97f3aabf9445d243dccfe0a8e0662d279e2d77f0ad88e75ec44496af748e6eea

Analysis

max time kernel
557s
max time network
509s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bipecdki.jpg
Size

183KB
MD5

ef16ee90b57cac3eac93811f5e419274
SHA1

50bbd97e169875d7b5a5a6b74972e5d6f505e4aa
SHA256

97f3aabf9445d243dccfe0a8e0662d279e2d77f0ad88e75ec44496af748e6eea
SHA512

4186aa8b555e7bbe0c64b1b1353760356f260fee47e1e377e7f1958f5e02d47e20a6641189e85f725a3d2f145855c14df4a31da12156dca00a608c543682e5d9
SSDEEP

3072:9a5BgRtc2wC5sh7oQ260QkY9KNuraPk2Ziig7tmDL00ksXLpukZ/KEqSEfYKI:9sgRtc2Ky+jlijdLxnKYf

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
5932	Monoxidex64.exe
2752	豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
4	raw.githubusercontent.com
69	raw.githubusercontent.com
90	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Monoxidex64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Monoxidex86.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{E8FB6A24-FF9F-47AB-B467-53F3CF98BAE7}	msedge.exe

NTFS ADS 7 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe\:Zone.Identifier:$DATA	Monoxidex64.exe
File opened for modification	C:\Users\Admin\Downloads\InfiniteBlue.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 894898.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 294334.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Monoxidex64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Monoxidex86.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe\:SmartScreen:$DATA	Monoxidex64.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
6036	msedge.exe
6036	msedge.exe
2676	msedge.exe
2676	msedge.exe
5212	identity_helper.exe
5212	identity_helper.exe
5004	msedge.exe
5004	msedge.exe
5928	msedge.exe
5928	msedge.exe
4276	msedge.exe
4276	msedge.exe
5380	msedge.exe
5380	msedge.exe
2004	msedge.exe
2004	msedge.exe
3092	identity_helper.exe
3092	identity_helper.exe
5900	msedge.exe
5900	msedge.exe
4084	msedge.exe
4084	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2752	豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe
Token: SeTakeOwnershipPrivilege	2752	豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5932	Monoxidex64.exe
2752	豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe
2752	豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 4652	2676	msedge.exe	86
PID 2676 wrote to memory of 4652	2676	msedge.exe	86
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6072	2676	msedge.exe	87
PID 2676 wrote to memory of 6036	2676	msedge.exe	88
PID 2676 wrote to memory of 6036	2676	msedge.exe	88
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89
PID 2676 wrote to memory of 5108	2676	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\bipecdki.jpg
1⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3bc53cb8,0x7fff3bc53cc8,0x7fff3bc53cd8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3836 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2456 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,7575181326939077778,8279493721149739948,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff3bc53cb8,0x7fff3bc53cc8,0x7fff3bc53cd8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1736,9350707952640970131,16732055391953281938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Users\Admin\Downloads\Monoxidex64.exe
"C:\Users\Admin\Downloads\Monoxidex64.exe"
1⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:5932
- C:\Users\Admin\AppData\Local\Temp\豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe
  "C:\Users\Admin\AppData\Local\Temp\豇挡宏衿鳾菰员魸亐聽搯乇凔澷緣瀁.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2752
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\eu.txt
    3⤵
    PID:1932
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\hu.txt
    3⤵
    PID:244
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\tr.txt
    3⤵
    PID:788
- - C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE
    "C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE"
    3⤵
    PID:1628
- - C:\Program Files\Java\jdk-1.8\bin\javadoc.exe
    "C:\Program Files\Java\jdk-1.8\bin\javadoc.exe"
    3⤵
    PID:4736
- - C:\Program Files\Java\jdk-1.8\bin\schemagen.exe
    "C:\Program Files\Java\jdk-1.8\bin\schemagen.exe"
    3⤵
    PID:1520
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt
    3⤵
    PID:2348
- - C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe
    "C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe"
    3⤵
    PID:4656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004D0
1⤵
PID:3980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:968

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4596

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3568

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4356

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
faa5138f07e111d4df2f55b7dace4326

SHA1
77323a6584d78d700292b229ed08bdecc45d7e4f

SHA256
0333e96703a292278a231f4129420e84b628b58b05ef3da999ff6ea59af5a909

SHA512
ad1e4c04c40a41314e03f9980ef2006482bd6611b5f88296b5c942fe7949dff5a7d1b53c88c317e3318f09b3227d06e76e12f1821a261f0ab81e2b7c3b3e32c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2fb138e8d15d78c7eaa04adca0d4bcc0

SHA1
35c18cccb65352268c7c1722f06aef3d0f439dcc

SHA256
b30e50b02eea2adcf670d6b903fd82d2f9ec66a5625116f5dba840169884c743

SHA512
c8d390711773caf2dba752ee470c97ae2b6375cdda89c8a0e2182465b0eee6e232d09f9b3d1fe3c084d9acb788b50b738f37f35098f1ec2a6b030dc7ad325e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9f5e6fc45e989005a6c4da2a37598bab

SHA1
791def94adcf3ef90c61eb9199dc2410a357df27

SHA256
d4e8e3e15fb7fdc6a74c13215b503854985e5ffa139b217ca2102cc259da375a

SHA512
89f7cedf31f7700f7e00288aeb01c2a78f24750ca78344731c5ea57a497279867415028b41b8313909c92be02f2f3330b2c7ecc8974a599ef5195358973f9a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
029326b3deeff1ddfd96e5ea29e2bb16

SHA1
d957a07a7e50497b70c6acedfc79653a64e259f1

SHA256
ca38b0af5467acc30e7ecb3d4fd5351fba0e8d02366e612bd361c57a2414b2b2

SHA512
f70df4742dfaa372c7cbb959157fe7b227e794ab1ed3ac4a8d25bc3a2b8f8348554fe2fbca56be85de27af06945571d6a486f4190954d912fc4ba5992f6d91d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
fb86d394a638d40da2278221a4a9ed33

SHA1
fe9e3bedc5b5f7e639b30f2bf995db5b15e5f27a

SHA256
c3f6a1b4467e7856823258e0497f80b34774b7bd72a7e8dc9aa6487296037906

SHA512
321a236ba075fef5cf5426c07db858b0dc478130e15e4fbe319ac7220bb67fd2a9484c537344f79f11e2f1e01f57ac71248cd431e0061e852f472be9992f861c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
47ce0a42f1a6f087fd2886aeaea86a17

SHA1
02d2224c61cc3b0e04aed7514d08fa335b64c1e9

SHA256
ac3548e258cd82b2e4ca8ff7bec4d57c0e5e3039260674731f92983bf9e6a725

SHA512
9f125ff9fd249ab4c131c38e40346f7523e35d00ce773504bee9ae92eb424bdafb2878a321d141f8acff70c9e6f087f6462e36e231f322dc505a3420c01bb3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f31fef984d7504dbf4e7bfc6a67b7809

SHA1
982d0f73a8a13389e735906a95d8e3f3da6ac2a7

SHA256
5ec3160c64e5ed94143c9384359aceefd06c453adb9c9ae6d18c22da5b3c0abf

SHA512
98691e21188d25a8d8ca427a13c085c477480d540000b53d972977b191fe82b85ba39d1e7c1b7af5d2120514d0a6d1d6c72376a669f599dda3fb8f6147d38699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
9adafd58a006c01ed6da6814e13d83f7

SHA1
eaee90fb238dc4568c28c390112b18b23ff8b1ab

SHA256
1ab7b4c7575a04c33c048215d352ab69db5bb8ca07064fde956c0cb0966b8eff

SHA512
19ce9a1fc3b8a6124974d811c748e5cf4c9926c13891cf9d9c83cb7602aae4f2188a48884367e1310690b10574618fe6615ef152e919a7615a47bbaef2b224c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
308487d4379d70f842d33d18688e132f

SHA1
0abb9ea4168584652cbcf3dc488fcdcbc5ae9d90

SHA256
c30be528b935e5e9459252ba331ac699b16ed5e78c59f8903a6fe70910d6d638

SHA512
ce201a8b0b9201f951d05fdc1e5f75d74976f23f2300d3b2fcf17d8a957169979774f8918fd40fade61cf869bb5aaa3d857d8f2709d3de9d2dfe98e8c7c5e42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
cfaf0ba1bae1476f36de9fb9adb73a26

SHA1
4f3cf3a0f7c57fc4a22a64d144535dc36ce8d925

SHA256
6a5d84353db16244df29f4a218a285fa8b2a2d0cd6bccb21fe2b9e8ce3be1f93

SHA512
0ddc3415907ae806f3f6c50de78145c0addd66fc5c778e89bafe097921cffb156dc4f706c88724c28a62365124b82c8628c3720a5c3ec46388481375bef22aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0cccee444f2fa026466e9e042d4d424e

SHA1
2a159a22b7e2b0cbb5095f531a5c2d1fa6c23525

SHA256
2d28d3a06c646c5826090d1b1b01aba13b43fc60dad98369e310b6be1b7baf7c

SHA512
1816782b4d602ff8bc5e665e377a6e1f516adee662ee8387f07b4ded38072ec6c22a11798186b11c0ad42b0ae46ead225700ef35254c62633264409d30c99a8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
04b069f046c17e96375ae23bed328a81

SHA1
b8a2a4d5c2d75aabd20beae8cedd62c6f821881c

SHA256
701a9fcb37f7d8317bed7718166dd82ce1f62aaeb5e9c61d6a0c20e37b676db1

SHA512
346bf024c877469da0832a1b175d0c98d47dae13bc8d5016526cdb7a676c883185aa77cd4feea52a140c765844088b52407a61418a34cafadf02fd51c452911b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
580ed15f1451bf02e813a8084a54a910

SHA1
047d566cc4224749c7e20aabd95776a5687c1d45

SHA256
a37952dce05db35dde6f7e6877951221a1bf54dd3e733a7b0d9566ed2b238d46

SHA512
f88c6cdb5afbfc668b649d5ec561563fe5c2793a45381da821da4488920ea2499b5e6ee2b81e5fe86d51f56a58b7c8493cee94248bf23a0817713dee3fffc9bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
16KB

MD5
f0cfa635f9444e57118ac088a4025350

SHA1
4e4110b8438650f1a0b3ecaa82bce23ff2cb49e2

SHA256
bddc9d7ab6642b383492a163923f70d65ce72866c68f51311baef0ded4e6d7c6

SHA512
e52dc4a778e8e0ea8f168bdebcabfe655c5b453ce3721cde0b2546f5174561229078c3f429998e012a75312c1903fa6ee945ab6281d60f369caa29b8b75bfb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d6c8ae151d7e6a3a4b3f4605fd1919e4

SHA1
3ef6a4290331a9d037f9be3e76d293085ebee37d

SHA256
0dea3f81bfb9d0819946ee35b998d0c35a30199343c0d6b3908a47d65effd501

SHA512
f7c436af6812ed28c37a50ba1815045e552232ff5cf9d98262a80f9eef36b43f005a19f4478b68358c763681ef4d2143b872f2bd9ca0b01330afab66a70e7f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
a41be70ce9a0d47f6dee426d65061644

SHA1
5e1437e2ec5c2d881342d7a228333a32917c6921

SHA256
6cbde181f4ef5e6299511effc739cd1fbb718035cd8767dff5f36e1563c42081

SHA512
cc7bee2cfa4d481003391cb87be550099e7c15937c2240e33a14ef23f3684508c95e7c9aa0d01b5da6326b48debdfd34acd7bd4e937fc70a096261cc16248c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
812B

MD5
8ff98f577ef4be0dd0faa9e03293485c

SHA1
106633752b9eecef03c5fdd328cbf82a710d802a

SHA256
4d00cb6aed79839d40fc9d575992409efa8426e191ee3d70126c8341b74b7df2

SHA512
910eea30bbded188a753f39a4558f1c67e7b8fc54464ad38d9b94f8d7c58acdd8dc0180d31787976cfc1f5cac601d8abe965f456d037df66a05b34fe5ea03fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f9c55354cf6c7cff24b4e13f077ff12

SHA1
085c9d018345d1ecd801e0077ab9daf10cab89b2

SHA256
cd68ac1527e4c92b466d9d94bbe63658b115812deebba23c1d9e319f81cf8173

SHA512
cd7ce8fce80ca623a1fafb388f771604553b22c2c1fba4b2d0444c55cd388a3ec3a1582e7593945180b658567ec241607a68fe724e5081cf35900c1fbf11e680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31d96caa8f62d03a0fd26aceeec25f4f

SHA1
163ab82123009b443215fbfccee71d480ad46ba8

SHA256
64b9ab02586c6b0f24dd6c6688214d0b40b7b8e028670a86270570f5ea1f13ec

SHA512
f9fd6fa2a471e83751db5ef5d1d2f4f43fce26df462a54bb9860b292442efadd74d5da029a26f4ef670f182d67bf9ceb161f411bd8b21443d4ffd3797dc46487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85d46d60cd9b7905ca53d277dff9e5a2

SHA1
e757290d3d2d96b9f2aa53756dc706af769cdb84

SHA256
dc90c14850b6f8bc3d7d613fcc94c7b90f15c533a456dab67f93b8bc95be4215

SHA512
bd9bf8772ae2712f969d0bb285a3ae4748d63614a834f87d9049b131eecef3079568ff76c25ccb8b74fcd86512adde061835eba6d20dc0b0ff8f3609b17f9b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e86d4f618bd281a137a67084734a69c7

SHA1
984ceca61df910393801e760b4bb4e5908cc9fc2

SHA256
20b0a7c934d9282316696f7bf4e85972a2a9158d77b35325fdb727b1f9487bab

SHA512
4fc71d22384cce0ae37dffc6b0b235a6f2838bc9e986411136fb113fee2569e74ec73629e79d4cbafad2829ff0b3347ae26256a97860dec558c93aa26ae987e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
10c6ad597e7941545e9c43b04b86b571

SHA1
38019e917e22be101853eed2d5e9c904611c27ac

SHA256
f6aa74f01068ad5183891b9e6c7f385949c8ff2f14980c6cd90f5a37a95dd403

SHA512
cb6509b344d884d9e8da8a077608a16defc7401072272a281f0bffb6d60428bbfccd46c6f0cf66ba6ba6a1ecd83fe916b14a6d3827c3eebfaaffaf92e9aae47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de58b9823a5dc39b8c1b1f510a629c3e

SHA1
9497da0dd6a2b47d2932816f13d8fc8e1d6174e6

SHA256
fb50df4556fba8f7d0b21dc4f0240e1a150ca64bc3f37f85ec59f493d2868fe3

SHA512
9bc5a8e79a8836f03465bdae90153502672a65c357ca159d76a97ba9ff6c35e6ae180b07eab27472f6eb080abf46881ed2212fd1eada4e6c3e434d8ecf3d29a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbaff720f9ec3439f5d6b911de1215f2

SHA1
405be51b773492a2967dc046377e75fee482d0c7

SHA256
8651aaabf5af117d3169fc0f3da213622679fc7975e240a65c7f58ba87f306cc

SHA512
adac0b21e38870dd54c8f1741a668bce371aa8c8b46df7388ef223dc59233ff21dbf6d461de857fbb86150d1550f2249442803cbe873c5ece27d4f06c06a797d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8ea50439ec013122d7a4a6d981947b01

SHA1
6edd7d9b2eaf4f948a9fd5c2fe30229471929e65

SHA256
f7a385a8fcd47ce98aa8dbfe9521bc39ebd9ba0acc5a2706942b8dc211e89f7c

SHA512
c9bb062c35db01c86e296efe493275ba67eedacc27f7f3c5c26ad930c45b92c6e4e216e60136845379f8ece5d6f6e24c566c700eb07652b0df06d2e68e34ffaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a13b3e0c31e17f92135028b70a1d4967

SHA1
5d2756901fb7b0369832f48de68f8e0a8929757e

SHA256
58c0a35f8e5bc4bdfa08b16e98ddab9c39056fb11c1d0613e236f17aecfd509c

SHA512
85afd11272e925cbc107a1a0aeea485330ee3027198e9fccecbabdb58e58baedb31302c71a16f5bfb8adde3fecc1a7bcb2d66626ca1ecf1120d1fb4a4edef1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
04302edff6c427b2b65e709294a4132a

SHA1
9352297e1151415ce0548cd58d278cb931dab451

SHA256
699ee7e954822537ce5421bf221bc169b8556759232b72a3873e4baf5861bb99

SHA512
085fa131826d5c62f03849d7d9cd73e37b84583285d973aff0799b904cf89460e34189fa80cc3356de9f26f0d90363ebf48a51ad25705efff8a514049971de68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
16a759878ba9205a87ef515f58c0770c

SHA1
6e44328de7125dc5957a12ffac4544080738b592

SHA256
158da603e61c1c36e03712a6adfd54cfda240211eff319c7caf64857c6740aa4

SHA512
564edc53d90fb5eaa4d765c9bf85d03a0ff87a4fefc5b33551b12cba94b61bc6c2056959a2f11c4637b8413ed29eb4fb7037d020d4ab57b0961b3ec7cd553d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369992559515788

Filesize
16KB

MD5
5bb80442778fa24fc1a9505918c4a4c7

SHA1
d37587cef88ddfbeb88139474c4c71d7b5b541ce

SHA256
94f36ca80f387036d1c4de3ff81961d8d85df7da07b7a8541c772c522c4b41ab

SHA512
3109f362744f78d1f397b5e463f76bf83770c781610b9e3473c785fbb410b3f67071e0f307930e1c325c28898745ea4a062a8c1aaf34abe950f4a0d7f813ddf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
5045870588fbd8313840f840283136fe

SHA1
599b6d0292577ffc3a0faebb97154325abb25756

SHA256
95b92fd5c21540a19ad9f6211a5ccd5c9c2275d84e25bc7835ff8456842b0a48

SHA512
3fac6606ba52d0de2f6a60d7124f046cfb9dad3fc274439dff6956433cc73934c429921273351d88ce3e236939b5b487a97b080030d50c1a2a2eefadb8b1a148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ac12bb8f9405fa0a622ddfa5015641f1

SHA1
9516cdd43b1e668d7e2b8d54db76a2cacdca42c4

SHA256
a8feaff6711af87bd6d879d1b6869d8739e7c91d898986f7cd0b705bb7440e7f

SHA512
2d7be30f9147d26a4fa2bc0576a4fddf834d1ec145a21bea7d3a6c22e698030086a466d481f4eb4dca93df653984c0cf977bd3e2b5bf89929d1c067e4be984de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
94fabc19c1a969b9362b71a59f438eb7

SHA1
eceec8e0f09583d930d85d400bb6f60daa72bafb

SHA256
bdeb1292ade810eba40543a39ea3e9c58d61b516e81a549c9b395e8a70b4da59

SHA512
ab23755853edbf9d5ddafdea9060db658168d1013d83b30c6200144d29169b3edbf2c87c19aaf5088bdd97c60e509b9e6d1bcf19482a93a094af054e12d95bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4a50f7c4f10b5a459039387736190d7e

SHA1
a4d541a87659b86d45c7a971ffa464e7db065b51

SHA256
e4d78ee4ef2db354304973e7aa1d48ebf2fe65503209d188b5dd1e694187642a

SHA512
5af7ad1490a3d4d8fcf3deec84311db28662f5e6593231ca8b1f470dcb70aa0c023983faeecba72feb2f145412ec25bd4706415924f294de3a3d9618bef208a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
190639a07fc2b3b9bbbe1d99d802095b

SHA1
e5381dcfaecf9880a6d3cf243df5ee30dc48b876

SHA256
0a2b09d805e806facd19c80bd0a5e82e368a2cbfa3502c4e901978e1f3398e6e

SHA512
f7166bb61df9b22a3397b7ad9f14e5c40c1f3577559804926f2b86f743c7748dcf65f999e1792b06bb182a8abb30eb05a95a96eb571dfd4c5a509c457e81a1b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f62cfd608ebccd5790034bb906eeb447

SHA1
8ddd01d5b9d150dbb4b372474df79f902de694a5

SHA256
c73589133ffa0dc8b35dcfcbc96c43f517c1a7f30e950c9f75d4a781a305f931

SHA512
92d8e12a4391bedcab000991273c13ef77dd94717ae7dbc86935081b4d5d71b2b2f7dab00c7943c645842322e60f64724d069c533e63fbb9aee8ea7f003b981c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a0d7b8d54cc822767e4fab01824b3491

SHA1
fa0f279b8bb075129da1d384832a6a0888d98d1b

SHA256
9b6989927213a2ddd0a58686305026567439cfe7a438fb8032abdceaa0364490

SHA512
6b00b3a334c8d8f012989753bd6e2792e9859638876d1519d8ffa24d295a1bf0c738927a9b8c9a50389babf4246dfadf86b018e6f390f60e3d14cc2d10c83546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee4d0f97915943edfe89fbf67d234c9c

SHA1
285ba0a20bce2c1c7cc24b545add8720bfa86ada

SHA256
ee6d821c32a8fe63c9dc8e324c7fcaae45eb82ca4fcb828bd0fe3d1a1937ecb4

SHA512
7cea0485699cab8182b29efc8e2e8a583eb4cac1968f8ec5476a84bc7f1518f97d70affe31362d2b9885c42d53bd0bdab42fbeffb1f10ad28985078d33257b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a6c271183ffef62153b0539c469ceaed

SHA1
4ce096d312c54e05f7dca887135c93872294dd2f

SHA256
c00b91ab8592d2ff2ed6fa8aa358374d34bc87819de8600c02a9a6ac28eac3a5

SHA512
2c4458a818abe91322ab21288ab9fb90c2922dc38f31aa26c44e90703b4fb400666bc00bd2e33dd16b9d94dbaa351f33fe060c3a26e265cf2a21722f28cb2176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e2a3753d7bea337ab6663dabdf867dd

SHA1
9f603336b037bf911df5ae6add99f15f1498a3dc

SHA256
cf72ec6708d94e3fbc824ea06b79930f146ce66a57481e94f64ae30d84523500

SHA512
06b44fa5cb4808f0a8d0f91bd266484a0cb9bd361154aa65c4160aafbef2b055a76b1ed723457fd49b9f6164a2f587278904ec4441558492246e6d606891dae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d2667.TMP

Filesize
538B

MD5
15ed03025f5fdbdd59a689a893461dec

SHA1
b00b4d3c5d8818afaef7a33f53b37242dc91bd97

SHA256
fd8bf2c11849d93448db953692014343aa009f5937c3f1028dc50b1a9e91d0a6

SHA512
aaf6e1ac0ba42f279407201754b026c1b70fbf461a12a6cf6c9019291c427b96b1020a76b7d1a1cb8cf0e095396b6b93a3874ffd968bd9921657452ae0dfe11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e66c980d82d560702b1f09b6fc2380d7

SHA1
30250f5c271bd071f664c9232a1711d1b0cfebe3

SHA256
a4229c0bf769006d8b401a0b368bcf08fd8c01dcf27a7d3208b4f3282d1ca367

SHA512
c4d2c9e038b1550a1367fe8d621c4ba7ea142ebd2e2796c494f5fc244fde2af42472f3223578b95ec21491d42d2ad47160b96df3aa2616fcdfc1174573cac5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
61078ad19204b73a087f639cdb0e0e1f

SHA1
ba2f98ed13615c7fbd2fe22f9e04203ba4131be5

SHA256
967ef772e3ff78a2d938c01e20069b87a49957a3803b65fee88fb6487c55f34e

SHA512
330bbdb19d66860a3b9ee0b992c0f205f19011f2c7c02d90af148b845897c295f790ec99b06aea3463f0737830cd9051f8054b04146c14566e710d4b34c1e9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
081b60a3dea83423677d92e4a815db49

SHA1
b156996c67c56cbe1fee86bbaa19412acd2aa0c9

SHA256
69bb5480e3fbe84a8566c5ddf23194b310efa7f438db0b4f2c1bb3cc3ba42d8b

SHA512
8e1afd1bb43442bff72dfa17e2bf0ba7f821f572a780b15707490ed7a837536e056f131895c7ad59ae83c23f1f159787436b2cc0ecbabd9d4d8d037f14672df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
89c004d80535e8b00d4169ca01993442

SHA1
03791d7f47b4a8873841b06be6c15e5c700584e1

SHA256
c5ad6d26b0d5020fce68eeea6dfb679b34d23b6914c4abedd4ae8d4efb6da47e

SHA512
fa959cbcaf5096a70ac216fa6901bec48629c0d1a14359b904a3de0738fc4412024a48e6af2d54462e13b29e8da9b75a864578ac6f5f3248859f2841121368ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
aab7ab0d52ecb04a5fd98d5b85474c9c

SHA1
fe33fd4a77f9c76427b12c9c34e8fd3cac32996d

SHA256
3e9e936f48d4583013037b32ef524b4d8d11ec4d83a932d9ddacbd779ece1687

SHA512
582f73c091ec5bbbbebaa3dd0303f930d149d3cc6ee98f050bdc6d49a21571a78d911e7b5f2a0b6b8a0f476819d7e3f015a5d6ba50ef3e49629aa6cad32350ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
6d263a7156ff5c04f27f8656b6e9c09f

SHA1
18b970ece0054d5b315f3c06f5095db6989ac8df

SHA256
4723d7a557ca313bbc8bd7be6dbcd633ab1396990a662e3b878a085996396ea1

SHA512
f88ccec24b74692317beae1ab1e6178a9357405357adfb5a274dbab8a843fd0d9cf9e860b7943bfd2ac1a24e543b046ba9a3bd7886ab79f8fb2d34aa9b777338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b934f7d8cf2c86c49a644c221a53c661

SHA1
7311ae570d4ba9e4f97142bb38893f111b9a1cd6

SHA256
699fcf8b540eb141c6e77a9b5033681f28b36820e1481439031ff7e79da2ae4c

SHA512
bfd105e4a527b4d33074010d00605905c69979d5ca4a745db78eb085421622a99a847222427e80e7fbcc4741fc61f4c5056787a0a25574f49bb369157a5b5907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
61d5cf6978e46aa877fa6e49ee8bad2a

SHA1
d017c5e36d77a56563a2134ef48bac579ddbbbcf

SHA256
aac1c309ed163746ea9918586e9e54b3bd952d8ee522481d31a2829e41668b94

SHA512
4ad98619e6e7a16d9dcf7906ffc0550470b5a72154f911090baa52392488d4d1167a94a948b9e8568dbff63a8fce1510eac71904619c181153305762283203a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4ad3582daab2154d8e2ded5d513d4f5a

SHA1
41f7b1e8bfbbb292d9065597c8a8bd47a59eeb58

SHA256
b5e2b316866da59d8e9e80c8d087892ed3657a7475263aa4653184ee3c106aa2

SHA512
cab8d7d84954e92e46b54f031d3f929177c725f3c60691dfc0848ac0157e2bec91711d2ce84a6ecfe5bd569230ea76e32b0756aae922a2a5f05cf926448fda6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ecd19afe4acbfbde24b188e35b096c64

SHA1
a755f325944e777891716c89b6613c41b5bbe490

SHA256
7f7bfa0a3f434df604523b80194ea15140c90530ab3fdecb9e1e746133cfd136

SHA512
732e0c6278ab45509982b853645febb5f8d7ad1f7d477775cfe2488152bb79fca7ac1677e75426e78d539d1e7ac12507ee2138651d82a86e78b9fd1e4e5aba3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
22KB

MD5
fb9a772830112c62a2c47ec9657aa433

SHA1
a4fad3a77fb2ac5c7ad0a84e48abfaa56bcd3789

SHA256
dec8a5020e30c4a096b263a8a14c2e6125163a2fbb5c3ca1323282d481bbd169

SHA512
4c3a15f11593065206e0e5fff3efd91e5be84bf5ab5e2e0b234a7a7b74c9954528fda2ae2e8034c63daef53919d8b8464ef8573bdc021081013d1bab349523d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0da64c478afc169dfd029f3469a4e596

SHA1
f12fb48381a05af57ac042ccece7493b63392125

SHA256
9ed0de0ee1a6048fc0794d4d42b128fcd96700fa4a0dbaf6f10cfd2fb7939dde

SHA512
2fbebb2bde8dd23d158eca6fe94053d5a690e742d9f76e9d3590abe59d9a0039e3ed224295aea88722094d798eb4dd4ad33db41316ec2ec9119368f947531f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
46116f89f7cbef8c47fcd132f24ec624

SHA1
d0f2d3203abf0dc3d4b4e28b7ef045c50a58ee28

SHA256
3cf1fc0491a55f2651b7fddcdece539f647ca10a6886518403eb3dcbb7318393

SHA512
7c533de0688422908257c56babc87730ba115f05b444146e899427f524d3f6a3d4d50f11f3b879e1329f36426c2c80a0a2407d43316c566dacff85b467fcef9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd73aa94941f952096bc4bde8ba82f30

SHA1
086f33238a92647cb33f10168bceee1e77415d7c

SHA256
5d22ed6e44c748e188cb0c50081bab01643bf0c27125ea15255dd76406918ea4

SHA512
c55123af69f50b7fcdfee7a8abbea8b2a371364b8be76a7f688084df829e8e3263050f345eea46aa47c84d9ef9ab0698fd508f825d48572a4b7b28ca5ef42695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8b0f002ccd6424bf2c39a17442566bd0

SHA1
9d18dab225549548a0f666415ab48aaf397539b4

SHA256
238595c8c6cadd105523a5af0e9a1adbccfef0c01d12d896033c5da530e9ec34

SHA512
63a8ebb1fe6df48127d8f040802c586e5f87fb9c722d4d7dc9253f30cb8f9f8c2114311ea7ff983eda642dbf5e9a4392494fea7ad65e0ab1482db4aa17fe7466

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\InfiniteBlue.zip

Filesize
1.7MB

MD5
44f96c30da479f82e49dbe1be3d49630

SHA1
67d245964b6fa95b375369ea16c93c9cee119c44

SHA256
73f2ebf3009fb5ff0a1e5eb4c563ca586f0462223950b926c475b24fbcd9d068

SHA512
710feae4e47d2bfe67c065e72196e8636a0a354195722190abe787522538c93362e85e82bf7d5a1585c97fd79226db0bd7e45a62c71774946d64c41bc58d33c6

Download Submit
C:\Users\Admin\Downloads\InfiniteBlue.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 294334.crdownload

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 894898.crdownload

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit