea49da43e30681a2eb3dc81d99211d594f57372bc0341ee21aea5da7fbd6210f0f16b7fa4ebda8ef4f4245a8b20f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
96fc4a22dfc3c50c8e96d73651a04274

SHA1
1979a3b2b7eed23a2b869e7fd359cc3ae3e84218

SHA256
5393734202a4e0e6f18cc85fb7d57b7a9892b4be86d3ac321806b54fa0a8ae63

SHA512
6e19433d84bb1a79fa03989d1b9cf73f3f532202729a97e1742129752c0551a8358dc32ecb67e96f336e27b82a287d5545cc702c5b0ff29c10cee9c6c17b4378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13360680992556980

Filesize
25KB

MD5
c08011631fb8b5d929b3496fb50948a8

SHA1
c5b2c01698b831416ffa2177db2ed66633c475e9

SHA256
78c3eb2c012848a847972baee8da573ee93552414b65b691c4e1afb49c585bf5

SHA512
f109de2fc0bc789d865a776a7edd176d9c0b2500b911b4ded953be7e0f8b92f9007fe7d90b8309fa24cb1cd623b58216726161d552b450a3d3d37fc770e80951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360680992717980

Filesize
7KB

MD5
46cc15f07d79431b884426a19bf7cd48

SHA1
a8451b71dd7dcd5a21f829bfd330475535015774

SHA256
b4f093cf4cef19755aff7c44825f6be263f242be8e7835f194e4076b876ad88a

SHA512
7a5d8996d9a3d7e99322196e73793de16c3c43cddeb53520ed82b70225f06a1bcab099f071c020cca7510bd2aa597617f7b7f05f3dc3d363bddefad99ef22f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
2607b09374b1e66320488cf05ea36de3

SHA1
2feb3e7862ee6f4536cae14144f06aa87f8e7c43

SHA256
d8b0ff994be913d290ad9d88decb8462325e9c972ee82c77b56aa41bc2a3700a

SHA512
28fd0acc3f83338c8380dceb220932fc1cb840c7f2724f9deb2e634dcfbbde800c725308d58853f1accdb2294f551550c9334798903bf76fc896164a0bbe1ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1357947d2c12ade46bccad1795c70d9f

SHA1
51bf0c7fb25db19a8a2790808ee30d97031788b6

SHA256
55143dacdb70bc4be6dcd3a21c520ba1c48c0390bc7acbfe798db809b6be5f8f

SHA512
ca09970146890320621734be96c53b9351e7f2e6b4b09e4af675289e2241b66d23beed3698676cac6a38235146126cb73a4d678ee86ff2e802103fced3e15a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c599115682b7032200c2db0fe33650fe

SHA1
4bc11b35bda4c117eff6cf8e98de9a46f4f826d1

SHA256
d35191e2c718a62776a9a9b8d49afec6b699d1cb67fdcac7588893887231dd28

SHA512
cfc825c7ffa56de1ce792a3bb96d01ba4e98dc835b9617629fda8c02db517bc035f64bf84824106db05fed732ace2a56558995e27b10088cc8ce35f30df1bf29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b682d7e5b4974af0767138a437a3d112

SHA1
a9ccc95a8a9aef483d57135e01d75813641d49d8

SHA256
3f2cbe2ca77e798abb876bcd73949c7873926edcb50ac7ddec127af121642d4a

SHA512
63595b0787fde67f08fd04cb7181dcfac2ea0b32c38e91c85885991b2fc38566a23534b84588ea78e41adf7549a88104eb4d726e36ad27559cb1b959d279df0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b146718d513f61b7d09c7cbe952aa793

SHA1
bba473f1f176a5fe7f5ae4ebcaf44c2d83314b1b

SHA256
9fe6a93325df47b26f9c578a3c5298c579056877d3911a726ff56c05923d31ed

SHA512
f30d285b340574b240fe84e6b65e49e19b76ac156ff233e4cc94643768a9deed10797841056fbfa4d8caece69eab9e85e4dba5d7b50562bd5c64269f46208c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa00.TMP

Filesize
1KB

MD5
04cd2668bdd076ba5ff8da6235435336

SHA1
9ccb449adf94a33acc2081f1477ad2616ff7602d

SHA256
e37c6d35ff29067cede123d2028e461643011d856797753f09e4be997bd0a7e0

SHA512
70fd311e343d14337f9d812841fabf781e5641a1459e6d7653260d2686b52efabf627ecd069e9fa69710e9fe7bd30600b9b7fc22406da0e02ad80f609db453c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
71d3e6f21a1b8f48f1ce954d5d585d0d

SHA1
c958ffee6694358d4fa3e490bce434a43a995ebb

SHA256
1655f3fa7c75c36da642361fb0a88816998d277ea12eaaeaccf1ee0c5883298f

SHA512
109d1728a9a4009aa83d4e5e1b5d70a29b07a249163e6ff64a3961d32556439ec381d712f94ce51d108c17655095b17dc006b08b8916eb13442331e190d0a8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
85d9436f545636c812ed31f0d60391d0

SHA1
b60d2a7a7621a7e30974aaef8e6b0a1ce30849ea

SHA256
fef7fb63d50689823812afcb28a1996ca79ebb3b7c36e54f50f097a52de1bff0

SHA512
fa35d8d897a7ea8a90780ff6f38b7a4cfb71d6da185260c8fcc8d8a8f9e80f13bc875a850c534058b5a77534b7f32e8d8356c779fe143008e3c8357f0f901bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
fe292c2136932e3da6f754ac792d3b54

SHA1
f709416950e832669f2ee75b05a909fe0aeae7d0

SHA256
4915d87e49fa2aa57a0779a6d5da5015ceda514e8560ef5b24522b53baa589a6

SHA512
0a68bfcf309eee22eedc6fd8d196e2c26924aaa626a20915c35f98b1592b22301eb2370b42fedfd5dad8677d33b5cf7d303280fdeaeedfafc2f15ab76bb1bd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dcd95ac6-934c-4c66-bbed-38f667b5bfa6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
675KB

MD5
a4fe8f71057fb8c3d7671a224a54d166

SHA1
d90d097341815efb230656765ee13d9347ef7d7b

SHA256
7bcb159458e97653a40953cbb670815bd6f4b6758b396cd676d9de648431cd6b

SHA512
ce42f1179a2a81fda945ae195d0dac30dd1e5b87b3e47fab53c3a0d4d757d25d1c86a86a9808da9457d5dc2f777e45cb55534ae293dd917c38c1c132caf707b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
7e60f0e29aeec6cd60272421d07cd639

SHA1
5af07057ac2d1e72d0f1c9f2e1d50ed5704a04ba

SHA256
8926ccf8ffb124b925aacc0077c7c83062adb610fbcc5dd726d1259f8c8785ec

SHA512
5c21b64ad4cb36293e75132d131783c5391510eeca1feb66edd39542fc8a9c16680eb87dc26ecfb1a706b2be0aa670f9ff5de728c8b344f06ce0baf9a6c24924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ed44c0689e66d573881b8b9d9e3c6266

SHA1
d1720b08d1135ddd43c53d379f2c226b40152edd

SHA256
f6b80f7f3f24374f69068cf55a54a58a809a1a90a719d165ab4a45b64f2021b9

SHA512
2a63f6340c9e8326a5f8d68762070b8c54d7ebd27f91d0dadb643dd9a0faf783380699c28452485f4964ce0ace2d0d492a67153daaf405a39957125a825546bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
6b8d5b6ca8e7586c62af8c48508eb1b3

SHA1
5dac0a93c73cb856bff03b631fd06b50a8b06ead

SHA256
6f8a01c11ea5964371afe6a2a92efd4b15692096fc2520bdb5ccee7a35b7f87e

SHA512
109d99eba14d6069ea0e32481c6a10d14d83ec55142337c37c82f8864097c7141da2be870ae913ee5c9fbcaf9282ae46da52c9bfe1fcd13f3a6750256c05a67f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
617b43f8af8f90c1d4720fd7933464f3

SHA1
8cd727dac062051662bd1e24a0558ceb18917fa1

SHA256
9af5a8a056fb7bfcd7e5e38d6293cbe15c4c40c2cefa4465934a0baafbf4fe0b

SHA512
3ddc0ff9e3f8b26d0ad033b084763000accfd535bb009d74b80c5ddbeaace6bc51f652cf0d6661dfca1114097a61f7f9037492f0cb0b8b10959ac6837693a6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
856f59c715489bb69f071961d1113194

SHA1
399aeaa79ebc24f562f9969c05aef41c2026471a

SHA256
f54c2b4e6193f7044843416e22fe4f6e2dda14b565332e52237288b52d29a15b

SHA512
2d7812ebcce152c5f71efa6c7e9d1667fd4a069c9ab2a611e68e344ce3bb80918c0d20e8e3389bf189a54c17cfd4671e8f3c1d6c9bc87b8767308a65b63f2afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ff8df76e3fa6cff9f8198323238c7f6f

SHA1
94983b2398ff0ee5e7d363acbc4c75e3c1b71629

SHA256
8690baa4b806cf4576aadf18f07a3a68d5ab7a2ddc61e2283479c35fe574f81e

SHA512
54c160857aae00bfec26b07a21f4ad02856a012ce3a6610744e97911f245d6f1f9d181de0b4ca9287b01c6cbf752be690f9749b631333db4a4a6aed86e40c228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4f681aa7cc92f635bbf3edad8aad7ff9

SHA1
3641232d25a78c963e6dfb94e867813e1525f527

SHA256
df9c0fc42d7023e2fcef3429a5eaf87c95e599d1b8b010a1ba0b23768ad63731

SHA512
381006290afc85f697110daf654d6edf7ea905fa393f2258e0ce321f03869426c928eae7a0b758987c2cffa3cfeeb03fbd0275ad240ec260be43ede9f8c6e93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb1b1e1982c11bd882d9f6f80bed9893

SHA1
8a356a3608928c1efca7dbf15dfc345f029215c6

SHA256
7c5bd973b8e57158cb74257b133d4a5bfee70033e554b1fcaa1db24c24419edb

SHA512
3af734ac50ca629b2d9886625ddcc02ee0c485f562fb3b32f78466708d6e7715f389695ab8704c4aff0730dd16c3bd5c8db724e554a0dd635130123ba66b6a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7569b0033710167a45cc9d1c4a6ca5a4

SHA1
6e8a9570344880ba96705c68427acc294d57aba4

SHA256
7c52f9783e2bcada08d27185fb51ff3ff08a1efe1a2c6cfaef844a5ef58e7513

SHA512
3981eb3b5b925c4377859da1654404f526489edd96134f755107a9f561a2bd66cda921e8370e0ae5d9852adfd6f17cfb25e5d230d9784cff894748b9aa95747c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a73610d249a8d2c8051ab5c39ea8aa0

SHA1
a202fe15f51950605211e54f2c9b8d92ad63656d

SHA256
6c9cc579a603decf7cd4be9514c1d108dfdc1db2a6b0674c72f454004efecad3

SHA512
b8aed401dc022a7fb0c27075cc8ce2e0f9483bcc5a2bd84a2c49932c2e65ccb5fec79cc216506cfaf6d78b398ad922f6a2536c93ab6f78bf466c6b9a4f6b5065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
85f72e55ac08e94fff35ee63186722c6

SHA1
2899b02b39480f5341bad1bd67e81b644b0619ff

SHA256
e718b30d2b90ed08fa379928f6866d367e63453e06a5ba445aac7a6ba69f047d

SHA512
d00d2312571eb9693a841b4d0eb84818928c30dc3a1d856b476c8ec877d90499a065eb431f768f36aefd4c0e9d396bd64e96ced8bb3706b253421b5953493514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
3a44202223e22cd64bbd9b2a006faf79

SHA1
83a34e593299c651e687036bb41a248085601690

SHA256
bd35e888894536aac2ee4d9b2bd460845daab41090aeca36cee8c356e1499597

SHA512
67894bc979fa26d3c8b768546e538caf374600a8773c45c6b844055c3e20b33fcc9eed955a2e128f9d63c0db73105db77fa9d8d286b9659010c30edbb08b120c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
649c751e10f3933fb75c28b6a592c902

SHA1
a58d444e03d0b08aa517db8f12ff636fd68c5691

SHA256
396c214ca2c5dbd9c71711971c1273d79a964b05d03302cb03584843430a70fe

SHA512
d775a081ddbb2ae52fa82ae2a94c06b1dbdc27f634180040e34f5ae768ddaa0ced7b9abfa08fa2d9c7fe4a00553f1e7d89d6e33afb459df6b81829a7a1d36fd3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 371167.crdownload

Filesize
141KB

MD5
e7aa692e4255c314904172502949d64d

SHA1
7313f1830cb2e2aeb90a9eb73dfb65bd549a593c

SHA256
71571d60e6edeca2109f6c1fe1af2294b86ebfd9b3a82c383511defd12395156

SHA512
99d80c1cb0fe392bf51b0954599a43c5a5e551a9f15d4ba01e332f68bb1909e8f97390016bec6ab411ace8a65beebd6533ede0fb2c65d693dd35a4740fcfa0e2

Download Submit
memory/4940-33-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-11-0x000001B2E0B90000-0x000001B2E0BC8000-memory.dmp

Filesize
224KB

Download
memory/4940-3-0x00007FFEFB383000-0x00007FFEFB385000-memory.dmp

Filesize
8KB

Download
memory/4940-30-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-28-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-27-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-26-0x00007FFEFB383000-0x00007FFEFB385000-memory.dmp

Filesize
8KB

Download
memory/4940-13-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-12-0x000001B2E0B60000-0x000001B2E0B6E000-memory.dmp

Filesize
56KB

Download
memory/4940-34-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-10-0x000001B2E0B10000-0x000001B2E0B18000-memory.dmp

Filesize
32KB

Download
memory/4940-9-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-8-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-7-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-6-0x00007FFEFB380000-0x00007FFEFBE41000-memory.dmp

Filesize
10.8MB

Download
memory/4940-2-0x000001B2C2C90000-0x000001B2C2CC2000-memory.dmp

Filesize
200KB

Download
memory/4960-1205-0x0000019A896A0000-0x0000019A896C6000-memory.dmp

Filesize
152KB

Download