danabot | hxxp://bing[.]com

Analysis

max time kernel
254s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bing.com

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Blocklisted process makes network request 4 IoCs

Processes:

rundll32.exe

flow	pid	Process
239	3540	rundll32.exe
241	3540	rundll32.exe
242	3540	rundll32.exe
245	3540	rundll32.exe

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

Processes:

DanaBot.exeDesktopPuzzle.exe

pid	Process
3948	DanaBot.exe
4148	DesktopPuzzle.exe

Loads dropped DLL 3 IoCs

Processes:

regsvr32.exerundll32.exe

pid	Process
5588	regsvr32.exe
3540	rundll32.exe
3540	rundll32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

Processes:

flow	ioc
235	raw.githubusercontent.com
236	raw.githubusercontent.com
237	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

Processes:

WerFault.exe

pid	pid_target	Process	procid_target
5624	3948	WerFault.exe	175

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DanaBot.exeregsvr32.exerundll32.exeDesktopPuzzle.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopPuzzle.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{54384B2E-2C54-4B59-B147-4DEC6AD689E3}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{6A3E24A8-CF1F-4924-B359-46D3068A36F0}	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 127247.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 464806.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	Process
4936	msedge.exe
4936	msedge.exe
1656	msedge.exe
1656	msedge.exe
2468	identity_helper.exe
2468	identity_helper.exe
116	msedge.exe
116	msedge.exe
5436	msedge.exe
5436	msedge.exe
5436	msedge.exe
5436	msedge.exe
572	msedge.exe
572	msedge.exe
2156	msedge.exe
2156	msedge.exe
5144	identity_helper.exe
5144	identity_helper.exe
5748	msedge.exe
5748	msedge.exe
3964	msedge.exe
3964	msedge.exe
5520	msedge.exe
5520	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
1656	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 1656 wrote to memory of 3420	1656	msedge.exe	84
PID 1656 wrote to memory of 3420	1656	msedge.exe	84
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 1808	1656	msedge.exe	85
PID 1656 wrote to memory of 4936	1656	msedge.exe	86
PID 1656 wrote to memory of 4936	1656	msedge.exe	86
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87
PID 1656 wrote to memory of 4964	1656	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bing.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8fa446f8,0x7ffa8fa44708,0x7ffa8fa44718
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2300 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,18106556464952474878,11269411254121619528,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x310 0x2f8
1⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa8fa446f8,0x7ffa8fa44708,0x7ffa8fa44718
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3948
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@3948
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5588
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 460
    3⤵
    - Program crash
    PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1996 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5520
- C:\Users\Admin\Downloads\DesktopPuzzle.exe
  "C:\Users\Admin\Downloads\DesktopPuzzle.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,15056474100284804967,16197850591774442423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3948 -ip 3948
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3fe117fce25c113f7c50a2251f64bbb

SHA1
669b401c0186695eab005cf4ac2736eb1be00767

SHA256
ebea96c94fa1c2c6eb433acafd7b7085b3ee987decf6a05c6af61f4a8838c14e

SHA512
8651b56a31ab86377d850d8ca6bfd29cbde10d165cf8314d5fdb06219d769089a493e8579c93c401ca8aa0188f2a240c6fc4d3df59bfeea0272ba4cafcb89ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65dda5b8f60f3ce5456f0912d72e441c

SHA1
b99d17b82fd15cc3e8217f65a7842c8ff9077f45

SHA256
b9d4026a6607ccfbb85e4abdebcc301dd2b344b967305841bc60b9f0c4845d1d

SHA512
70c96605150135f156bc33b66b1a8e25b097eb56f3e43db24cd0503a33ec15eb8bd24583ec1faeac9f84a862a3893734157a9afbf7a7f9c6af3839805bb16c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a689073-389c-4587-b6cf-6ef5a8fc1bde.tmp

Filesize
8KB

MD5
d5829e8ee5e4509dc775e0ea9fa3fc17

SHA1
fc48d20e295de480ab70eea61414017c7eb0b8a2

SHA256
287b2c0fabcd7dd991a9a43d3d08edd1d2951d95b8b3676e1d410102b419dab2

SHA512
2e078a4f40a096159fabbbb3bdd3b6d12ebb3578da95ef3d615e4d60006b6871db0f6372d8807900251c96eb966fe941f8d08bff85c38b7469fa14bfb4e2e54a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
7ed8b617ec1f6de0a336fbc15caa904a

SHA1
d2dd41a36e963a4d4bec5fdddd8db6c1d821d75c

SHA256
1756379d6f69ce79e37c62b36852b95909cb216635b042d4a991def436aec50d

SHA512
7acb887a06fa09616ac6a0cd627da5541c8e3c51f13dad58288cfa6270ce756892b3dc180b83d911a7099f7800e169a88fde33a1cd31dff86ed7ef4e84bdfb22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
19KB

MD5
635efe262aec3acfb8be08b7baf97a3d

SHA1
232b8fe0965aea5c65605b78c3ba286cefb2f43f

SHA256
8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

SHA512
d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
69KB

MD5
78cd7a99c7b5fc56d6ed3572d4343777

SHA1
43d81f9bec07993961a71564ad3fe7caf1e0dc9e

SHA256
189fc5f9598a50ee6827aefa3c68e6075aafea1c121b999bdc00464dea5b6b7f

SHA512
cff123cc763c923316c90461fc213d2b2a6172dfbff1dedd1a67cf1bcd570935b27583e2bf60aea968eea721916001bd29cb8ebdedf7c56096c294e1838c518e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
43KB

MD5
ff83449181c5edc6441698ff5aded99b

SHA1
0a73b8333e317ae784774eec3207e4f3be189082

SHA256
16e523aeb8e669d1b389794960f5943fcb763abc1f863de28e4278ba5c14ece8

SHA512
5700a4f295c161c9a1257602ac6253f95ab0de6ce504362b3b0f09221e188ea20183bf441701c3d3055981c9a192180da0db1c50ec135ae051a40adf3d1ff62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
17KB

MD5
ee3c7a4f3ef64ce242ebddbbb18fee4d

SHA1
69c0c341a056fb060da5a9ebe93c873c3380f42a

SHA256
621068b854463a93afb6a0c960cd634c991240111b1e55d1228e623e3a410207

SHA512
aa81d9fdfc7d68e0c136e08ebb445b2c4a9179c1c974eff6639840c916889e3bab3e7a3503b615e6ad6ab398ec88c11954a6ab634ea91c603dd599deb90affcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
18KB

MD5
0a6a337cf70ad30628d1831548e2f85b

SHA1
30580ab939b65b4c28667cf20208d49193a4dc9d

SHA256
47fab19780552ead577f5e2aa7e5986d8d1c7a99c62c40425fcb7699a7205d71

SHA512
fbe2841d12e48ee69cec1fa463fd7d9ba2c75548a080ecac3744c0ca4eea7b00ee5927ad8e470bf755bd18256a230a7421823237d3d6ff576cf6473aa2675601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03bfd52d18703eda_0

Filesize
2KB

MD5
b9954efde5e891cdcbc0b0d65ee321ac

SHA1
1e5463294bbae5d84e4ba03f8e76f398baa149c9

SHA256
333134fd38a5038760544807ae972cc189813dd018a353c9a132ccad288d6264

SHA512
1ce50a17b60f931f5d9eb230fbe60a645c7b08b9844114a1bd71710d972d6b1007f06578bf88117354411b31a39247414f2e208c27e3a6f3be6d06674dc9d999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
18544eb6f89eb635bcab811da72cac25

SHA1
f9c0eee88067b0c37e90a54c4a95d400c4365bc8

SHA256
87396ae690621f62a1c3f30c8dd51bd99df9733031a8ee51f87e430bde9730fb

SHA512
4a968fb6e4d6827ae6b8a8bef7d6f0975ddaef5eee465c586994e0900c79b285b281815657113e34b89b1800aec53a45a1dd18673bbd70fcb8231910d7a1fda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\15653fd4d8966a7a_0

Filesize
2KB

MD5
87230cfb1f9f418dd645173097ef3766

SHA1
4f210fce069644e790e0837669c95f4bfa6684d4

SHA256
533082e31f8b28b76ab8f8b156bac72825e95ee647aaa1eb804642f79d71be6a

SHA512
41a7ebadde9921a7c0b5a5671d00f9d65ca13fc3267a3b423c359f609d1522cd612ea00189ff1f5fb81ad6ecc962d7f27ef902cbc9c0484c44e10291a90c99f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1628fa032e39d851_0

Filesize
16KB

MD5
f0b98f3c6224a5f702df153a5d19a611

SHA1
658742770e39f73910e58664480cfc207f1b406a

SHA256
a388983cb9a5cbd7fe9b5cd689239da05ea5c27b2a3adc3662695074f7e45dc2

SHA512
0113ee979b27ff9aacecac05e0e9bfd2a143ff902ac8b2fdf79b2def7d9d502a8c80627117b1db603a3067a775c2a86c9c446686b27bfc12735365f933f9ad59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b342244409a7f5b_0

Filesize
1KB

MD5
ed17bbe0c9aa4504566187449aba3b55

SHA1
3cb9fc12d2f4ffe1b883da268da6ec080a094f14

SHA256
fe9ccb857183ab31625dc79b61e96d817e5b67545652b0e21dec18576ea4f17f

SHA512
13f0a88cf14d498a106bbc16c582a708c05d81ec3568f3ec68a75bc2458022dbf5bf651364f000dd248f6ae817f39aa6f7f9c1e1c7610d9d9ff3d20065a2571a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\256aa39a0b7a1025_0

Filesize
3KB

MD5
053fc2900f33d540c08c837e8e9b9aaf

SHA1
4e3d88d3afcafcc09018dfce222f99479d1b9076

SHA256
42d27c04d867883e720b2ef2cd32ccd038b3a6592738f7375676e79f1b76c344

SHA512
27b6afa8440e24db0c7916f3ee71fa0f6a696efa511e239b52ec0c4084a55f087527e2b1cca467ede4a3861062a5e2f8084f55a6500f48aee1ccbb5b328a6863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26069886e990cc46_0

Filesize
3KB

MD5
78365708cf8b1d961520b6393638068e

SHA1
8ab66544a97475ba8c359f00d05de0a80ea6d69d

SHA256
6c963e53204279c4b7c68d4f4dc434107d7409fa9a4c42d358c0204c8eba546b

SHA512
e33bef5e7a0c3403459fbd3109e12f9503efd9caf66ce1f28b0b89eb44eee908ad7dc37777dcc98d6996efea2760ea8cb5307239ef52882a995c794123011da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2767bfe0cf3e382d_0

Filesize
6KB

MD5
f86009f770744032ca26af67c479069f

SHA1
269aa5d8455d547039898d0d13ec5befdc50b5da

SHA256
5caab02a7ad49003b0e5ab769eeac73e2d4c94eafb4f67b07ed5b91294a5e868

SHA512
52db5a973b9145af4d8d37913929e80d05bf7a8b3e6666ec94896d2b45acbf80b21463f0ea6dce8f5572c3f395628352a52df30b8d968712959c0a4fe891f544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d44dca25c7deb36_0

Filesize
4KB

MD5
b2215bfc2ceb5437d0c31495165cd9b1

SHA1
d18911dd506f32dcd59eed7591c60e5c188df784

SHA256
5bbae8e9fbd50ce42e81f2ce553e9cde9dd3da24b702c244399a171e6c5bbba8

SHA512
9bb77d71cea83c10145ec5b9a129b8601a09864c7b1f482b1bc0c9f7180cc3c30e14d286c4a1e8f739d3e7d1ba305e72328ce5c0c508389add1b97437dd01b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e4447cf5fbee8ed_0

Filesize
4KB

MD5
80afbc556e6d4a35cb08d280cf2b2300

SHA1
2baf8e412becd0421c32f37be9ba04d36cf349be

SHA256
7ad857836912e4f0bea2efd9f9e4dc23d55c3e2a766afab3dbf93809ea7085f5

SHA512
c83460bf795b4895386e529754e16fc009d8d3b2cca3567aa519768593dc116878996071cfa5c4933bd0d5aef671ab63f83856b4016db9aadc8ea575c0c54f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f9424cccc041251_0

Filesize
2KB

MD5
d41c9b404d5d1cd97abe4a1165114c4f

SHA1
87f5983a65421f112303d986e3ecfd7e48dc8561

SHA256
ceb6dd8d4f1f2e92601354a7b8188220cf1b606dbed87cb74a38ea4bc8ad87c5

SHA512
0b8884f107bad35817475f01299ff1e7ca406f2314562378337c7de11ebf1369bab0dd15f6ddace519e31b45a452c795bd4a924298055b46dc06b6c63b83ba09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3552e3a94b35b185_0

Filesize
2KB

MD5
0e7697b660f2bdd67c22d3c5ab6a9799

SHA1
2a736c8618cc38bee840caffead6fab9f94c3112

SHA256
ae61bd13de4e9a697d7d904bc02d75e3509678d1f1f4db6cbdc5b4f72d4f630c

SHA512
77a20de01f852aa76b4b8a0992c2dbf65555fc756b3b8068705b9a160751e09c3986c08923af39d8e11becb4ed5978cf6af91c667c2acd4104f48927d3f53d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b3e0ce13da94924_0

Filesize
1KB

MD5
251be6435b6fbc6a1509ddd499aae43c

SHA1
9b74e130e2e64775006f1a76893f6ca96e2d10db

SHA256
6e2a8664801fe2605213d88cdabdd377c01d697c0b3f2ceb3f64e42ec57f4c43

SHA512
161af198a6aae81f214b9707b33ffa6f81d274492aa06171f011e59ca5ed040fca765c00dc81f5a4abdaf6c2fbaabf6f079ad2ec3ec40126648b8b7f26db0a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\437445634e270822_0

Filesize
262B

MD5
f7b3853d32ab339226dfbbdf8c42016c

SHA1
d57d2092f608eadbbfe265a5d5109fd7ec552c1f

SHA256
225c3cd6b2f404aa6dbc26aa5872cacbfe9e5f9bfa10fa501862799ea6bd9b4d

SHA512
fbd12910042bb7008c2c155d1c75fff3a65ff07b9dabd67b780dcdc1b86c6187566496534ac69f3104e341e479b27ff16745b28a7843d18e21539d45f8ab366b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\472a4b711e1e1690_0

Filesize
9KB

MD5
fc4ed2c89bec0beb01439442bb9a92ba

SHA1
61ccc4d9ce7c6ca050db672c365020c3a51908af

SHA256
2734f3c4ff70057cf7d461b26e32d88eb6507f35911666989475867ea4e3773c

SHA512
44471185759044b1e31d63a77cfa422d0003d325202f87014bf76b23f3b6288a519ef56daeacafabc15a8673501d595596c790582864cd0b66284122ddce0a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4acfbb79fee29cbd_0

Filesize
14KB

MD5
ed4ca5ef787f84aa61e82191abae658a

SHA1
36a8882fbdb06e1b53b0c2e390e0ca2f33bc1bd5

SHA256
38726a4b0c9f43f323c6b80805983dda93d9d261d38bef88cb3d50ad588c9a73

SHA512
9e1be83b67b26a0bd42afdf6b2383ba9440db8b59bc1a2df1379d27d3a4be6d5d4b4f1f6b25a7a8986ea1d2b02a860f15fd267bba09afb8c34a4926165168c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5798b11df0a7ef5f_0

Filesize
2KB

MD5
8257b1133a639500034f817c069c3430

SHA1
e782bc7d1741b84cfed0266ddb9b7aaa98d17ffe

SHA256
7f9dd21697ee2cf92e363d54ed4f7163d0f5223750bfd946b19da06f9b551da7

SHA512
db8e2029cd80a63ffdd3dc47023fb25cccdccaa552730ecafc2dcc51f931a64e25c42d9159a09abce2b7f4650d6f8c2171dc6c208f4ac37d2ded8d3589a9d5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\606bf7deb05af9c6_0

Filesize
22KB

MD5
513d72bc5fc1707231704d8631ef134a

SHA1
11b9a2617d4d0b0866a7f369daf128b866b26450

SHA256
6ca2006cd336e1db61b25d3996561ba4832f40d17f67bd052f2fa357049f6e26

SHA512
e8003b5382524b2068b184fe915b4bb4f3ca5f50092bb8fe85681d2ac64059f1dc1c5b6ea6201984d1a1827ab9014e236c70526cdebe4dcebb54b791f15ed413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63ae369f53bd7945_0

Filesize
5KB

MD5
1d3039f26aaaaf5a5ca3c5eaedac9591

SHA1
36b12ddac28bd9f1acf3635260b1f90dda7eaa65

SHA256
fb5ed55827bea6cb73a66a77dda526893f147e7284d46d11545b2637c340f1e3

SHA512
f060d5687c33fdfd8cd6c7df8f092290f31bb9e6a5cc9d2abfae190654c41cb67f77ea898e00a1467cf644408f91e2907093ca5fee06dbcca71fe5ac2e9ce9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\683a9cc0a3fb4fd3_0

Filesize
3KB

MD5
820fb517a63f614b0869f9a0d40038c6

SHA1
3209d6def50a86c0f2ed01b85b1d19614486d49f

SHA256
67a07f036a862a2ca27e61494b3d53c75ed644d1cd80372c62d4dd81aaa06669

SHA512
ecd941304acfe9ad76a3e9c8f21bd676712bd72b9366aaf342f7031096af522d2a960bef11c04e4808cd40b9147305b86760854a04932bf054920fafc458307e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\897a415e006dea21_0

Filesize
4KB

MD5
c4e2940de331c06834b3734fdcc4fd2e

SHA1
35e907047fda489c0c122fd107a60e33d4e4079c

SHA256
06875071d9fcd58a6f6fb69acf6be50691e3205214b6197f83ed090270abfc78

SHA512
ae6dd16e44e810c46656106b81f0afa64b17a4d92ba71f5bb5510defa172e451d50d071277024578230eda595be50f0aae81df089dbc300400cbbba67ce6cd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8bea4ab3650bee52_0

Filesize
1KB

MD5
e7239b23baf60d7e577f76cd82e9be7f

SHA1
6da825f1f90077497e6642a932deca77599ce700

SHA256
965b14984941933042110541bfb0c1a0c32c3ab05c10e3990b4f00be67db093e

SHA512
820ecbc4631aa730fc956647cbb712c9d6e480c1fbbcb35b1503b8faefa82f13086762863bf9aff43291da7e8d972209b095fb6e3db5e325967a3c17bd299df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a51ef587dc6dd4bd_0

Filesize
8KB

MD5
6981084c9c5af68c24a9743495dc8dbc

SHA1
68a7889a8d565bb8cda7de0621b16db3007da43e

SHA256
1211d55985b86940de461352612e71e618a69cd8dd406a95ae2f5995860707df

SHA512
c86971c2f40cff79aa2aa886cc78fe147b48496951232ea4ae9189a9ec9a0d472c7c78cea0088e4fa4c2bccb67ca9f18fb8320205e098f6069433b9510c319d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a5e388174f596eb0_0

Filesize
1KB

MD5
792d98271b4e916b617e7ac6cd79f922

SHA1
75f89e463764ddff32b2c81e3d6427d9d3a3a486

SHA256
609980566411553ff6730ea250eab99b80a9aee2dd6ec0f307bb12cc5443618a

SHA512
2b6b0a6833558ff1d4ec0eb7d80504d74cb073aef5f5804c6ff5135b91df01a93bfdc0fa3aec17c4da533ed85987da0858f0f506309b8bc8f874189fe8c6eea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9ea371ba8aa6a22_0

Filesize
35KB

MD5
95aa7fcc7f591459414b7b80ebfb9085

SHA1
5df17c465f98917a083c02d26b3cb0a3259fdee7

SHA256
dee05b3a7e6cc07d8988423cac68ef8b232f7da133e4f551a0be11d15b0a2918

SHA512
eb8bb5bb0c772d16a85ea28200ee7bafbe245443441b83771277d1a5b3648b5395fff6b8468aa9f9ae8508b049a01b0842693d980b938a565291eadef1f638ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aacf7971e2e1c3e6_0

Filesize
2KB

MD5
b41835922a474032907eb21158d12316

SHA1
7c91b8e909b79463f66c88488b328bf84681117d

SHA256
857b4d9651da253eeb70d56c9f938a5dd2918d4e21e55bdf66e963294822eb6f

SHA512
05b40568f3d824a1a2d35e8d6161f6ac50e02b42a7e3cde53cf4396e483473d2bc64714c43437ceb32068c1f151530981fa8f4cf3075009e4c1c82e53cfeb9d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c7f1edd401e62579_0

Filesize
289KB

MD5
66e25dde377cd5e7f8f831686723cf20

SHA1
ed8f33666d6e9de1316590f881483294b9d76a4d

SHA256
dd404f037d3341c3f7da98c30476f47199e0138d87993584a36eeaededcc0661

SHA512
a856d04401b04939d0740523efe4cfe13489fe8c1da554c99fbd2539a42813699afe1fd3cfa718b0cae4ef5fbb01833c766cb273c6ff6d1a3843b8aa4f44b759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce1059c478c2e6f2_0

Filesize
2KB

MD5
a08b9452ad2fe60b6ad9e91258d2ab15

SHA1
3396d2fad4d666f2d352372c4dc28d442f0e7a0e

SHA256
98e7d89da97371418a9e064b3166fa3a7062df4ef8f1e589188abcc03fa42f44

SHA512
32cc372e36288396fc1431fea75c60bbb44d0ca3536618605b1023f4fd504c1cca70eb2d6f8279b9e75ace45294af3c32b0d7e3ea549a782e25ae3f88ffcf76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e18aa04bab8f5865_0

Filesize
10KB

MD5
b09db3be6069a4a3094c84b32cdd0f91

SHA1
6b8c791b933e7e7104a3eb712281216e48d356fe

SHA256
a18ad09e8e6492b5c170dd2b6a09fae4bfa37fdbcf47bce88b7f67b5195726ed

SHA512
68a8bb2fbafbc9d607b1d84e0ff3daa47296a14633cbc6517da3ad6a4a95250dc16e159e486a1fe2bca4115c27f937afafc3d52d60f1d3819c1a94530255c3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8cea48702440e81_0

Filesize
2KB

MD5
26b019f6af9c5c7a89a1af10788d23be

SHA1
61789db37dd1aea3c30d60da62a1262160cf81a7

SHA256
7d587b2481743af4553a223a793ccc205005fee82df963ec1a776174d9b9214e

SHA512
c8734115e8c6b1dccaf7394043be42541c3e0d5c7dbaf299abbaf66b99789948f12f148a9e52e5650c2248eb36cf430d8eb09d517fe1f63b27d1aaffe4ed5cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fd333c1b57c3ac4444a9bda8a4fb67b5

SHA1
58bb8215a7f091d9ceda3af842c42c9ea0b038d7

SHA256
ac80b14d3f48b6dd8b8abaebf94338334d3e0560442bde22090309bc9a19347b

SHA512
eeacbebe10348edc5d621b686f8ea7c92fe398d188f229e49ee5d0904eb11d556a69d0d81e5cccde6a7154bddfafa458f744aae3ac8a541a150671a2847fb9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
31f9433ce5793ce3cd7a69344646dda1

SHA1
3dbba17cfc6cd57f716ada84fe62374dc4d7e43d

SHA256
c3f41c1533e1114613ba7baff74f24ac5853c860eba5f15bb7a0f8ab393d966c

SHA512
11ed3e8e5d1221d31da78df94941509e4458b2d0279a0ff37ed4c65ef551cc3d19407ddea2eb50b9705cc0e7cb5d45f99695ceebf91f7755ad537a8105922495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f3fdb211b8e4475aa4eaea268f5ece81

SHA1
557393a5907cd698bad2edfc98b1923de117be13

SHA256
79974dc88af21e7ad18522b3d80e909fedc2f9248ac9c707a7469aa207aa4679

SHA512
8de71ec740efbe8be8b914cea7670c9b211f8c2f6a8078304cf94a46af312b5ff6ec40a5a1068ba48b4f5d0025622cbe536ef424fb759ecf1bed9a29516e27c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
40KB

MD5
71a45c881fbb812b73e7c70292a447bb

SHA1
ef641f65a1fe01bee7f3be53d27345bf2cf2e47a

SHA256
59a59fb417f0e5320211ffe3f800174120720d9dda7205a5a534c4390d890f3b

SHA512
294cc449db14035f4043aff60a7f5aa49344ac964d66260fc90a93fddcecc1efa4714f1fcae855ea1cd413e4cc33e227c58044c422661713a67dd66367502799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1b123fe30a826191eea0a3d1b72174d4

SHA1
b45d2aec0304610549532c6e122f7cc85b0c028d

SHA256
8a4ed9db62e2b2508139c67456cf653887bd2cce8536fb07472bc0cb5746a16f

SHA512
1bdd47b60984c469daa58771f4ca74e629b71900bf5ea06fe73c253c0dbf2e497aac93455cfdfa538f218d07914ff52a69422071d77425e5055e31e775a01b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
211ba95b9fe61f6d8e9d66ca1fd9ac2b

SHA1
c8119dddc9da136219e853e2feadeeabb79f046b

SHA256
17f8a8399ba189f2483bbcc7e515e201861cc5f1e1a3e14b07f540321a2cc957

SHA512
2cada14353ae4e776a779abbfe8ba073540cfcfb3c125341e305cbadcd18157d9439e2bc2b9ce9fc387bc1f42dd429ad17e72a5f9673b9479ba4f4c02b215409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
9KB

MD5
4ad842e2d7466cba5094fcbc5fe84d2e

SHA1
710cfadfb2c5564d114dfc21b0480ab932cca6d2

SHA256
a7a92b45c214e5e8537ba0904647c79412c87459cc1cc97b43cf96ebdae76e62

SHA512
45d16c25e95a37e3ef7fd09ade162684a818608cba6ca795d03ce499e2646856c6bc6d4b6b846320468073dd8f372619db321fbc8fef9e353777affb32173010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log

Filesize
61KB

MD5
86873460d00919fcec0d6fe1f2e58f07

SHA1
df064eb55eedd3ff5898bcf30e196371fa633b84

SHA256
60f357fdd462e889bf407f8c014cc386fda785b42e20a318de3b1154617ebd53

SHA512
9267cb079d2663e7215c5292cd3cd51a3e87c606f4fbc396352551767f9036bde5b380f722b853b907c8a403f3470f0871dbf44fe61ec12d42706c4de656d71d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000005.ldb

Filesize
75KB

MD5
4df55d4014efd12b84a7cbbb2ae738b3

SHA1
3a83afff551a9f0843369c50feed31a1840847b0

SHA256
0c2a6183ea716f0db4707117761b2a4584e4284516193dc66b2e77467c67d172

SHA512
2ba6b2f39ff92c2bbee3b94e679843c270ead06b949965be2042662ec02ef6144c7c80022a1c45563111d715a94824dddbb2525f842536cf6ddb3fb06e63e87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
491B

MD5
0ec60e530f2e6488a8d70d7362e35075

SHA1
af895b6debf3ec5b5f65f32c9ed209727b3415b3

SHA256
948397c6458515f2c59e4c2c9f496ceea1cc9bf9feeac9be6976474d0f3835da

SHA512
165b3a8a220160e6ff8f8c6a8b393c6f294172e8c112adb20d354169e49e5bd7dea2353901a10c495e5cca14670023385c96d6e2aee28cadef0d0ab968458965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
286B

MD5
243f48b674ec33a84e22ce5a30edc974

SHA1
8c972c4af3978983678fa9ece31247df48d11fac

SHA256
7425a5e261edb557de78545e5a4af98b31bfc2906fa10b7a13d1ff5838e541c1

SHA512
31c67c25d0dd937c28b5a34eca6b06c2942604eaf8e6da026eb2c081ad2da419fb6991c27935f45b352af7889076ef56107cb38af716ebf45405a5108b194eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b4dc521d663d89664f4d9250cb41ee79

SHA1
6436fe1a90c9080958b3231a75f4c840b7f96c68

SHA256
a28d2bd04c7d3582ca550d95c41c736ef49482ce5fe2df64bdfe9d02c542a958

SHA512
1a68fae228ddd1fc85faeea2d939139cec2d8f3ee34c448f765c7e6ac771338d99913352a91e3e8a01a937d38bbd30d34a1d2d0c512773071c034c2fc019ea93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0502b7c1123ccef6937e48f13fa17cba

SHA1
10b2b3f5d32aab7e80110783fc47789249ed8c98

SHA256
f293140973d9075f6f3574e3898cece629428e35cfef8a9e332c5a3183a892da

SHA512
33479cca43c0bd49adaf9c5339963c1c1c5d8f9cdbb00f6322a86cff86e9bfef5d3fa4f3cdc27e31e1ccde62a85ce510340472d65be375adcda077657e7a128b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df887ffefcb82d9c35dfa9c4e800a3ea

SHA1
ae1c68a57500312ab9e5380a200d911065adf874

SHA256
e07970595b4a66930e1d9eab5e4b3f9bd034d17d635b3dcafb9995885d176978

SHA512
6e66833b11d10be29b34060a78fc9d218359f14c6a58e88247db5658e27a18e4256784cb2cd7c03cd356b0b83a8cef0e0655a5ea91958c78da6130cf43fedce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a472c403249d06b585277e66f52fc1ab

SHA1
2fc4426cfcd9578468ac533f44b322e85a49b171

SHA256
714ee75c2c982b7f7718af76dd8d2afb831c2f3a5ecf005303d6383a6f4c6ecf

SHA512
c9f34f490c90240c173d85c4614a742d6cc3bbc4d2fb40f601260074bfecf032d14a03b0bf2f0f58543639c0b06189337ce884d6939d32be08e118f2d0d36cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01f5e167bd571b5f979fbc305d6c86a6

SHA1
6199016212c34df935f77e6005cad9bdf0d56414

SHA256
c34f9f99f1534e890496ff98f63a636597f3f9160c1ad1b28b2deadd5df3baa0

SHA512
4960f07ef7c6a89e428749ad511d096b6341d62b192ffac38b10539b79408d504b7681bb1ff493426f5c9d0d9f5a80699f564b6ff3ad0d724c9f42a35c548bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41f2afaa9de8dde588dc96a14f55906e

SHA1
72b5d6c662c04ed83e1546b51684a6d7950e2807

SHA256
c6ad4236db528e2fb097a19b8b3f3f59b8496c552ff4aeba804b695af17b6542

SHA512
8c299c2c9c36e50ca01859a4123237e1f74a1032bce3ef7468b713c12ecca23f738ac78ba6be8f4df2b81f35b7143cd17544e2d616d36d2a859402f25c76a902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01fbdac72fae4583ffbaf42a50578dc9

SHA1
c3408bda3db119972a9c56d03218c18d034583e4

SHA256
e035c5506eed3bd900613cdc4e56ab7c0285ac248a25b271174f04caae7be021

SHA512
f44447174e1d4fb6ddc12a5d6dfa15d2065f0816f66184d49db99ca3cde351f03546545be052d42cf4816a3d4c024d7f5b8c385bfdc9c5c12612eb129456bca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e64039727157e1becffe9a8ce3fbbf7c

SHA1
7c414cdcd6b9c8bdb02007092294e23bcc4110b5

SHA256
f23268045352f80271c41421c145a048b1b1fa202c7dc4f8e4208fd030a141d9

SHA512
0fca321fa026962e3d944999fc90e22de32c2c10c3013f5852187c107566082631c4ce24a61cb57e161c6f47fa2d40ecd2bbe4bce8c18b380bdda5f068830c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7c118aeda6b15b2ecf495dff865d4ba

SHA1
af2aed70532fb4e831cf546bf90063a7ad6c8f34

SHA256
2663be5c3c34bcde1da3f7834cdef43ce680590e8949ea62d10fd585653f1d41

SHA512
2f338c412ca22c9baa4c08e4b569aa5069ccc7876818ca3d52de05e728f69c84546cf320b06b4e4fa3ac66351513255103a8892e81e4938e52361b44626032ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62de8c4da7079be8ba049e2defe1bbc8

SHA1
b91ba9bcd565563fbdafdd79c4cda0c6a438e59b

SHA256
bfb65d5c2b8700063e140e9c2bb613a273006b91d5cb2ca5ba8ae2dc88383733

SHA512
419d23d99a92ed11c3ef0cb20b7a23aff619b478667b8f8ec70033370465a6cdcf262a76f431976c9f698b990028f8ad5afcc1a35a0b44e92e9a71eaf5b20208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f646bc82fd2a6ccfd37b6628d7e62bf2

SHA1
85b0e7fe7cfc7bb54baecb22cafa68c79294e7ae

SHA256
3ba60b83218fd558c2348cb5caeb219b8c69fe9dc6e98e1139a451b192fae791

SHA512
8b74445dd7924a6aa1eefa0b78b9f9789dd2a98a63ad4bd7768ee38a65fbf2c9622127b8c4af411442c73f9bfd120db5149f621c1dc67ef1179410c1eda301b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7723f50c89c5679e01c79caa4b4f8382

SHA1
44ae86222a0ecadb0091ae38e02efee594ddb35e

SHA256
b85357885cd78c7aa61e02c45945e94cfa5c9679456a969a2d61cfbe87271b55

SHA512
9cc91f46dd5fd3602a4ac73864330e4728314d434c7c0fe40527fe2caa0e46b20324e290329ce45fed00124a4f1748a12e59902136158d981ea9255320536bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27dbaa8f2effa5242b663b7c0037bd64

SHA1
89975aa3a032ad9dab2a1c277904aec914630140

SHA256
f1e02a263e070628f5598cc8e87e71b92e12d65c59112185f3e88e8d661eab57

SHA512
b20ee9939325e7d570d704bdb3344eddf9a2ddb0f69f741d301020ed9ee22832079060ded9a148cef01de5d8c5c1b86a1ae9c2fc094b30404a0ff8bf6a41135e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79d9f00235e3d6758b545487618a8900

SHA1
313a556be8663796f33f749451522d8ce23b6d1d

SHA256
f63497eed10395935a87ef5c00b33a008104cbc70cf6fbf02a12db966f42f57a

SHA512
6f4c607b9d0e3f0b9bbc0104118b150eb5a1cf5604129da0cfb73960f337dcc2a8b6d966d8f07337fcdfb699aef278517e8ef64e55daf8c09ef6c24fc980b09b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af9a11050984dad3dd861e5eace6a28d

SHA1
caf04417c1c0feb1b78c76ee779b8b6818c2ad50

SHA256
69649ce4f96064e3a100d83f7437127df683a6f7576dda3e8125b0d7c04bc886

SHA512
8a5d6632674ce0c479516675cb308d3066eef064e6d834eb3872b9107967b871f1a0f918e92165b048ab96096af103db8fd7c32d4f21eb938d3edd9b59321500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8d72ab6fb94a05df362af69ad9427f57

SHA1
2946924d2a60ca4b8732c9c8727c1744900cf38c

SHA256
c6a019c150316f7abd7be89909cb8155c3fdcc7c4744837b7912ed1c3396b4a3

SHA512
241b42b939e5345a027af09b500d71bae76634ebba8afea9efcf863d45fb5f8faaed0c1deeb036797b11edc162414ea57e266f871b7ca141889ca0664c501f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
286KB

MD5
173f1167a26990addb77b0c66b27a5fe

SHA1
9fb3dbe2f250e526e1ce6d624fdac57bde38fd9a

SHA256
277fda640e29af2ad280e9d0bb1d887ae9022ab9b1d7df40e4f203065f0d401d

SHA512
558a49eaa7d6965677169c1a664f2120f642128b2fda73549e018d981d89bb401c55f038f9389c2e6c6d99c28f91caaffab57c6fe0f8bd68caf1e3e20e51ea82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000011.ldb

Filesize
261KB

MD5
6ab27dcb256fb672121162113b7f8e80

SHA1
4b900ba84c4c1ad41802d5ba1de6f7e9bef0f3d1

SHA256
c10de094e5ff8f03de0b12365467f5aa524206db9b0351f2b6394f6863e70e08

SHA512
47e77b8ef59c55c69788d5737f95fd77d1ee87849a30c8a1574aa5423db76e6751e42f1872a665db52a77c512c4088645b140b5230588bea46589a7a0e41999a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000012.log

Filesize
831KB

MD5
5ab09c8eae867bc1f0ac220a5128c4b4

SHA1
f2e3de9f39a8b45ca0a5b1539b7a730f9693fb35

SHA256
9138f0b96db9a338205bf564b3093af060223f8bd5b515556a10e2acd452fb8f

SHA512
fa0af653c6c86531c8ded752353e062a66fa32640b2013e55230ca6a7d60d5c3dd3fd6921cc568c3214430a5742e3ad5297f070111af9fabd5f6b524eac0397a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000013.ldb

Filesize
366KB

MD5
d2ae281f4bc9d3d399928014ccef73f6

SHA1
15a5855305e8e421b68de5cd4a10b37b308046df

SHA256
b9d9f727f67062d0fc5eac2392b80f30b613e654187cca4afa64df2389a63dcd

SHA512
cf64c1fde4ff0cb008e63a46c1dd9a30d413bb6afe43f901b1f9bd017b41075280228f44812ba6d6f9cad7f7456388bc284cf5ab8e5b30aa39c5bc7315436698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000014.log

Filesize
1.4MB

MD5
c5b059fddb221e96d4e4fe2cf174bf55

SHA1
5f8d47d7e0bc0887c865c0236c9063a14aa47619

SHA256
8cac7096f36b27a928a715507c889bb5afaee8904bfb2c31df80d7e9d56733c6

SHA512
ccfa86cbf630500899a28b8293b104d78a22d81a4b51f47952b4a6041c8e253dc338e6025a9639bd23b7320050b69f5d35558d794c92dc28510e8a3ec01a8c85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
1KB

MD5
0af11521c4ffae91d578bd4c295ff047

SHA1
2263e82f9ebfbea6d9d42aca50e67d484146369a

SHA256
438760e9741d5fdad189715d750318d94c1b75de7594b10d1ce8c96756f5e33b

SHA512
9db9b4336c46c9e466e0a7258d12927d085f53aaf34eb37072b937b3a58f56d9b9c0f1385bc39ffd36199f7f83a3364af8f203dc8adb18ad938b67f3e8d092ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
817B

MD5
b343dabc2d19fc4342dbb4037cbe34d5

SHA1
f1961c2e8264581fe778170a7ae9ef76f9c3c8e6

SHA256
be4a4311281075e6ec3f4718f87add46cee580989c4e1aa565b5e9da61fcd496

SHA512
7dae7cc2f2091dbf3620a5764488b23d08c03725bc9fc67564bf4eeabfe33b80a24249e3b312875b1a0be14a3e74fa82f7a3d3333ff7e1bfe87d4ec88fc879c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367769008304252

Filesize
60KB

MD5
a3710176061a5b97e953cd55232bed80

SHA1
b9e73537920b7b9d5ef59535da47d435204c6378

SHA256
c0e29fb8dd2f1ef0dfea4030ace9bd15c1ddc0da90caaeb49d036b7a7f809448

SHA512
298ad893f75d010d50ba4b6e4d28179bc4fe4bff810b192a2a3ef248f5ce4555904f4d0c10fe7661259a3f80a3a3df8e9bd3977f255706660eadb174930bb3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
5de819e386bb7f27033b2053a3eb4664

SHA1
c862e5d3655e16141aca96570f81f7c5864ca34b

SHA256
ed1631d2aaa2506b8a636c512de6f63d3922e3f1cf31930c56092281a5c06566

SHA512
2c9ccde31d02e935392360c6957833319ded5f42b435cb93e3b581db3a6a428c776222e4052e18b87ece300e02260b6cccaa2227847c91e1792b73622a0f04de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
51c23b47d6cd1084954013937d096f39

SHA1
2fb7903d0043e74ba31f5d074df8f4a724ba5192

SHA256
2a77df0d7c7f7346e3535930abcd13642015adb463cdcf7a4616e084f1967330

SHA512
6fcd56fdf4517b575385faf96025adc051cc606797ac4fbba9782798e3b7905956f15ba123e573893adb5dd086d5a94007b6afaf52d94028137d51f083866cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
8437f5b7c4e7593877c00419217034fe

SHA1
1d99cb65fee506f20a69adf7746f6e59edbf7c5f

SHA256
ff973617f3c3d8ff63f393d95e023aa0f8401b2179f860206ea3c9d561aed735

SHA512
501ce2431ef3b56c02906ca8937f23df2a945a9fdfdc1cad200b93d1349f63f205cb786ad257a7e1ab11ad830f0f8b6d5ef1c7d762daa971d3c7d37c887c002b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0cadc175821b3b32ffcab93619e39e7e

SHA1
eab7661bde6102ed1bcf297212f53a20c705bf1f

SHA256
8a600b7a4368d28ea4da2875da4f6902e45de644218ef8e69516ecf44462d3eb

SHA512
25113699d8890500187ed8b839beb119849a0a7471c680dabf3c8fcbfed746d42dccd6d749ea0ef0586e43a1c615ab14659a8c85103f01db41df3abff9b3402b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b62822233144414dc09c604f3408ad06

SHA1
bd1dc79ac4bf3f8269d130b9772758b52c7fbc33

SHA256
c56edef7448266662f136c71e7e530d194d146df8e4c77579e8138b267ce230f

SHA512
079ce0fe0a30d3bad7f2253a5f2b4036c006e17a062a34a80917e43435dc820d8075ba1a817d8ae928194ec33316f54b20a28c4bcceb6a7ad199c6d9d465c199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c540c3058dfd325e59433a9b14e6964a

SHA1
2e436a0469359611709a036d3304164a7a807c91

SHA256
a894e2abc1ba0c8342b343e3ad074b57c53bf87eed5452e4a388570cd6e8e674

SHA512
29549707210eca5b8c4e5fb2a8012e4f27ede13d2009c1cd1179d2192d1080eacfcfaedf50d42b7e0d24208953b7089bd610950251b3f5bebd87e9135e5c8db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3c1f33293e9bd0ee988107767e67a45a

SHA1
72138a93a43440c9ab7d73750afb51d9d6dd58ee

SHA256
001cd4c9bf47321d25b7bfc67a578987042c33abc544c00c538e8b380f1310fa

SHA512
990c31ad4e421bde61f386046e65a33c160f4e1fcb8d5f2cefac4b704750455d430189f2d9f563126352d4a6f568d02078d3ff9aeec32a629ff194f6d92e8223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4ab3e63a5f2fa1b93c09818a71203e0

SHA1
83d1e0d676077bab6a1348fb2e99a7ff455bd103

SHA256
30213838ebc85b686ecfd0a1b42efed19588a548e640cea8a06138fa71e46a38

SHA512
a71d7840b6dae75c887d2ae6a1136a48e647c99b9ffa04a4bd2f476881f0ba6c96601e7846264a6d4198a52b7dd60180bfa1469ea1516563b17b153860d1128d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3635964f8467e31f3840f0412fb9a2ab

SHA1
b4588ce41ae0fbb79969898bde7402b1b95ea975

SHA256
d9cbabf0b1dd034e4a70eda7568b30bfbf8fbca5685bd63e4719a029dea2a1a5

SHA512
914c38136288ff06145f7cbdbfb4af3f9bd5f7ba3fb41d33bf7421313a36f141c9fb6e29ac8ca9d83c546732f0f556fcf8b10e5f000dc41f44d697f45601583d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9c50246e7b2429ff04b087a79fd51bc2

SHA1
b855dc715c77450a933f2cdd6af860f7ca63b543

SHA256
cb35efb8b0969f1e41df13e0241dbd740846f0a484842dc323506bdbf199d7bf

SHA512
28cd22e11d75489bd60df7e9103f879788f60cf40935202fae387d024191ccb36fc05dc85de8ce33f790f87bc33598ead20ce763d6547d2d62e20dba2124b976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20e256e48967b36ac5c20887e3eef0a2

SHA1
8a4c455b2301ce3eb14b64444ea773a32ee94818

SHA256
462c9a94272e31e1fa1d23efa6ae0cfb0135cf112c96945ec0b3f26b53cf7e1c

SHA512
c77190656a500bc16fd7810e138b9e8e33f04f016e4be4415d5ba1d8d1b7d538f81fa36816c2a3cc456ba4300a191111d51dc59ebc957d959d458c31fc8c21e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
459275e97d5bc253de820d5b3eda9a5d

SHA1
1a05e40511054ea412013f7da8969d08cf519a02

SHA256
95b639ffbba81dbff5a963e3be19dc2e178dc89306815c28028926b939b2af5a

SHA512
5502f183511edf594918beb035bb86b5f4d2eca2ddfaac96208b0897a7b28871540501dffcb6ef63b5065b05e06814bb4c877b53bb3dddc2c9359e634dd42832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580bb3.TMP

Filesize
538B

MD5
89ad0f994f9433f68efc042c120842ed

SHA1
64f27e1e3f06f18f9cef3fd41143d81abfd0131c

SHA256
916ce3bb5ee4e7e8b0d4d0b7c247202b9f3cd3fc85a2f4e76077bfa41b3ccc65

SHA512
04fcb31cb2970706f03c340a4dd4a2b98a5e3201f8f6e601f6c467f33ec5ff7cea175a8b78994d7da03c258d3ee19004406c1899bd8ec583ee30727745c289dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d6b3bfe25c11923d07eb300b36343a23

SHA1
6fdc8969bc56fd304df1ec296a5c6a908134abbb

SHA256
f3057c3523b2be4b75494083d4339db5956902441c0db87f7f0f13405b329fad

SHA512
33a4a369e46228ba2cac5c7086d6be778eb335245efcd94ee162d8a29250399c16dfec7f248fd0f3ab3a961482d808f02fe245de9ed6528585d69581f899b164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
1347957f39780969858a4bc3b57b1182

SHA1
54676bdbf0771e09e5d436701a25a3be715491d5

SHA256
c9705e12812420b7515c203018734482d3d42e94ef62bf6f9ab43bdefa9d560b

SHA512
0d463b997235887164ac79684f021b3c8266fd063e964f14c11d65a2ce3d93e71076583ac14a3309567e6cbef59874f9d2dcf2ff2bf99f32f19ccfb48bf5f4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
64KB

MD5
44f0b9e20488df4560678bb1e3d6ac51

SHA1
4895c5f8c85cdc0f3e9b8f1e40642eca2b276679

SHA256
bd5ae2b4c3633ad164df681a33814468b78aab7d8662de5484e6baadcf5c5ce6

SHA512
80eabf0f7c9608e388e713c70bc3b7ad231e9aeb57cb755adf29d70d45e3d60924d9c0c726421e0ee3316636068771c9774ea9fbcb00b472b3bc1a74e8468907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
299B

MD5
049da8e820e5051d80721b01146d517d

SHA1
c9a8c1908970bb8ece4e8e4974a8dee56ea1bd83

SHA256
4c4adc56df1bb49916923b418d3bdeb8400d4f8e78757100d5c534f50d56cde7

SHA512
16c63f5df6fe98f9044515093a39c8df9d2b1d3297d13a533090465dcde7b9b69b924b35158d3aeeb95a25585a594d21f4bf3f927aa3f14f15262fa34774a639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
ad70c573372d76aff074b491ce158cd4

SHA1
76b0b56c488c94c69a0949e5908336c13ce05e41

SHA256
fe343b912e534b8b08ee6b7915e7beb2fea8b1323f88e3d56ab983a782de4d96

SHA512
cace38849b049e377b91705b1e9be1ddb4b37669a36ad50fdd1649a63cb27e484bacfb5a07a6f95bdaf02e474cfff3baeb54caa36af92b3725960302c7e38c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
623B

MD5
c661c269b973694c0f949a7748abbdfe

SHA1
12c2b4c69846ce3b17b1597cf38f1eee5dc5abb5

SHA256
9ac3db8be901e937eb26bc9ad0da55136a9906eaa10e63cf7754440fe759c206

SHA512
0d241f17e47d778d7f7ff6eeb1270c7a01d49b75a31b444f8044ef80fa66d96f7121ac36093201d72de13bf78f218124a95ee5a36bc5a1321e5b61e8a76fb5db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
d21fadcd98ef71950ac944a8c8937b6a

SHA1
127792752526cf35039974b0c1b6d5866b48c6dd

SHA256
9683be8591005d3a94460f410b06b877125f0d37522707c1d059844fdef644db

SHA512
cd6f046cc0a5ce1845f54080b40870cb04fc42f735404032ec64f36ed4eb0aae48f8a47464bd61e6d10b5b2498757a51075a7a6ef3e5d40b7174b6770e1b4e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
af44649ccd46e573c75762aa081c20ac

SHA1
2cf93840f91b517c1c604044f9ab8a773dddce47

SHA256
89098d43003b68ef45e4221090d595f8a2ec1d6beb9f487133ec264dc6cd9afe

SHA512
c9e29b30910a6d58c96800749706a98534ad369e91b34639e0041965a6f9c13afb31bf9b3e7692b010f8ba2b9e40d50b41abe95b210aefadc03f8cbc32706cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ba800962d3234768cb2ea0d63f1481f7

SHA1
95a84f7a8ad8253d87ae18315622db557dd8422b

SHA256
659ecd981f1455855ea88be9ba3766fb8faa9770e5dae2cd8646d4ff092cff4e

SHA512
bbc5a7a6a4381a50dc20130cd6fbabf64f271626caa2eaa2ea9502c1cd59c4678fb85aa7ca07438775ebc154938e5caebc027c20901d1d6c900f80fd61b59b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a1924c0dbce8b1a8304df25e6450c46

SHA1
8f498e1f8eeed41e0eb509bf886d1c951c61151e

SHA256
3e5a02ef4b05ba0504e5f09940d5407eee5e84279d91f9a32084f21c69d755fc

SHA512
5ac5531b4400a8ba11b55d66e82e33bef2e183a9044a96f932e00b18d4d31cd19c08860dd4e22f00071da9139f48fb50c272e6b6f98ba7a963629f986fb53ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8531e796b9ef5adb360419e84fa9ca9

SHA1
2420e99e9901e52ff39f76a95777b3c356b79068

SHA256
fa040cb0878bea926d9de3578422a04ea50b1317264416020bc38192d6553be8

SHA512
7a4333860071370f2e6591d0997e994e65676f11f162f3f5e37f762f52ad70210faceb81db3b0857f4eb1153b40d122324079932a02d56a7f795c67056cf65ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8e33fb1d843583b280856c4a05d81af6

SHA1
377219f3637e907d6d50c95c950d322b0e696143

SHA256
72fc81922522e37a697a97b1639bf717ab3059899d6ee678955425fb4ab2c0a7

SHA512
b7b92f07c767cef02398b040261b34fbe7c817bfecedd7431ab70178f201690cdf167ffaf1272f94e1997167342b8d828640555f26dc524f0beab2d6c11ec174

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 127247.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 464806.crdownload

Filesize
239KB

MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7

SHA1
f8940f280c81273b11a20d4bfb43715155f6e122

SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

Download Submit
\??\pipe\LOCAL\crashpad_1656_NXZQODQTCXLWXTSM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3540-2282-0x00000000026D0000-0x000000000293B000-memory.dmp

Filesize
2.4MB

Download
memory/3540-2289-0x00000000026D0000-0x000000000293B000-memory.dmp

Filesize
2.4MB

Download
memory/3540-2242-0x00000000026D0000-0x000000000293B000-memory.dmp

Filesize
2.4MB

Download
memory/3948-2261-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/4148-2383-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download