dharma | hxxp://discord[.]com

Analysis

max time kernel
632s
max time network
651s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 17:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

10^/10

dharma defense_evasion discovery execution impact persistence ransomware

Malware Config

Signatures

Dharma
Dharma is a ransomware that uses security software installation to hide malicious activities.
ransomware dharma
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (89) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file
Drops startup file 1 IoCs

Processes:

CoronaVirus.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe CoronaVirus.exe
Executes dropped EXE 2 IoCs

Processes:

CoronaVirus.exeCoronaVirus.exe

pid process

1492 CoronaVirus.exe
2376 CoronaVirus.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoronaVirus.exe	CoronaVirus.exe

pid	process
1492	CoronaVirus.exe
2376	CoronaVirus.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

CoronaVirus.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CoronaVirus.exe = "C:\\Windows\\System32\\CoronaVirus.exe"	CoronaVirus.exe

Drops desktop.ini file(s) 4 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2842058299-443432012-2465494467-1000\desktop.ini	CoronaVirus.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2842058299-443432012-2465494467-1000\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files\desktop.ini	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	CoronaVirus.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

Processes:

flow	ioc
119	raw.githubusercontent.com
1	discord.com
3	raw.githubusercontent.com
63	discord.com
96	raw.githubusercontent.com
113	raw.githubusercontent.com
120	raw.githubusercontent.com
8	discord.com
13	discord.com

Drops file in System32 directory 1 IoCs

Processes:

CoronaVirus.exe

description ioc process

File created C:\Windows\System32\CoronaVirus.exe CoronaVirus.exe

description	ioc	process
File created	C:\Windows\System32\CoronaVirus.exe	CoronaVirus.exe

Drops file in Program Files directory 64 IoCs

Processes:

CoronaVirus.exe

description	ioc	process
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\osmuxmui.msi.16.en-us.vreg.dat.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsNotepad_10.2102.13.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\NotepadMedTile.scale-125.png	CoronaVirus.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\gstreamer.md.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.XDocument.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\callphone.png	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationTypes.resources.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\README.txt.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationFramework.resources.dll	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Drawing.Common.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Design.resources.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\Blog.dotx.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msql.xsl	CoronaVirus.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationUI.resources.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EDGE\THMBNAIL.PNG.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Controls.Ribbon.resources.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif	CoronaVirus.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md	CoronaVirus.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\xerces.md.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.dll	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.VisualBasic.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-32_altform-lightunplated_contrast-white.png	CoronaVirus.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemCore.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\CameraMedTile.scale-125.png	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-standard\theme-light\Settings.png	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	CoronaVirus.exe
File opened for modification	C:\Program Files\Common Files\System\wab32.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_2.2106.2807.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-125.png	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Asn1.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\FM20.CHM.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-100_contrast-black.png	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL119.XML	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected].[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\excelmui.msi.16.en-us.boot.tree.dat.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingNews_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\NewsAppList.targetsize-16_altform-lightunplated_contrast-black.png	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebProxy.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GamingApp_2105.900.24.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Xbox_MedTile.scale-125_contrast-black.png	CoronaVirus.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.id-240DF161.[[email protected]].ncov	CoronaVirus.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll	CoronaVirus.exe

Drops file in Windows directory 2 IoCs

Processes:

chrome.exechrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
File opened for modification C:\Windows\SystemTemp chrome.exe
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier	chrome.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

CoronaVirus.exeCoronaVirus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CoronaVirus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CoronaVirus.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Interacts with shadow copies 3 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Direct Volume Access
T1006

Processes:

vssadmin.exevssadmin.exe

pid process

32940 vssadmin.exe
6804 vssadmin.exe

pid	process
32940	vssadmin.exe
6804	vssadmin.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133699455646548818"	chrome.exe

Modifies registry class 3 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{0B22FC83-7D0A-4596-B55C-9C86E271A1B4}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{6EC6DA2D-6001-44B9-B5B1-904727C292AD}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{BD2583E3-54A5-4112-B618-96500925B547}	msedge.exe

NTFS ADS 3 IoCs

Processes:

msedge.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 752303.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 642916.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CoronaVirus.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exeCoronaVirus.exe

pid	process
3884	msedge.exe
3884	msedge.exe
3380	msedge.exe
3380	msedge.exe
4904	msedge.exe
4904	msedge.exe
5000	msedge.exe
5000	msedge.exe
4376	identity_helper.exe
4376	identity_helper.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
432	msedge.exe
956	msedge.exe
956	msedge.exe
468	msedge.exe
468	msedge.exe
1228	identity_helper.exe
1228	identity_helper.exe
3504	msedge.exe
3504	msedge.exe
1560	msedge.exe
1560	msedge.exe
3580	chrome.exe
3580	chrome.exe
2152	msedge.exe
2152	msedge.exe
2776	msedge.exe
2776	msedge.exe
3852	identity_helper.exe
3852	identity_helper.exe
1788	msedge.exe
1788	msedge.exe
1700	msedge.exe
1700	msedge.exe
2460	chrome.exe
2460	chrome.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe
1492	CoronaVirus.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exe

pid	process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEAUDIODG.EXEchrome.exe

description	pid	process
Token: 33	4640	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4640	AUDIODG.EXE
Token: 33	1760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1760	AUDIODG.EXE
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe
Token: SeShutdownPrivilege	3580	chrome.exe
Token: SeCreatePagefilePrivilege	3580	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exechrome.exe

pid	process
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
3580	chrome.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2152	msedge.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe
2460	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3380 wrote to memory of 1692	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1692	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 1384	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3884	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 3884	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe
PID 3380 wrote to memory of 4476	3380	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd02b93cb8,0x7ffd02b93cc8,0x7ffd02b93cd8
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11960929979566233146,18331981800042659853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd02b93cb8,0x7ffd02b93cc8,0x7ffd02b93cd8
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3596 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1896,5487007489154451472,10428402753644432868,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:72

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0295cc40,0x7ffd0295cc4c,0x7ffd0295cc58
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3200,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4748,i,6199472121976748374,6383526342223769643,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd02b93cb8,0x7ffd02b93cc8,0x7ffd02b93cd8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1992,2061901712610142932,14760057412997380162,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0295cc40,0x7ffd0295cc4c,0x7ffd0295cc58
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4768,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4820,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4232,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5284,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5216,i,17841957472774994423,11752636782809746575,262144 --variations-seed-version=20240904-050056.718000 --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:1516
- C:\Users\Admin\Downloads\CoronaVirus.exe
  "C:\Users\Admin\Downloads\CoronaVirus.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops desktop.ini file(s)
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1492
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:4396
  - - C:\Windows\system32\mode.com
      mode con cp select=1251
      4⤵
      PID:9420
  - - C:\Windows\system32\vssadmin.exe
      vssadmin delete shadows /all /quiet
      4⤵
      Interacts with shadow copies
      PID:32940
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:18952
  - - C:\Windows\system32\mode.com
      mode con cp select=1251
      4⤵
      PID:19072
  - - C:\Windows\system32\vssadmin.exe
      vssadmin delete shadows /all /quiet
      4⤵
      Interacts with shadow copies
      PID:6804
- - C:\Windows\System32\mshta.exe
    "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
    3⤵
    PID:19164
- - C:\Windows\System32\mshta.exe
    "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
    3⤵
    PID:19192
- C:\Users\Admin\Downloads\CoronaVirus.exe
  "C:\Users\Admin\Downloads\CoronaVirus.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2376

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2520

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:19040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.id-240DF161.[[email protected]].ncov

Filesize
2.7MB

MD5
6252d943fbb39c880bca90e3998f8272

SHA1
99c37d6497e83dcafa8b43432e4ceabf1bb31dab

SHA256
439250e63869adcb23a883e150c2b5fc8d91d962af7072cdfb49256261494c8d

SHA512
6f8db82317ffab7eca8c4da63fd421d50a047e94870e2c283fb49276bb3b0f74c5f7c1e991e5ee2ca9b1f3f305951b326a6c575b4af0539c856d37ccb04e9ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
1eb34c97499d5de69f067ed37f2a3a5c

SHA1
0f9e5c1792e5c8e03075f09c7b15af959d73b38b

SHA256
d1f4804c565d6079ee2472b8c87f2a37dc7d3836c1fc4186d309fe79b74ef124

SHA512
240db569ceecba6bdd8131d2bd0cf07ae24aaccbcdbea5076d7110d557419d055173212ef63d81f16ffcb765f2d9afab552924115eb05fdbed991b3cddf04727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9465644f-f9c2-4ffe-98ff-a998f7c12c98.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
83e70be2ec7b3273a0209d4ec2d9ed24

SHA1
b1666c05ec92d88c1abbb78eae08937b4b4d5148

SHA256
970761c7adc0bf203e1682d4ca8be057ad4211c99b59dfa30530a3d833307c67

SHA512
b314fc3d19025c4eaf198f7985597046e293f33448024e5bf057b4f1f85b646e4007a044337fb9ae512808b0f0a0330d39fa49370c4c9a93a49566f0b6484806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\522b2402ddc94a60_0

Filesize
289B

MD5
9d15519d1ec2e282a027c89c1e85a287

SHA1
ad05c2ca5cc29e862f6a702399141fdfe548292b

SHA256
9f90bf55fd2d941ff5a66d2497dc00c023c2656e936217de8432f8b6841c811f

SHA512
49835dc04cfaec2806b1b211c0038ee5f9a31b37898b5690958fbb0c7e65da3e2a9d80dc368002bbb6ff1d68fd02fcf125d35bd7f500bed6dd9f576dad714422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c53c18d15c1388e_0

Filesize
367KB

MD5
8340298485b2d7af6016b1c2d36c1428

SHA1
2cb1d63a17abc58496baf0d22d60b96c78813422

SHA256
015c00244da9b404498f0b0db784fade30f9d81829d5c0664d143a3fca5ee83c

SHA512
4d16d5dbf3b61470fdb0687c438b3a736e15b25b97e702270fe72b7a69fa03cf7a940b38b0d7cfcf8bec88e950a320bcf5d6c82b215c5851017e6b6adac8f663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ace65fb9c955075840c3251188e7f85b

SHA1
671c77af68ce68d80f0df81c22c38067da929cff

SHA256
87ef75bae321d0cc091cf879c1f57584c5986626f5cfba4b211b4703848ef50d

SHA512
0180b3bde5fe77d931ad90740969cc294ec866646eadfcefc168b904c19e263e4f7c7a427cb4c06e1bec6732d737c6a25fa233d774359ac5c9de89b15a4dda0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cd5c282c82198796a679b8dd8d969fe3

SHA1
fbe74a9f11db0e18a2f6ee32a9c1311ed2a7f7e8

SHA256
88f0ba4e74909890f9e93e81533d0c67b32906476d3c9d51909bd611c3220309

SHA512
97b050ef08080ae6a729de192c63add2537ee32207afebeb2d7d07cb1596fd1096e9a5b87757f69adf9ea2c926a01b4e5af6db5879dedcd4e6c69f01dd39b95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3051766d8106afa4593785f2c7520fbc

SHA1
bf705f10973c4f4d61afee3611b1004abbe6277d

SHA256
d7cd2daebb4b8bbd6e31b55710c9308e5441d490ff212a0b268b46adf298cf55

SHA512
8adc6c4a3f4776b8ba7547e2b708bad8575e5aedd21cff0a16f27abf7602d2ebfb96911289c55b6961436c0cb9717e14d6666289862b282366e5634b9430d022

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2b2c02b2d4739695d0474ff20eaaf58e

SHA1
b643b0ee699819a19a4ff9476832ada84934b791

SHA256
d51f68f16d14b5a53035ce47e3e1c32f9cc5440c23293611cab457c1d73442ee

SHA512
40847e13db462e3dd8bfa85217d2d3fdbd622afbe92408a1832c09531823bc5cbaa55d5cf4a57715c55214b2a45c4d2dc5624a3450b02aa90d4dc36724f155ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
51cc896f3cd998480565704e6f49bee9

SHA1
7aff4d4c5d927c0bebeeb86bed4d848fe3a554a8

SHA256
d1f7ee1c6a02b53e4e7e36661894180e720cdd04b11d9460af5737f311a00ad5

SHA512
6f8b44b5c78dd2de8bf1058f3e400b1aaabc3364755158cf2ea594f52b93ca16cc47421e9b2ddd04c523e7c9b896098c2f0282100ca94e5618e85d6ef1d2d554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e0766636b39dfce240009dfa3d075f07

SHA1
8870a460519da21d2260ab3fc3e6e9d3179887ef

SHA256
50e433e97301c878e843a5acdf01ad334bce7a5384876c3729c639c5a810cca5

SHA512
a29f3f0af47ed2214ba1e5357c54debb66576c445f00ceaed2f37990c16c5b39a6f96dd90d976f3c52de212db9917a36059224d0d47b56375b2c979ebfb1464b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b61062a50fec4c22af3c21e2e95d242

SHA1
78c883ad1e2eaef4c2a926769be7220d5669c535

SHA256
0491d78e2dfca8aaa74be369178f95bfcdbaa7db9cc971b29b79cf001a451208

SHA512
49c04b3ff5a2a07a6f37764c4073897e6ec6f67b06bdb01b851ef96789a299cbeda972a056416305b24e1fffa237b39d1be00bbf015455629239ea85d3afd21a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ff0e336d4d331b772b775051195a771

SHA1
42566bec9007b2e9d1aa6d507a105471531aef40

SHA256
fa01f3c5b0a2e2e40e657eeaae0ab953fba66113dae2b1119f967fbfbeebe6d3

SHA512
b4a1553bfee773b2a2e070a495d061c1ad6f9308b395fdac3176f27a41081f58fe42157dbd0cd0d6f5afb9ee34bb5fa527a1a2b91f75c1f2e69790a774918030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25ad8b87fd494d3a8a80095cbc123ba2

SHA1
6a6204819d0da98a42af49e20639a572b510111d

SHA256
c5374585251f18bf02a5637d95fb07a334c57f6c0d66e6835dd0b693c19cb3c6

SHA512
c3cc513794ba6a0cb690a1c8bc260a93c29545ada4dcb9e6b4c916302d5402178760cd50c99f1b979185ecce18d73cdd4b696848e45d1558a0a874c687cc45ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a50916a9c9f7e22aad5ce457da41ad90

SHA1
99552e711ed4d22e6861a416e63f00372af6af14

SHA256
dd9de766de3d9e600baa49958a118d03bf724179b872c538d73864b1170b1e07

SHA512
f34e235d20b30b9898996c27aa205eef7aaa75e0306000b582d462ed9e70040abf699a8b8960210c4ff2bf1f26c403a45ad44bbc59682fe31d98654e15f94a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bb389818bdd498e635c45584bc98c8a

SHA1
7515f301081b60d05a8ac34a02572a7a4ae2f6ef

SHA256
f62f49845e1eb695b1947e2a2acb9b8be44380d2e35a4a993250653b66b4705e

SHA512
5d735f5de595e843b2e69902dbd8911654ef1d460fc9e48419c54e782c32f6dcc5e6e88c0de3d0421ecd12704c2e4344d7e64b96e19a84c8719605a4260ea376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4bceddae220d0f232c7e501c0da082e8

SHA1
718e0411ee57aa85e53276c14ef70e9b158c3a39

SHA256
f8a580bf595ac02afdaf2b9f692e6cbad98bda8420dd4a77e412affd3c8c2d23

SHA512
cfd3a5de3886a9462c4e2a179a91e0cb612c938b3c499fea27b3d0db0384967c3dfa4a9978bb0bc179db2994e2c2c3153bfa96e138d7bf99a45201ea3ba785b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
110KB

MD5
5e2e7453fc33115f930206966dc974ea

SHA1
10a3baaff4a30a3e81d97394f7bc922c708e9eb2

SHA256
f38453d018fd0925d5501d82739089dd2835185ef9673f14a56a4e3da4676db6

SHA512
aad48ff9d9d8ccbac3acbb7db6470a9bfbf5dd242ffaa410605fe1ea4fbdca26ec178ce1426c630efddb3ec8d36c7d4657561b268a984ab9670074607128ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
79ec3028bb8a3b6daf5b5d1a07604d6f

SHA1
33a8bf7e3a742e6fe8156dce1d92e3b110b784a3

SHA256
e07e7fcda66597ad6f587b7f469de919d06a3e8495467cb40993c7111e4a3748

SHA512
8e5722211b6b0bab8900c7a501895ebbe34bda0ccac038592c2d391d522310598c5f44b8a016de1e7a92a4e68878f607c7a2c46510c2fbd639abdfa7330a33a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
595509c3f9dddb7b0edd9e06d5c701c7

SHA1
908233ad2ee889ed6c6715b05e8f8d3a827eae81

SHA256
7c19093b66355b02e20828559663d89d66e6ef230d6115308a50fc1e298270b1

SHA512
3d4e0b0c22c02db3508c640dfb666efb0c6c4d2d44e815c8651c15e6b4f4c78e3d64f2c091563058f5ae3e8dfdc8693ad60b3ff45172be29c4c05a95436e8bcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
205KB

MD5
4209f829272422e24fc890ef896f4a8e

SHA1
da2e8b7070953faeb193ea146b25995cb693aaaa

SHA256
baeb9c81ce04ec9979e70f34c7c39b88891bb730459bc45cadddf4b325567949

SHA512
098546c14668095914bd96d8b0aba7993a3b77a04d0377221ce0930e0aa53ebafff9fe8d8a4b848a91dc8b1c30f7877b60cd7303dc3fc89740ef73e2ec1711ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27053a94116453c43b2889c19285bfb0

SHA1
bae769de454a7e86358207187635f2a112795c92

SHA256
ef2625eef61bf33e7ba853bcfe71fe8a7e5196a9a6d0675ee578bd30115e2efa

SHA512
1001cff347ea064a4890a5607e1fb7f87bd3e4cd79d5af5495db45517bf60a41c5d5f923e4445f91b3196429069b496ba27ac08f5647e6546b4c6d94cfd2d616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e5adb5e9a03c328b2b8324799da4412

SHA1
47a76266d9cd8cd95844bd8eebce9ee9a1f4ec47

SHA256
5fcf0324dfd6a70054ae7d6113fb9a9239919ee8175518f31f169145306df411

SHA512
0251c884790fdb20ddd0a1f42c0a27f9d1e328029a219dd3ecac7ded349c97af29c2c8376e66a13a44987011fb54029889c6c1d6b160a01d828414c4bd863f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\012d612c-aa0a-40de-8a02-0edb114fcd4e.tmp

Filesize
6KB

MD5
294130540381bd3aa153d2bf82c010c7

SHA1
501596ff13d80765b3cd2d34a25c8fc1bd0f61a6

SHA256
92ad2cb0bbd461544e5fd9aec527616e06952d3481d86bf0e1d4b45e7481fb13

SHA512
3bd0b0860bd7c99e8d1582047fbb675bee283b0676aa4c435c81dbb8d055803950d7ec310d537e44d4cf55857f21ad1752579d7ae0fe0381f48da693c7f55997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
f0165c85fb142ebcebe44a49bf6f6cb4

SHA1
a29d417dd47da86f7d8d6bdaccfb35891fc616c1

SHA256
848354430d1f940da85d0a25615f7264ce3af84e2ffb6ceb9c5df122f833e92c

SHA512
102795a9e21c4c66c55c3ae7ab0c6ec4c050e1088da8ab23cd0e652048bcff08d24785221c750d166b7a2682326158ab0fc048025b6c5153ed07ca5b7d1d2eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
02a57278e74bbf9fc19249df6427e0ec

SHA1
8708eaeccaecdbd08cb806c25696e66c84f07ff2

SHA256
03f201e6cbfe60bc567f5868252155963acdeaf1aba9d69b2d048c0321416c77

SHA512
cfb69dc3733722368333eaeaa12af72b57d85ca4488e7701612fbf9699e9847659ad9a90ed7413dae21570bf11f8b5d89f7b42b4c78533d04b3c23bd4e90a8fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
6449825052e2453207bf5978b4016c79

SHA1
023a4b5d798ec52b4b9f0b71aff176557304204d

SHA256
f15e5e4e3211735fa36005daad6342a6d12025aef2f614be5f54f53ebe5e911e

SHA512
912ed6c507d7f83d144d145d4b46df215f2199ebcff68ad3b50af9b68eb2745d4307fa0780d47ef7c3ffba76ca46f33410a3f4fa5c1a782e7845b9ed82c07bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
270dc05159f23e3e614d078e501aaaa3

SHA1
ab6a93f447f1bc292879928ca7d23df0b9fd5fe9

SHA256
d3718c94842bd3316bcf419f33bc7e735de66d5d97f269c8b7baea22e2998658

SHA512
de61f862f1db08e81a780d831246b491a9f2d7bad438a4176c8ddbcc8cacbbb710d71c460c6436208a3ff5cee0067c7df33b795f19e7ae5e95913edc7e3f00b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
201KB

MD5
f90558e0c41c5e01505294d80bee8f96

SHA1
b1b06f35a0fead3ca03b7e291f3bd2f0eeacee10

SHA256
15ac7aa1f557cd7e7dba22ab69581f555962ca2b3d528c0573314b5e56e9ab1b

SHA512
aaf666652b444b7c361b80ddc0e62920d71dfdc85895212fc0df73859717bf5b213a76364aac511918d34fe031210474a2ceed7366c0b9740a69a15f7c27f3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
60KB

MD5
7c778c52e5dbe1d4475ea6a9ab04af11

SHA1
ae5e75929092fde567212c7d57bf57274ac2eee5

SHA256
032a8fb6f44abb8ae4e89e8f0f73bc9e3fcd460916ca68cdefe2d0abdbeac9b2

SHA512
d5c43566db4981b6cbe9e66ccbad805aef2087bbf05e28d966f80c8f2ed0c15c82d356563e7d3ef21c4df4edae11c1762d1d8ff3f06988810eac59f34cd34e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b870959e443eb7853c8b02c017af8b95

SHA1
8eb4949c53acf133cf50635e92fbb9592ad5150d

SHA256
22bf7438ff82931468f697b8ea7906c609eb97dd80ad1f3ed6004b7c76ff91ef

SHA512
cee38ac6d65e28860903aa6d5654b0412049faa5d145bafb28c3f64aba7f259bc8852d2afe9e51abf7ac13723632396661a25ee321f218409ebe7d7238323932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ec98b8f8265764d0b38eb45cdb48743c

SHA1
0a00023ca1dc6fcefe8877372ce29871dc650225

SHA256
715830cdf125b6f21381712bff69275efc7cd7c7a1387c69f427d18b298bedc3

SHA512
b3db81e1c1b7fad00760974ba9773592fb8ad8788b77dd12bfdd614cd02cfb57ff3ca300a8b3846a9799fc632a70b61a2cdc459b30eae5ced86e24e22264c9ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8183cc3dcef202f7c8d0945f04b7484f

SHA1
b9270f757e75b4518d729dda23319f4f55dbeeca

SHA256
c8b3ecbabfdbff5f166bc7d78247b08d256330c96cf965b13739f7681caafeb5

SHA512
8a093e5aa92c31eb06c71fefeedfe2286f7b776070b18f7cf301fb5daada1b036d61f4c458c55798303bdec00a6221a6cd95b3c4cfc723c82ea95a73e3f6d6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c20a214244898ce29d840f10301f5670

SHA1
0b7e06fa4005e0321720f686e66c0abb1c493381

SHA256
a3a4d34fa4ac139cd2314f44dbbd2be338ffeef3500fc773d0e4c0b97d743b37

SHA512
f148cc50848bb2db2be4b4c5770b2630272ae5ccfd133ba4a265016b24022e5ee9782e127b59d175d5c1efb773f1cbc3952a709544f364cd595fddb231e19346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d4698544dc87cfd75f864996c934492a

SHA1
e57d75957c675723e469d6cdb9685d9d6b244ce4

SHA256
a0336a8363f97a2d83964d5bc285fce76b6351ba87ad903fa83595daba30cd7b

SHA512
3835324c3a5db867e32051ae1e368ec7c8ae66025ea697a26a5a65319095846f08b1212b765f11e4dad82716b9a2a8e2c1b4f9e00eb46892de0808146a238a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
10710b07393f87e74756139f3406f25e

SHA1
be4a219fe855650a1cff326a35de996e4013cebf

SHA256
64752d19e40383341cb0dca10a2e0dfd7983dbecd737fc4daa2d3db801102dbb

SHA512
c71bdcc358a01435e35327ff4563fb49b7c8c668b8f318c7790f914c894a4f9e4f995525b58993bf8be722117c771f58a6ba0bb692262448348d93fb0917745e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0c253715e36944f373f6295c209f3073

SHA1
d80a3051fa99ce16f1b9bc43f028629b6a85b3f1

SHA256
ea16820c2154a1b786225797854a578585c312d97b8bf6cbab3e98508855e710

SHA512
6feecd537bac8822d1fcff9b2803b1b95c561f036960792db1fa44f5e1606a352b3907904c6a77d269d3a3342a883f3ebf6c9ad882e92e904953a184e275d3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
3869482506475717a927188a2499c421

SHA1
876237430ad29c0c81814d22a93b55f4df8c5998

SHA256
f13a5174c0f730f47c090347facf43c4d998b0ab59f6015aa99369e8ba08b94f

SHA512
17326eb4c4d358cffea7f5f275bc1b03a3e5942d0c545d7cfa8892761901352d187f7e25d6a49b4c35644dbb6e680a2cf2b4221b5edbb1ea8bce2ceed44f4af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
dbbe4b0392e5801f78b8800c24879236

SHA1
084bda73ec59fcee01df20e9f0367f058e4d477d

SHA256
cc3090cf2736d5dfba208a974068c4f26821a015688bae043fcde93b56c79664

SHA512
b22f674159ba1501d7b4b6bbd7ef3a29fd716f798d73bd19fd4bd0a914fbd636f345ce8f34dc0dfeef3dd04ceb82da1d8451b09d7b971dcd5e2333d4bdc0f628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
88KB

MD5
6cd35a7e935499bab78562629c0f1c97

SHA1
f648b1e0860d73b00df3a4c4bcd7f6da162816af

SHA256
5c94699fec14ce3cf87da70213d8032f6f36e82a2891b0da54fe228ae2168a33

SHA512
0ce6384b4412fb4a0b9784cb64d755c1a845ff68ce62743747d99c3428a07b47d9b38a342e322cf54579bd61b911e21f3603d1cb11d1fe7dc5282faa19b0f59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
667926b17aae07927845cb1e4d9331aa

SHA1
4007238a4e72b886fbf8d8bc30fc945f33fa97cc

SHA256
6826a9403893f3395aaca4aeeb1fce8b3e5e3aa26aaa765b5e1335b187d61af8

SHA512
777a9d0f49562d26a03b75338d45701cc7e7bae8355e874b705a29f1bd7d16a9ca74d2d212c5f739ee3970c70812c08420b73ead8fca772184b5fff7cb9ca45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
e0424e466e74baf170975e850ca9fb66

SHA1
5d3e399348b17cdb3ecea017d737ec2c30309d6f

SHA256
a76eca441f9a2e77fdd419772f7a052fff0a2d5646c8c48a96234e0418fb28a5

SHA512
61da63b0d44de8a512f6c896b0ffc4356259f6887611c42a2dd23574d52156056c3b3bd4398e1556455119f945d2a8c1ab36bc46f8a6857351c22c18a1cb675d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
0117bc7f93c8f9003938e33c9037195e

SHA1
778fd4ffb79a5f17c4488b88e880c6a65b088c79

SHA256
8409c17f76fbd20a301df187025044f86b9be81065d1519aaec54197dfcbb5f1

SHA512
5bcb251f132c14147081e7cd38816326d4858a3518cb35d3c1ecfcae1ba0b84c40bea6a745de35a6d2a8240ff7d8effe19823283a6d45c4e726b0d2e7ecbd693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log

Filesize
23KB

MD5
8a9ce057e1dfed2ebc05dbb48355ac24

SHA1
e40c8a66e50da8f0b22a5847115a73ffbf31be32

SHA256
f3a273823d909f4fac372c768fc59a68ebff582dd4a85f086543c3a710457857

SHA512
2184912f075704f679175bb60218728d190626cfa73ac84e178becbc7010de82e9272f32d57be04a5398b91c6445ba091df52c0ef13f3eb74477fed2f4bd3ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000005.ldb

Filesize
35KB

MD5
faa10ae6cad3ae5a62c0cb0fc99f6db0

SHA1
c5c0c7a9d3d49994f7b02a77b8630a6f697824b2

SHA256
5d9ce39350c0270066fdfbe3097357ad6ca61d7ed0bda6a0495a34e6c9db7eda

SHA512
ebfbf5c9a4d90bc81f36589af0353bec594f63e8e6aea214996e28243fd0913010c116e48c7bd31f2e8a73f37292fbdae810a4c32453c146c43a7ef1819e23c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
494B

MD5
1a5a8870a3ad7774ba412d734b5d2ced

SHA1
3b3debe0431ad6d08426dd2aa1f6c1fa92aea65a

SHA256
7d8bef1a040530f1f302ef629eefbb87d0e8549b4cb59b68456fa291e7d317fb

SHA512
3aa2b64e2dd66346ec35fee20b53cefdc0773a4ef31df11b6e264f26e7d7ed160cf12a8e886be5b21651893b2d2bebf79dda5de5840bd3d36cf1e0db0e66679e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001

Filesize
139B

MD5
02f5e3fe42ddcd81e904372bf56498a1

SHA1
f09bc473d8622b14ac95c0f4eac2bb8fdd35f1fd

SHA256
fc532d03d1a7d637de53b1473855f5e55d8bb8d5c649c61f6ca3c6747cbd3680

SHA512
11766c9ca1993412bb928e160dcb828feba8b8f146bcd3659517af5ce771a69981c22cecc12ba7e31deacda63838eb51919a5f306ec56f78b6a330fa9d5c9f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
46KB

MD5
172c0edbb5a246ea6057954ab8a34e97

SHA1
f312ee58fcf1c7a98da7bd04ab6e37a20c52c896

SHA256
2a5b5205463054cac4402ab75d8792aa1215e89893e17d2a6d26006b1cb8d188

SHA512
e701bfda7147b5008843e53750132ff47a5d8823bbf2801d81c64972b1252cfa410e97e68a0e1ef25872f28feb627e0b863e75f08c99dd99690ff5155c2cdfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Media History

Filesize
76KB

MD5
0524c1d5b6e00ecd83c729cc5b1c4289

SHA1
748112954904cd225d5395049065603d36f461fe

SHA256
c9ff2c2bcb85cff32975cf17b30d0412b94c738fd3cbe34b859fc8649d875f8a

SHA512
ab1a5fc41bc596dbfadc7b30f45c0bfc8592fe12e87efd38fbcdd3315e23d7cfad08bc5f1c5b7d32fb8929422771be5b066c7d90f8de29337634dc3b8eb305db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c89f5010368c5013f2c6f03ffd7ddca7

SHA1
556cd599dd2286e8e75fb365336099bf9b3fcbf9

SHA256
cf4109ad45a92ee6e620bdce958c7f58b80c8a2a5a80237e835a4ed9002f8380

SHA512
e76f8658e862fd76b0e0cbe187db2d012ab5c6d90cf76597eb40b60097153b330cbc3e7713396a4e36e4e5707d851199c73e010a29285b6eb88864e995ce6d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7b930b5de1c315b671cdc76c1f7f93c

SHA1
3fec96f204e1fb0a31e593453811488d201b7430

SHA256
3c40f4b0ee173736b16be62af102c9f3c16ceab54b7a3713ca79532aeb072e5e

SHA512
5e843cb045ea1468739b86e24d7ab023b8c50520e664addb9009fa53bca942fed4ffdd913803c508ac0f1cc2e943100fadd3146f68a6b2a4c229e0128e73bb0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
94ae9b4088126c8af255c85286128893

SHA1
bd6009e992083277f7c659e9870e63a8cd19b729

SHA256
dff529cb5b5c9ddad827825f79e1e829a11f80510815e5d05c694f6454433712

SHA512
8b386e10d9a7a0107619992194eec4ebd8d17af074095e7c80b8eaa02af662977270a7e6a1d9a06394feffba70c34dbaa6ffb0d7f5d88a121d33feec22a498f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
198B

MD5
26f632b6abacda9841287b03f26139d8

SHA1
378d2e95d5ada4ebac9b3a01c8736d2115ef2b96

SHA256
45485f30aad43cca321cb97cc8076ac3aa263af82643a1eb071452212c5048c6

SHA512
df2a3989e4fc51a845ba7a74b0724cacf5b4780e9bba8f0694a2cc1035557a4267633a3d03bf1d2c82c8d35392dca886f41623c0838e56930cf370000c6c88af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d82700136491c71669441a790e245377

SHA1
f9a60a2d382c9655cf91f2769f37f1096f672292

SHA256
5c1f93f973394f912293d691680d2cbc7e93f61e4929d398091a30cc1a4aeb31

SHA512
33646da63ddf60cfa1ec9e6bc9473c2c6de9f5b75b500018f6a2fecb9c97c3439e51d4f2889844575dcd26ba38ff12d11d5bf0af22859e58933750214d2386e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
84B

MD5
32b9dc9cc81d0682e78627c873fdd651

SHA1
46c486386d3e153c3e9b11d54cb52cf0064b71cf

SHA256
712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

SHA512
f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
701B

MD5
0a1615b5f92e74148df10f62fb78dd64

SHA1
13a0b44482ce50a99f056e608fcea7b216e6eea0

SHA256
95e625e7037dc41c115b6e8a4eb9456ac3ce0dae4cc45103548dcab38f7e81fc

SHA512
958f9149f9dda81ddc3df3eac3121b951bd12abc101d3f2c791b5e161e98f9e3b9c34e1f7d6a302209bcf29b555f2c1f21f268b6d869c36cca232a6b607e8248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
171B

MD5
82863dc516b1f0d268d283782a8273fd

SHA1
4444b22ddfbc587e68dc8974eb8b980bd81cffba

SHA256
394023244b034747cae59b34b901960abeecddbbb8f9d08bea590841d207af40

SHA512
c0238cd698948a2261cf0fa5dfa0ed251e7be3ef507a31704842b1acc1695b369df8d97f6fc70f295ede69f5b2e7dc176b44273997a879536cf3e463fdae478c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
81b837ce87f8a3663b64f255806bda68

SHA1
e6f70f3d3eb5e3222839699e2cb9a0c06ab5227c

SHA256
43867ffbf07fa5dbe185f3411b3519f2ee65b21d0290a70881131701c7db7a9d

SHA512
cc406b97b29c224f151c5c3ca19cf042ee85fa684c8352185267bd271aca6d353d9862903bf4c1c9bc6447d6646b261f3b1dcbbe2d844e85ca64aacee284afe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
683e339bf43010fce6691c2e09d83210

SHA1
c51dbf88d94a53c238cfe1a28ecb253285397a1f

SHA256
3875ae4e7613ba505103151919af45d41bab69c3a38620b7bb939e6f0b45ff4b

SHA512
ae7299f61d24c8c085bd29f60386548d95b8c9e52ad509493ac7c5a2546a8d09396676088b2dceefeebe7cf8d05eabfc906acfa1e6c7cd7936bbdf63bdcb8048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e67c5944a10b2a3050daeb33229e5644

SHA1
ec29070167dab80e5ae0f2ebe3d7a05f98027aa9

SHA256
87e3d6f02a7b05854dce5066b79d2ed284c7f819c9454479e7312930cef5798d

SHA512
f6404e6fde57b1397f712fa02fb8bf9b50d040010b1e0b4cc22aeb06318c9f0d7aa85c2e7652b685af60517df662ba72575fa711fc15804eeda72c1a498087f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1d60c5d4d542cdee59a98b53a8968b3

SHA1
e6e36534c846c52a8ff230e66f0f5b97710e7aba

SHA256
f3c75143a9f380ec82d8b50cb9e832862f1ebf15aecb230b64fe9cd6dd77f76d

SHA512
369eec3552ddfdb294b0794d1be4674247badeb224f87a8f46d7cf383b10aff5df57fb5513bfcaa50bb2da1e30cdbcf7e049574d56d981139cd88204f9432b07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bea97c7d15a995638570fad321ebadf

SHA1
9d03f54f47a88c1b964cace628329e795a40cce2

SHA256
161e7d5e5ec024a8b82b5bcdadb316d0421ba5c9f84c0271c3834db62da9f172

SHA512
240e8ffc38d6fc19268db578d9dea96aaa72856fedd2c2e9769e5443b576f9ff8a677d2fd1cbba84612ae23691c63e552be5ddc3e33d2f0a166a56c3eaa19d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8df45476961534a524eb02c3a2dc2b2d

SHA1
af2b7187601ad19a6e2ffa1bec017bbe73699962

SHA256
7d0c5cad4b137bf05557dd0a7f2541386103fa6706aeab1e056c07d8da9dc86e

SHA512
3455969d49549972c46cb6fdbcff4630c3715bdf96cb718b5a76c461a25d22b76696eeb6a5396d7522a6ea0be0f5adc1afc1c0dddc69ddc82be8177ea841de9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e341c56859b1732a5c07a1ada6609f7b

SHA1
85fa8bcf54887caf00acb9a81901fa7ed6262cf8

SHA256
dcccc226711b9388ca3d9aa4bf5e710b7d3fe968be87a2721a25b4944b7f3b34

SHA512
611e6cee8a6a4ac3017c6b97332249dbaf81787aad74cd144cd275cf9a0c93d78f3ebe5550a8f3a962105fa235afb5e1172413d520eb8af28eba0331f3f9f984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2237c46efaeff6930aa7761ee8330e4

SHA1
5d954f1b008729834503b36a6a1a7361685a19f5

SHA256
4a1e518f4d9c16f1708bebffa05056ed24f4883c9079f88e093f4a38a07f925c

SHA512
5b3a60bc7adfec13cf53a7ddd44fa90eecbfc3a2a480627a74337a40464a4b75f6f2d34e4c6fc32143b8ccc5141e8a4127d101fb3c665b8049be3acea9bcd193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e9be9c19b4881af72b64d8437d7ab89

SHA1
dab8d8db90941ebf86b325e1d021252b4985a9c3

SHA256
78f5932c93b44df0be188a1afb1c05eeda6935671762dcfe57cd61a4762a13a5

SHA512
27be52a68891b0092a541c1b943e334c72439d86fdd5aa72e634c866fe17e77469db68cd05b359c07f4d0c8b34ad2d325db88b11a39e0ddf1c8450f43ec35ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c2806465415e96449f348e247ce20d3

SHA1
77bd45feb515eda038ac1b19eaacb577eb00ed34

SHA256
e9ebdcd4d8b351c9d6c4e408377108d0a26d70cc6ae492abbd60894653615d4e

SHA512
fa1d94d09fd9951de0ff812d6c9c868eb21677342729c2d9d0c9a20fe20e1e668b8b5ab2fc5aa44ec068769e1f5f14912ee6be5704dbca51bbfc2624f518983c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbe05bab170aabda4f626c810db9ba66

SHA1
c7f45074ac7a47bb3538c7f13defe7847f15b72f

SHA256
c53d729e2600eb35a5d2b0817a3d657a144c0396fd68a7e97b3884885af5ebbc

SHA512
976ff1caedafbc5cc8631d7830e2b7a2dd92d8ed56a4a9d219c3c63eb8e3f394ca77cfbb6383fcf03416fa9e582ff8ae71b00f395e054b0d4f71e4e498a36735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1cece5cfc1b58cdf99b69ea8fe2980d3

SHA1
93a1e95d7d13b3e205945d419da0dfbe0c956fba

SHA256
7148280930416bf63f06fab513f77125e710d6afa2c58bf2f9e5c44d81338709

SHA512
0a44cfe636c1c3a3129d53bb4861501d0a6b95b34089e425d9393aacfb403947f193a79696212909bf31463da2b41322bbe529443fd79e5ef4ab3f76f19d395f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1afbd0610406980037a2b3f7653b02e

SHA1
0955ad4dda769249e31a1ed615d06a7ee8a7d7f6

SHA256
bc176a36b7405976de70936cdffd6cb79d3f1b278e82c419835a4ffdcbb89958

SHA512
2983c8787dddcc761a7aa78b35572929b18f3b0535590592c59a16270c603bbb1bd1c618b82ca9523eaa1d0e93eb45a007a30863ef2524d779df24d606f731cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d3250b72c58e5360c1c776cef34ac1c

SHA1
904d0cb7309a8bfc31a081766b1f06df90fef2c2

SHA256
c578934beecc6b3b171c2621fc95b274af4814da63999777e446b443b5ab9caf

SHA512
99378326f8bbe206b1229b35ed45855442df6e1513e2bdfeac02f62491a8986a462eec8ed1f9fe02483b1fe30d8754e48f3d83744505de8ca25e164a0671b78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b5274695e26982d73b142ed9fab6008

SHA1
0f85bcdc1654a599ccfe83e64b64e94b2a145856

SHA256
6ba2817679888d384689ad7877ad3d3fc1ff30ccc74f106eec6b92c95e8ffc91

SHA512
5b59285c2ce7724253a5cb41da359bab23978e0d7e1668707e1a35be35a763a9e591c47c591246cf384f6e142c319dfe92dcae4eab4eba80c836a975f295edc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e2c7cb54ef1693dd3aee9eb3af72c26

SHA1
6c758a17c616a51ca278db98d92b2ee772b1beb3

SHA256
c28db228cc1f8f849c463f8f92de298d1e8d1d9fe143835faf38662e48d15d73

SHA512
66f3c00407d9bc255600ab2f809f75881bd40186ce047951a5da1a1a0652f26a69e9cb23d7f9ab00262cd459b585ddd05d1ca9cdc4720e60bf61ccfe8724ce20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
621B

MD5
defa577e03afca062a1a0e4c7456f50b

SHA1
11704c7191a87bac081ab8b60406da80d762fed5

SHA256
c7e727c8dc25df749ad10821d7f76b1578fc52bae01d15127518255f3af4570b

SHA512
197759b72d0b64a3e227c628e4e8f8a006305a488fe7700f915dd50c90b94e39c3e45488d22dec3838cb9fff2e83d4c91f4f24e43ca4870e1116b256bdd73dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
42b942cbdd99aea390062abca87030fb

SHA1
96575b080278eb1f67cff398828229d3021a4b98

SHA256
b107d7ac0ea5b322fa0b22b39cde93f49255c3b719de685ce43969318c5fcda3

SHA512
f6dfa75bb47d21c5f4590d8f145f06203cd8439f936ecaa49575baf67d30b7cba9b2fb569cbe6000205f23ae48b7d8fefed0e8b3e5ef96a36a2b9647e077085f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369945060108317

Filesize
12KB

MD5
33eebec7c83b156c72f5344808df95df

SHA1
10f803d9ce0878ed6d0b745211e4a586dbaf153a

SHA256
521c697b0ec7c44753b9a66ad7cff8a4110d6e0a4c0428e1a1c61e87853fd811

SHA512
8a4c036f1ed9f30a0e88481af8e08ae59b9b40e98ae90be209daca1629f9b4f60b5f691328aa4cdfc5d44e4b1a9623c0620cbb208874bb5c28a0eb20a4bf25e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0686c7be3659a18c3af46f6b483da996

SHA1
ab6d84107a55413a18d5440a52798efb6c1013b0

SHA256
202328c33a736d610e52911ad077194873523caec2a7cd374a67fc6337417a36

SHA512
5243092ae0e2e3bbb23555533dd987671b0cbbd64d661f5a30e0e85e8503c667eac36727ad664460a147f30dcdd76ca6392535f9a7c87ffea58c3dfc55761bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
767977927087e93f44778368ab54b27b

SHA1
a1a3277ae203c905016a7819a24e67883876b0e6

SHA256
3baf0f1e2024bc3d83df8174647699b183739a04ff60d35c41d680ce28cded65

SHA512
ca3e8de1f940e3d5192f9353e223132cc4525c18901c36484ed9cb2232d30c6ed4cc9654240bc9ff858222ba573c23c75d14c5ec088e09a674415014154d69e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
7d7ec50dc175fbf941451fe7c338fa8b

SHA1
70f7368a3a915c871ff5f986a558fffe0f2876b6

SHA256
c562686559717208c17f0b59e740be670bf27be5c1ce371a7762b2ffde9c526d

SHA512
a947883ed5150af8bf2dd4d292dee757d543d631b260cadcd55e71709d84577ee5fc65e1c9d63d4417bbc5cbac713b248c8e614c6517c7c030518f2b2f288a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
47becb2463f6c63e96acaa973ffad7e1

SHA1
09e46b99df60d2e032d20bf437f01486c84963bb

SHA256
f718129cfbeea69d341b2fc5c29eae2bcd15555254dc2af787e44bd1b0996fa5

SHA512
e45d6e6a4d3b1078a7ef771f567897ef28edab9b25234ef5385909894ec54203d584f8dbf76f685362325167ad38b5d2ea42e4554fe3279bce6013bc5076fbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
c73fbb4650e41df9a05c7deb7ae8cf06

SHA1
89392e6a24ccc3d865d1d7785d982b5dc5a66194

SHA256
6e204679e03ee8a66df91b044ef6c2f49955971b85acb67ef1c1fa3d368aa050

SHA512
02a51f1cc2df398276fdcb501da22dce273d05f4826b36ec9409189abef2b0e2fc6135f85bd88061f8c56682ca6a0d31c4c0aeb481e404444be98b9129354f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
d242266b314241d8775d6951895d3bd7

SHA1
beb1e09d01173b3aa57aa77d6a30b918b2e8ff1d

SHA256
b7a5706a753eb2485ed38845f5087c070b4412c2ef8ab5669c19f1195f4fb42e

SHA512
3102ac50d8259e5164fc6736961d6e2e7854e9beb2b18dd908b0b947ddc66363178646ba96b1541a2d1a0fb44a3d6eafeaf0b21282ca2afcbef76bcb80552433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
b1d319a77418e9481bd4b9c05c078e44

SHA1
d8242c7dd6d8be7a4eab1aa9d3595bb2b9fda49c

SHA256
a9408eb71daa7f123e68bc86decba96ae85f49c68c889cfc13d85fb166ac90c7

SHA512
0d00a3673b780ce8b59d80a2e8e0be17872511d45604636626d1172e0e2f9168059ee0ba22865b735ff0154d3d9c90d77b5a75f72d3742b8445dc48be843220a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
8e74a6762a71baa2ce85eb7e6b9537b0

SHA1
baa32ffea7a79a0bcd6c601dbbaa1d8386a28a8c

SHA256
8981954799e970acf0e7379e1679da5e4b6a7e55b9cd4d5fd85bd21f94f412e7

SHA512
65f0c0d7ff90a4feb495383262b6e78a0c7566e80eee9c63a2f2296e08d813a78558ce3a413c91beca2b9ff299057a503b6d1b5dd8dbfffe7441ea471a16bf7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
c63ceb2a68ac29718ab6ca74b54836c9

SHA1
19f1a73d8ae0a5160d99da368f7fba7867c16611

SHA256
028ddfb83cbcbde2a6d990b613fbafc5a3c0689f27456a37381fa92ea660e26c

SHA512
da328b7c298465cf944c4a1e10509401446ad9179d88ac715e03a119145cd86d2772554e0e5d4d8619005297ffcc06781b776cfb93704d7246bec240b4b58ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da6a01253f2f9374d997886dbddecd94

SHA1
253eee8f1fb7a6e559789186902d879ffcd00835

SHA256
94ee5c8d244b4457159046a7ccbd4845542008e71be9db15a854d7e5f61942eb

SHA512
f7922759b96e87f89999ec1da23e51427f5b46b22cbf9a535b26fc12ebba980e2cb69c6e375816639ab483dc5562b8d3b861551ee1e848634d954fa469106754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
53db596101b31260877a675722c2d197

SHA1
e8224c81092a7c422ec8adff84142d509686f790

SHA256
071803deaf6811b45d3283ded265259d02b8ec665a276e4702d9884a2f97357a

SHA512
d3c3173e0c09f46dfe58d612e482309db02279a57b361f1dc9bb4033720e258530fac442e85c343014c125f460e687e900341495d9be9340e08b12384c71e303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
e62ef6f67b4ea4714e93d7738014a2f9

SHA1
4f746b794a812b30dac524b779ac27f3d0238d36

SHA256
e91868e6ac1ca453c7c744fcbbd5f62ac5c7c5e9f0a5e60fb0a88af062f80c74

SHA512
4045219ba3b4254999bfa32791930ca2e835ee6f314e403f617572caa62aee1f1f03168fb3ab3a86c7233c2d016f773bf256163c6dc3436d35809c69138beaee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
c766fdf620dcb6934ed25b8f0f559970

SHA1
85e88b787aaa673bd3445788654f61f67b8f72b4

SHA256
fe2df3423a162c09ad64366c18dab531209ceca820109cd7b2c7094bb82c7ce1

SHA512
4aad810127b70b97ab21641a90b26ef070dbc30ff9495d6a3939c0f460ff9fdbbea311c15e07b8c3c6d296fa8a36a2292e5104dccff1e5225ae6123e58e0e951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0cdab2bdea1d9e535f5b85cb3b9e3589

SHA1
516fccd052012f6f5ef02682c8d9fe1d36802175

SHA256
4b6255bba39f95fa6c744b5124cd9ba2b67ec26645381c93a613ee48511c1a72

SHA512
ed4b185cce06697bb2a35cba7d05d3ad5ef4227b8bfc5ee95e381456016ee8568aaf6748754f6af10abe6ce2bf0666fa7edba049f57f0820198db07c29ba5596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
a19b94ae88d81584d9c2844c74225773

SHA1
c32510c7e4ca2aa239039282413cb1a0d1cf1e28

SHA256
342ca5af4a5ead2533cc715e3cc2bfd4f8f261362195ecc562c89decb04ce28a

SHA512
a03b8f7a555307e0ecd1ee82b61cd44263bedcb725155b4236ca8c0c3e7e598f579e8e0b60f3fcc371d5eb5578b7f6b5c0e6f364f4c8c2defff1ce98b59d3aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
721049e061f651758d03d8e5cf91aa10

SHA1
286c396621104157ee80c07aab55f6d124366a90

SHA256
0568bf45cc8dfe41dd9c4368e901ffa94b9c646cf2ca356acfae12d640e320ad

SHA512
8e0fcaf0a8f3f0ff0355caa32e09c76015019c43319757d95e7fbce78faf19b15b4cc0e04e692e71cc79253219d1bb2baccca7bf42ac0939056df61ae3ce92bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
2aef5ade5edafdb12c42b639a4ce2dab

SHA1
021aee1819c26d43e5565cd07c15eaeae3f62e57

SHA256
2ee7924cc2be97d3cffb24f30c025effcc3c16af096aa5d8e7dbd977586ee708

SHA512
cd7843f2439bde4f1b5625f362edaa354545e7a0dec7d4bbb58ef751e5938f33bc1cdaa8f7f39a86fd39a2e7138ee12b40c74f151ccf1b09b7ad03e28cf1218c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
df3c87bf5d34b46267b468d8f3ad1c5b

SHA1
1880fa1fdf4dd8d41ad2415a9e42b7340a2cb606

SHA256
b80b99d10bae2fab15ad6fd3676011b2e48d879820c76125ebf15682277361c9

SHA512
8086b8d2c2112cd43f084c8a7789bc277d5a6753f41c151c95da06b2058074d52a45ec777fa7e609ea4b4d7903bee4f8525816de5ffd2943f7d53a4217634bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92feabcef19b20747c54f3dbd5bf820c

SHA1
8aad69658061d5428c45207373d5e7e5d6e50bfa

SHA256
f1857d75de50b5e99bdd07be698762664a1440db1d40d34839c5823c82ba93c3

SHA512
6eefa7f9e76a5bbe7b6632ad4f6f7c79ee94fe89486c1331c14932c81d363f322ec4d540300fa1e06f74ed8a4c168350bef45763e10ad209ecb8071a4461a7cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
77318d5600f1034ba38b524db653558e

SHA1
a4392636104db3f5cd38752b5814d732c8b1404f

SHA256
977879d299d1e94743d9aa99a27ff2f9c81d8b103d4aa3711d786b13a03f8826

SHA512
e5f3624626767d3ca96b6938dd93d9a9d652c6cb2e65fed4eae1d5001c5056072db90c1273c1a0db4017bb8fcf8d13da1e0ab6515d15fa911f1d7f3e98f0c8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
e2d0fb55a21cab38f060f82a6b01753d

SHA1
9e131b388f525de3901959f05187949e720a0513

SHA256
c513f0240fbf4b4808655e70403458b6c113325a5fb6f07d75d2dfa6ff6bcb19

SHA512
a15c8849546b14b658ef77cf9d8466da9b0b124a0e3a11606d7fe28c819ed8135545249f898185fc83b2a404aec314341dc9ed2ef3adb8d32fcf09dda9cb8489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
36ed53eabe28d3e075a36aa5ee7dddd3

SHA1
c4d8e6c52543214829f7493dfcd4d7c2cf2eef5d

SHA256
f47e3925af40f3a92a715c5903af878ac84fda83c954d9e34df55be47c268a8e

SHA512
ff464b678e4706cd0b77de33e55fd3b045c07385f142d7c0846d93c874abf61d6e03dec4a8570c0b2695398f839c415736425f3bee158b0a5cf98a9ba82124e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
d20ff1effd11a8d1803d9b61e69bfa87

SHA1
f61cd55a401e3885790254350327b51bd7bf3fa2

SHA256
49d973939e3707c7f2980a398ef2abd963fddf5db2bfadb1e70391205a637155

SHA512
14c601302647ff9386f0a2e0534ba19a30a4e46f9d8f59d13b9223256e95461c2bfe1c067a8a19944eb95e9f2e77d650925f59c29066d09ea21ba2fef7277902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
07fb95fe9773dcc2fbe073d9264a0174

SHA1
49fc335994d25cec475a5cf23c30f1050489a1c1

SHA256
f011c8bab2c36a8be6350c223aa95eed19184a38e4b8db9af2a8f6eea507c2ee

SHA512
26dcf8b3c279b6e4f41044f9bbe7b3a69949b90aee3a6c11f94528e950bb487ea3136d40f30d5f9f0df7b57ac154f6a9a7aa9409c0055104e67d5845b9d831ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
abef3f2422e30d8088f36c2e01be2fe4

SHA1
2b71258c4708d824d6c360b9a8f33992fbb3f81c

SHA256
e9d26630bb8dd155c9f3acd2becf0d7c48a4ddf7edf8f87a63e00e070aae3328

SHA512
6e417c935b83a9374701a21fc075ccbbe36c4aeab0799445a519a8ef57dc725c2d1fe0862c8225d2a63e8156b1cbcb7d516ef62edd515ab24af8239fad3accf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581076.TMP

Filesize
537B

MD5
9c0924fe3d53c2ae5c30eaac6b7b2d1c

SHA1
d2c82fdbdbde4a66c8c13aba889efad93cd4e8b7

SHA256
0a499c9867df2aa62273dc09fc6e325f4abc4fb5d655e5524b16d77751a39ca8

SHA512
8addde8967bb05c5b569ec17d63e5a77f32a228719d88330ee7b56bd02e64488a8c5704551afa738a39d29f6f59cefb3927fc0a5c729a5f40028f96f59dd284e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fd6e08bf9be30e0c8162a15d1923cd43

SHA1
aaf52ce3ff86784be06a7f8f862be120d48a7600

SHA256
0d756c68fa292abd792680bba8d16abf05e565d1a628163fcd74c0202070f4a7

SHA512
ee6bff19d3bc7734662c30b01660e3a2f78fbf517298c4030eb36b779dc901b7f72ecb19dcc1256a048dd5ff0d86c89e97185f54e46990578522591d7a608df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
32e3744058fdf020e340ff6970bbc816

SHA1
92935252cfa8cdf3a8478cc6eebdaa312c8d1961

SHA256
660e1df03fa7eb53e6c3bb7d08a4dd2a4f4440d0722b69ae91954187950fc76e

SHA512
a38b1825657944bc1eeaaf34029714b54f59bef59c2492bde289404efca8575babdd08d287f80be0ddcaf76833157740661ff99b1abd656386054af1fbd98220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
84KB

MD5
407bd5cf817c5ee14f1c8f90a1cf18d9

SHA1
778621c09f0799417baa4ea7a8e5e023eef59273

SHA256
7ccf8c13e8b11246481f8a388762a4d7b6768b44de5ac92705a3b30c7433ca72

SHA512
64d5789b53a70aae810dbd734711973d1034af7ca3ce9dc9ef3d52a1e118fd57c5fa9dee3053fb48b1d7842ba962d302e1f322da05769cdcc77a42d8b420ce58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
76B

MD5
cc4a8cff19abf3dd35d63cff1503aa5f

SHA1
52af41b0d9c78afcc8e308db846c2b52a636be38

SHA256
cc5dacf370f324b77b50dddf5d995fd3c7b7a587cb2f55ac9f24c929d0cd531a

SHA512
0e9559cda992aa2174a7465745884f73b96755008384d21a0685941acf099c89c8203b13551de72a87b8e23cdaae3fa513bc700b38e1bf3b9026955d97920320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
ec0a12b0563a5b1289339f9390005b98

SHA1
6c03b74638a45cff5a0d633db543fd202fabe1e0

SHA256
2f58bc48b69fd38f87acdd47a42e5c6bb10110ffb9874305239d2ab09dbafeaa

SHA512
5a55cb3501b11b02629c37cfcd23ef3dd0d2dcf32ebe182720c885d80d565e9ff18927785cc391ea35a38bd9a07c33ceb53a98d26a4c2a0e6b75c4ffacb280aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
be513dff8b8891a676143f9c85ae7076

SHA1
9b3a9befd4c45827b1db22ff3d706e502e7f8e86

SHA256
a32d961d778b8d0f4f6a6a20fbb85f6ed0d9061ce63a00073677950113532975

SHA512
c8eb3d96fa84c6818be32fedab085bb6dbb046af46e583bdad43dac4a0063eac95e1baa5238a8ba938f655cd1f82b267a3fbbaf88e84c47e9e65f351bc27ea76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ab1b9d58071dcd839a0fdeb32de40d01

SHA1
0cbbb99015aa0ccd2df66e43c1e74295fcf08b04

SHA256
9d36358c8cdea8b02bd8b02c19d8caed78758aa8e77b1bfca46b27d9a0b59c1b

SHA512
e3e38af34e265c56855c475cfc81483008ed51f19bb11bef4f58d127c09c36968277d1358372d80ddfde083ea91d8f2a8cdfc6ac8885d836a3a2b1e04b6d5bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3dbec5e5affb893d2f37a25cbbb3763a

SHA1
f59ae4e084467590d218e57a313e2acd44c621de

SHA256
ac5929dcbeee63b7feec9764e3a6b909e08ce3c79ec3cfbbef4729fffd867284

SHA512
13199c2851be70ebdee7fe10352d178be0053b3b216778187939dcab15da2cb4187af02f1478d07595e60403b0bbc61fa7dfc415917b2185bc1cf30c118b2308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6969c3831b45c8e8ee11b88ca2766c0b

SHA1
9d9184e802246c1f0fb55a652f28a98131fa24c3

SHA256
19ee15b85b5af199578282bda726688a6fa80a341d2fe406d6080df3f62e1e63

SHA512
e94b7b1b117ba9a21282cb04f8e456b8eea19b44e57895fcb7faaaef0bdca8f77110e1748d4959bcff6eabe7649be61d3a029822dfa8a8712b49432cd7d0742d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001b

Filesize
17KB

MD5
111397b8f86fb6e02df2d8615006125b

SHA1
c5696bf9eacb4bc578252246fb5cbe043cc0b4ec

SHA256
e37baabaa4f9f0562b980bdb8b383fa24e58fa90774363374144a30401fd5919

SHA512
17c736cb6e17c77d6fa4187c33bd7b4eec313a77b187914427366425004e87f9476d7df7b5ecb2a3166d5ef33d0e84600cc840a350a99d40bb09c09f065a8e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001c

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00001d

Filesize
17KB

MD5
01c531b6bbd06a2f0b438670f84804de

SHA1
a5095fbdd8112d83cff24536d6c769ba85300587

SHA256
28c2640e996c514e89ed0638447c3f58bd7a829290bf16d27d7960d2c1121efd

SHA512
61656b632ab006e389d8493ac008d3c670fb2f3a21cea44975c12a62f265f1c0de2ab4f516b302e298bba13dc9c5fc9841adb66f154c335416ce9b0cef89e118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3262da16513d13170389baafbfef8a6

SHA1
65a335c84f56e8cad3b06509f93b5ebf1ebddd13

SHA256
f646f86ef552a0a10036a8cabfa3e676efe8c9f94520e734a34310daa579aabb

SHA512
cc559dd80f9880a518f68b002359515125ac60c184e87fca6a3258502ff3e6957efbd9d676c2e535aa52355d59ff1eda32470cd43959e78b55f82dd4e965dc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b03d76a36f38fc7109e99325c50cde1e

SHA1
4553521e6f0622b830987c22422b774017dd4ad4

SHA256
586b09d6fd8420d4642e80739f08300ad7cb014f7f3a1580caa14c412e18246f

SHA512
26c1dae2ba23c7de3841cadc5de49bfdbf9568cc3f183fb0ffd6508aef5b395b3838cb9ca9e3f1ef901804ebd1fab7be8b460c7294a29d451d6805e768a3a5ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08484562d5e0a5a9d8074127b14e07d9

SHA1
3a23c22b3fc574e159b4fa23400e6733b8245e99

SHA256
80e67838ee0f1ced8aab18961aaa5b4677ce3e590002eb6fb6c59bcf05bf6e68

SHA512
acc2f2173de846cb7ec36a511f146d0e75b1c6a4f160c332f454194e011c6f2a890e51a30994d16aa886ce8e21b7db09e116993460e97480795861284ac45755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a30568c142932c776b38982073ed46d

SHA1
e8a74dc5092bb35010f2a188e0ac52e5b11be735

SHA256
da5b36d703d44aade3d3e3484d6a6a5b4c70e6c28a58ebcee238402280687afe

SHA512
f5d38ef629a0e518d08613c42d1e00b2f0aebec31d59efcb2663c418df317db21ad25062048a20e27e908e5f423fbe3a0f4d301df84b3f51d0daa300f87b9627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c4e262b09756c9557759d55da73efd8

SHA1
c9afcb83611e048d1ec39dc8617a1a7de3312c23

SHA256
a9675ca0b3a2df9c95db93ee5a56363b1b67d163e357487675529221c3548e29

SHA512
45c4ba90c134667a6c09718581059d62b5d0ea59caf4627453e9e9c466484dc628669b8d96ec1ea2c9546970a5df3f0a8ff6ac1e96a21741a82aed8a2fd441fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PnaclTranslationCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6185d062851b111b643751d2b033c2d4

SHA1
3a3fca4a8a7719e7f05caeb3686b584363121c9d

SHA256
c7c0a47ddcb61419b40c80ed08b13ea1897622c7bf0507c1e05ba07b439a860e

SHA512
7930d1a8b383db348188aa5d7cd7567928ce15b24b2d2777b051ce0113b42dcda8b508590422152b42648e547f485f03bac9b3532196d53a4f4569ccbdd572b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 752303.crdownload

Filesize
1.0MB

MD5
055d1462f66a350d9886542d4d79bc2b

SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565

SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

Download Submit
\??\pipe\LOCAL\crashpad_3380_OPTVVYUYYLOTUPKS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1492-2409-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/1492-2426-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/1492-9087-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/2376-2425-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/2376-13919-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/2376-14912-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download