hxxps://theannoyingsite[.]com

Analysis

max time kernel
235s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/09/2024, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://theannoyingsite.com

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{FCA268F5-94FE-486D-9639-0ACD7C952156}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{201949B4-CA32-4752-8319-D598151EE762}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
1744	msedge.exe
1744	msedge.exe
2732	msedge.exe
2732	msedge.exe
3568	identity_helper.exe
3568	identity_helper.exe
1868	msedge.exe
1868	msedge.exe
6108	msedge.exe
6108	msedge.exe
5424	msedge.exe
5424	msedge.exe
5460	msedge.exe
5460	msedge.exe
5928	msedge.exe
5928	msedge.exe
6456	msedge.exe
6456	msedge.exe
6548	msedge.exe
6548	msedge.exe
6632	msedge.exe
6632	msedge.exe
4768	mspaint.exe
4768	mspaint.exe
3552	mspaint.exe
3552	mspaint.exe
1220	msedge.exe
1220	msedge.exe
5124	msedge.exe
5124	msedge.exe
2744	identity_helper.exe
2744	identity_helper.exe
6824	msedge.exe
6824	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6748	OpenWith.exe
5092	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1828	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1828	AUDIODG.EXE
Token: SeTcbPrivilege	2040	svchost.exe
Token: SeRestorePrivilege	2040	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4768	mspaint.exe
6748	OpenWith.exe
3552	mspaint.exe
5092	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 3000	2732	msedge.exe	83
PID 2732 wrote to memory of 3000	2732	msedge.exe	83
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 2564	2732	msedge.exe	84
PID 2732 wrote to memory of 1744	2732	msedge.exe	85
PID 2732 wrote to memory of 1744	2732	msedge.exe	85
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86
PID 2732 wrote to memory of 2820	2732	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://theannoyingsite.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7824 /prefetch:8
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1642044574286476091,17690695906675063675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:6824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5304

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\patreon.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5568

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6748

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\cat-smirk.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3552

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2040
- C:\Windows\system32\dashost.exe
  dashost.exe {921aac80-c1ac-4838-9a7845a12a69851e}
  2⤵
  PID:7100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:6444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:6476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1448 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14547108068104552939,4924313956411190309,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
1f70e85f5abbf8eb154cff0c1b8e717a

SHA1
75435c199703369065f069d302419566df482d57

SHA256
6e972f558e0aa1f259e083f6daad0902cab028cb55751e8c12bda90a72348282

SHA512
16cd9d871c19e353ac494a105a1fb9461791ec0ad4405950390fa67378239410d8eaa2e22e2536b5d7a486b0a55827d13454e057cb887afb2807080be36ccb90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
5f6c70b54dca608baabe66f49100d542

SHA1
bf06a5b919fc8d2e3b4fbb9242a21595bd9fb3d6

SHA256
04fd88a8ec854bc117c0d47403f3535a662aef94a3cfa3727c92e2cbae1757e9

SHA512
abb1c547b68ca2b19c44dba69713d13164dc7648c15ef0cc8c0e8f31ac88524d8544b10606f7ee0ec713c7bc3977fb60e0e9fde1b780a389e9d13a7a355ea6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5f8c5e900d6a6fb440c8eb17d2b2c313

SHA1
1fa8a8143e8458308a74a117be763ae8805f8b37

SHA256
6b46da74f4139e00af7eb79a9c09fbb8c6f5ed2708e70ca04fde407c583ebaa9

SHA512
1a820106eff55f1317312287a502acf34c56cafb293e30c8e0a531e083ecfd58d465daecd68f3fdbd86404d4e5673548dd92b4a4ef2b419ad0f87fa3e372440f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48358d033cc8b2d5edbc0f595504e470

SHA1
ad3f040918f156b9922da9ec3466306f227d5a83

SHA256
8796c566e51adf58237864b24a2dc661ce7ef6d67c9c9285b2af1594d30d86d0

SHA512
449f681f715baaa68a6153892ce5027fdbaf01dda95b8b42a25c7369550fb383ab809a3fb43a764ce5e9cf31696b875b691717be281389eb6b5cda28883cfbeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
815KB

MD5
7d13e091574049e8a956f84263592518

SHA1
4c9bc0aca7c48d326eb512053ba7b53ab5329e20

SHA256
5f9744a69a6eaa10aa56729bcd6cc135ac5dd6eb705feb1ddb46b5be683031f0

SHA512
211670737301a49510d46ca4ca85b50aecaeed44b46a4b0c84c345c045b325f45981dc4913d71b94402614b4fc135707e46eee2777037601f7eb63e89b701ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
18ddf5577abc16a76df276aacf6b482c

SHA1
07a7e17e88177108fb14f1d07b994f3b16c83e8b

SHA256
068a645c48f50ce0335143431341e003b4172998754cb2544685e3aa95b8c086

SHA512
1618850f004c3596a9964ce19443387b287530c53c19a5d26427715007f959ed5acb5e1a4a4ada614c5d1d45049b258d06f1ade63ca5dc6bced608c04b6af0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2a878c71a2924d3c613fc7b3d7a8ae77

SHA1
fe44d58226cdf1e8619f4411c9c15eb02e8277e8

SHA256
874f393711adf202047aec37e6a8739377d5adf6cbd13c45b0026a9bf520f2c9

SHA512
3bc8e28284011d4a9c3bbf80b73ecab17e15049f262becbaebcce290bd8888f8ee6a59d73f1bc2774abcc38171c02dbdc03e73b1d823d4a761d9376ed2d81350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7370053c9806d2ae29a54ac5aa0c45c1

SHA1
9c1b62ef06b134de6a7b80406e869efcc5d347fe

SHA256
d8f56fdd35e82759576e64df0ddf9fb18bcd4ac7b5b121e9997ef9ec352395c4

SHA512
7e4822706769cf7e74bc84096e7775b674dfbef6181f9cd87a73f492e77d003440bab3ae60df3596c27d6befc0029978cf4e8b097287d423e37bcfc3953eb9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
7903197fd9a1753cc09d38a3d2da2fc8

SHA1
109df6b333cd9a6626f48da0ca3d82ee46965f22

SHA256
2fbdbe9c4daeb7247cf6b515f9efebe27fcabb573e2beebf2f96c387cbbf57b4

SHA512
b1f106870e3a29c6f51c5e19b0f95aa5c53e87b556c5a64702bcf40bd2c61751de0bde59dc0b6f179fdb2e92353ab87d5b4e70b1a3d6752976dbfcbbf0d288ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
188KB

MD5
cb652ff20c0af81a9a21215dc59de675

SHA1
61d124d42ba2372f2d58c10e6a8dd2b7963369bb

SHA256
d62bb1c91a95206cb6d4dbcba893597e12802baf3b32cdc62251b1d4b92c6f6c

SHA512
0e488f269e59b731d690575dcd399801d143c33d4ec8d360e6df92f1c522e7add01c451fd281e3cae98679274b68104f1a836168ab9265312150c40d03b3457d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
35KB

MD5
9f48dde407538269a41f95418443add5

SHA1
dc6322efbf375a3e32885be50a9e95f18f290ced

SHA256
ccf2661793612054bb665234574a616cc90e3411f70ef8a1504eab33ffd5d102

SHA512
09cd0e8fd8e6141954beafe4c898d390700b2cb80a8cae9dda302d95c1ac5b5ec454d8db973ae634c28418f91364b8a6a0cb100e8782537af5cf406a99c2dbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
186B

MD5
034a43ebab8bb25c3bee1d7a896dbec1

SHA1
c2aa36c3e502802c7efd2fe2562ea74f54621708

SHA256
f687f3a024a22c2fcdaf76738f5fa3602965ec5d9a0b9474c289b8b171bfd1be

SHA512
2f7c9f58db8399d92454a9acaa98e0d21f74510d8e96429c33c1560c9311985451e6e3d37471185e3ae864619cf8d8e8b8806e0560a066cdb373bf714a7fb7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a1e8cb9a00bbd48c8ebc23666a502e93

SHA1
3dc96d983d68ca73d3fd5ae19e2c4cf09066149f

SHA256
28c8d2a2cb3a108b9a1c54d4b2e874dc90a72c83faa5e3d2e68d311c74c2f26f

SHA512
45c022b1445f89528e49a2dc975350d42f023a71a011a7830f84ec86f73ae226f2a394a389daeb7977cb598e313b9d3e2e7f26657502aa5b0951ae1e26fccd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
941a2cdbda03b1f176b13488fd039a17

SHA1
635cb8773022236d0f5250b17112479325a6b122

SHA256
d78e02bfbfd9b02d3a0a3b713db428132b4d569f3165af1ccbd9d4d56bea6173

SHA512
0ea9e82473174142165c48ff2ffee8cb90569c3807babe642a00489eb2a56ce80330f19b5ea1f88a61ce944b52f7592635a00ce37cb335fcf620c0509263117f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ec6b99443f69b8cb1682bf5bf486b289

SHA1
1a36f305e09b01942505b6b88a03c3f331169cca

SHA256
a315bfd3f45af476f58215cfcc7dac656af96516dadd79db6c49699c8172e564

SHA512
f4f50df07b2a29990d0f63451d13ec768a00165fa2fb379b988a773104ece937d478d5a2cf80cdbcc9531757dffaecf746bf340a59dde1d45862678741fbdb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4f71c0e383fdbad01d4f33226801a77a

SHA1
fc87bfabdd0be8a56b0ad8ef61d3f3983d2f67ff

SHA256
f7e0ca289ba7afc99302f6c157fab89fa2fa9efc17a3a6d4738963f5dd6d87ac

SHA512
7ddb753cc742b09a99ac1ebc9da54de44099b0f232d586c051098e940f76be365401ff91aad2ac218a7eb348b5102abf9902af17db9197301d3d1cbe053494db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
93fc123eb7429a1ecb8a0f30f59c5d30

SHA1
7cc8ae6dae2735eceb5b318d5227934b1f474ad0

SHA256
fe4b2b07cfc1df428d88c079fdfc1e39e46a97d03a91942f10aeb0654c5ca9db

SHA512
c6f5c77ae044583112a3188be207e56a3ac97a6c91d669b71a81b76c673ead44a95ccf57441894d88f4338306c54a0d70d83de8296513bb6890584ae1d0200c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c1bd9c73b278c513fe71ed911bcdc439

SHA1
dcaa1f427e6bfcd47031199d7181e04280187106

SHA256
951fef290c21992fbb8cf8914e17bb781a46bfdcafbe206b5c2e2775fd43c918

SHA512
3afd8a0c34c2a051cd91848eed9f7befd55d2a2bd999a7a0f87952c37788cb484f54b41101128c5e5d1da17c761c3c92d74af06801dca5daee5a06e77e404f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
da953941358d78035c9ffd47987da257

SHA1
a536933468d245429228f3fc56cc2bc589a05b45

SHA256
af409f9312bb432ae5486a6ca6efb5b419861d9d9d1d56400321611b170167aa

SHA512
bd6acd2ab106c492c438f7d3c01e50eecbe87ea98afcfb4e2d0bb188c50baca4227b01b05d29d15206ba9e54e81c0f2f80593077d922ed77a22067923d21a5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b8dd9dedf2833097f32e73ebe2f3d1b6

SHA1
e980c38fdf5f63085a7cc61eda264737591b09af

SHA256
4e0986f48354394d18d6325c0f8bd595db587a72b0c27dbdbf09e4793a31580f

SHA512
1ec50d880c01c058a5dff46d4453a2481a66bd03f2fdaa4606cbdc0936ffd28473880e10a06c5dc3707f34f98d6add0d21244bbdc965fbb436ff077b804b7c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8cc8b683a55bd4a70c27cb3f644fd52f

SHA1
03030ffe69eb655dc90978efe424b31f32cc6810

SHA256
a7810f41b6ba399e8020750d40016dd114c86d9e9175b448fbbb259d393b3ea1

SHA512
60fde80144482beb69dade585810caab08c44e462e2f079c70e27ad25d3da8313d337cd884e247efad80d5fb6b4f8b755aef0203980ace387328359e98ab3cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5b4bc86fe941f19475985d4e1c54325a

SHA1
60f30a8dc4ecd009f05168a4306510dfb15280f1

SHA256
e22b2ccc0ac7d39279599a4f3efa78b8280fcffec9384dd08c024398ed79d248

SHA512
99ac6546c3c404fa8b57fcb831c1a089c457258e2281bb56cdb738b166694caf7bfad0c06bd23a3050a3e8206c243a1ebaf3be25302f076315f6f003ca0708d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0c11797562a13e71654ebe1e5f814daa

SHA1
a4896d3888248458f2f877e9c0c02de438a244d8

SHA256
363b291faa352584c7efede158104fbfef9cba2c5be5543d041bd9f209ee5212

SHA512
92856caf6f82f831ab3a98ddc05c65b0d49a7a7b78cfd527fb9ed7c1d48e56020d6f7d2d1e0f45e17a3f13eeec43bbcb90b27ee988f81ef86ccb8f23b9635a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
fa3e3a4b5483709e0514d9843ca7cda0

SHA1
e8375df81271b8cd70787ad89c0cb9e3addbb735

SHA256
7a2e2bc67ec48a37cf6b6e9789b2cd04935727c529a1ffaeb9a240baea2ba597

SHA512
b94abcdd7222d97e3efa6c9f41afbe3a236491e971a50a3e3ed9fc44a2bdf7dabcdf995f6c2b9937cc80620b6246a2244fc0facd38328125a4ca84b5e9cfeb28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370061858228713

Filesize
28KB

MD5
22224f18e146533e2e7888004434f6dc

SHA1
f2181cdd22c0ad8a623c4d91700c350285d5adc1

SHA256
0fa3735c506e4d63d600dcebb967104a60b68ad42e2c8e3f8ee74b8e654328ba

SHA512
d2f02700e4ab2789c3b29efefee1e39634bcb5eebefbff99ce6fe12c5d6a6ab779d6c5a5e13d2818215626e28b76d6fce2af27769c0cc2435837b91e5af71c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
8686355c657ce500ba6bc28f2efcf78c

SHA1
3e9e79edb15594f2d4cc3e247b589f1bb7dfe356

SHA256
33f6224b3fbe13438e7e64fe924d35a54c72b6f0928237cfffe6999e5b34b449

SHA512
2ff72dbb8baf31604d6cef27a05c55d678d972a6bbeea6bf9d811afedb8f41f214fc9073cda6d126c153f6c6b5a209392feab5c61be3373667181fd81d7f5c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0f97a68c32a45e3334ad4e789326b61e

SHA1
77ac43ae69205fd6d891ae361da2b3d302eaae43

SHA256
5e02475922bae775c6f80bfbbfa20faf2eebe13a66c64f95f4af6e5062c0af48

SHA512
bfa69cb97133a1a4039d732284cd9a71bc2fa4892cfb34a10b49693f79c52ff47830bbd550d413fc6575163bcd5cd653e87c159a0a3f07c2a7d15bb826f4fb73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
3aa73718ff0b13d229c5c4b6bcaf4306

SHA1
d311c32d2af1d276289e7c450463770749173244

SHA256
a4e58a4d4341e6caeeb5b44a8f72a02c103bf6a93d913462d8105c6929d176ad

SHA512
bfbe3fbbabcd09c7cc6b1e5b1413dab2a0ac94d4449c281c8000a7d13547649cd6433e0548abe2b9d1530bc5316092c518c13ddbb1a10d3fbdd01b2766be4d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
20e6f5f6e8225e3bc41f9b436ed8d7b0

SHA1
c92f6a85c5b553495fb558cf90da076ef42e5383

SHA256
b4ae918de9ea856728d4d961e4b8cd6f973f28223dd5a12a20af68e874ba28f3

SHA512
750a29a2876f283a129ba9df84fd566570e9d3b6952fa4ad0610162438a8ece326ceabeb0a469c0a0ec72b677d6b37a375d1a9c7236a20219382638eccdf89ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
77a7ddc95cda7a089468b5d9ea89f847

SHA1
d7e45b7e1579c1b0cdcf586d67be256c91af485a

SHA256
a1fc786676c8c9e4c81583708535ead3f997d83e6c709597127f3aec310d4cb3

SHA512
a92bf69f2a96a44020041c878fa3387060325ace8dc3b24e033770f92879be32d357ccab52edef429399823d96217525e90a685b704619f9cc07b97978f96f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
585c6fee34df3576a76a9b3a868d12da

SHA1
cb23a607c156767c0d9613f80927c6c0abf647ab

SHA256
bc3dc474cf76e554fe005e6d35fb2da92a9303ca6a407d459b478b00d8330164

SHA512
7b9d56e466927cfd2dbf416e79f52713b2c08e61d14360351bf31095dcc78f0d259a2655d89c81174a9051c9c887ab9e5ecba04243003cc8353c22f777ce96eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c2b0dffc5fb1ca880381a819e2c1dfc2

SHA1
fb81b8aa645f84ef9b3bca2065e871a5813f1d01

SHA256
aadc82b94f7a98d246d80ed1959660454683979bf911c304a349dedf19ec5f71

SHA512
0a84141e2dd1adf401e4ea786ff0716493fb05f7191cb2389f562c1dfd5a257260049f36dc786dfbe03aed50aced515348a1eedfbb2d2d6106989520e901c2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d1f867ec7e6d4380cfed4645ac2c5c7a

SHA1
9a96a20202204d7ada739d856b034af2793cd33f

SHA256
ed6e85a1873be1a38872f7fe1fa75c21692dcbab35423f26b9619505b17bd63d

SHA512
37481a161e41d62f2f28e7927b60cc76553a4d4295b1638ef40538984460d4b6792592e22e911a4a806e34544b94c1811348fb5cd8da6990496864ddb922a1b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
9af280fb8ccadb5273549dacd593ad1d

SHA1
d0118c8881e0e2bae171937292f355ba952a1ed6

SHA256
42118362319abddd10c55b01a7d22d1d80efb92e51e629fd376ea35a2c1a00f2

SHA512
8de0e4b2c4620f097f910dd06326ee67aad6e971f9d15f81357384e49dfd7030964a45fcd751a04add0f4e9c3b6e5da938b707fd88494addd1e2971de5abc6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
888ad384af2259e443824bb706ad64b8

SHA1
a35754f795b51e703ef2bf3a0ab6afaebc1d6265

SHA256
a964d535c09fa97c98c8c8f7e8732ea015431b11c5c9d7249094d49db1b3a3ad

SHA512
6ec8b685be7fa24e649040cf341e0fac878040e49af3f9484fcb6e74066daf283e60c07b820a9bb358a352408c6dc2491681239502f29d53e699c0b84832d658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
421bba56fc02acb8be4aa710e10dec1a

SHA1
ca850dca56a3bcef77b8f7bf308060ef6196a5fe

SHA256
e5baba2c0582f3cf21ec55bbb4cadcfe1d0bf9bd165c11c0c96b823358f27257

SHA512
8c139074c995fbc9a4c6de5558aece14705405d082de8a5635e1f7006db9ab3fe9c2b03f835f7675cf633c94a0c2da94497eb8608773c580604c88c2d6385e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
980affcd908d56c0684358926fe3a168

SHA1
910d771f2b0d7b681d81016affb1ad0210de6c16

SHA256
ff68529fd9d3e93e2662140a6484b9ca90463550b045db645a6354db0d8be131

SHA512
b4f8615794a7314fc6eec2ffd22d0c3d46f21e53f0f01b9b2bf68b97b308785f1c18b8bcb96aa8ddd986e063d8e01e72a1a76603487539f83f4f2466d75e7e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58020e.TMP

Filesize
4KB

MD5
34805bdf1c0ffad3c03d3dbeff27177d

SHA1
df84f51149d57ed237c62584bf7d5039f209b96b

SHA256
ca5d9de2b31994f768760f7f5acbac06fe9a0f2a302f8db1e6b805c57dbc27de

SHA512
b2854184b5343035f07c4095c7e31a0bd22d023c760a3fc43847c9d8d81d07e20abc9e25045951abdb71b8f0ee5a4396b9992fff64323a2580a6700a8d3e2ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
884a4947882a0977365bff9212423596

SHA1
d4f6a7ff750b3873bab4c74cec7e92948e0be18e

SHA256
51207305e33a3b8835eb234d78c7fa212286a91bf81473c9b4bd36496b7f5fb4

SHA512
bfe9aa65daeeb2a1ee8dc4082c0f66d076476c73dd23aa67af146c1992fad84b1c6ad926ee65b22ab9ea0b93c79fce30cabadbaa4da673cdd226457fa8d9a72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
47b25553403252b65d3798b5a087f1cb

SHA1
d807136b5d271fccd663fb43a5d8b376cd55938f

SHA256
ae47145d1dbb88ea634c2866a36bb95176819435ad87a8266f29bba20ea1cebe

SHA512
bffe8c4c7d301dba52e6abfeda069e24e3fb87f98a9b83079d32b07c0a621efd6992d66990b416efa0c639578f41135b1c952a409ee9cb7d5e2e67499cc6f653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
52KB

MD5
dea4889405661d7cfadb66a803aeca6b

SHA1
7b78bd07545640c5ef2ee76e82603e2e0441b70d

SHA256
96146799b2131dd3ba384482929924a02350555d220281ab958687ae602ea44c

SHA512
2eb089844a344e11e9201fc169e227da057f9c4582fd72654f82eaec5dd46327320390ccae8de9701c75137bb698357648a09cb26ce0185dda653f06682149ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
20KB

MD5
2b0eca14a01ffec96afdddbb3c0f9f9b

SHA1
6091f5aa31f9df1634fba165d7e1dddcee887f1a

SHA256
30ea1db52337d540a174cf5dc76a0b327c1431f54087f251204996f666dea7b2

SHA512
c3edd73dd6f5833b5f267aa3c65dabe3e709ab5ce66fe102c513b3f2ec5fd72ef15b1fcdb9e22135efb0825d4a1da2ff24a2a8ef604c1d399101a038cc3a3da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8074b0b04cee674078544f6a43b7c9ff

SHA1
412dfd9ce81cd3d063be5acb077549b6756e4df5

SHA256
12cfee2a7ad452b2e5bfc60b0accd1b6b348ea1f95c6d178c35254b43b4644b2

SHA512
3f4fc73810ada45673b56080db3b75b51d31a6a35966d91b09cbb9f2b471937de755c0751c7109ffa3a86900ef643f3294525e26ccf0ded09b02d4c6fbabb1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
ab7f2f8f728ab1a519ff95e6af07c963

SHA1
e6ce97351653d327edb286b552c5faa7b4fb20c6

SHA256
76cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d

SHA512
cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a7a40aa5396280f878b665ac0e0718da

SHA1
99f7e490aec5e45eefb2b59ad0c07f065f3ac43d

SHA256
32ca605ae376dece9d0fb1351ed1ee8695c79cd58362d9faf4825c965a4d2b8f

SHA512
e94f53f43997ad222c40b2a2b85b04ed640a7c8a40714e046de74be34dffd6cfdcb43aa536907d70b56179f60f427112df2bd0e3239e6fcd06018005beacbabe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c7ca5d05a6c35a5aef23cdac0d2cb71

SHA1
4d305f0582062ae473efe9b63b4ffc699efb501d

SHA256
63bf506726fbe67133f8643bb63486632e9ce00634931adc93240804faa347ba

SHA512
19bba6e2040f3bce834ed6ff9640cbb8d5939f134abdd59d3b32ca4512d64426bd5e264ffd8f1677602aa4cb95afd25fab638b6faa65d0d9643f07f976d5e25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09d440c6f4e36d91cd3baf5d4ac94c2b

SHA1
6e0dd4db5d6e2dc09edbeb70eea9fc6ca4fa74d4

SHA256
43efa5dec2290a2d961dfe26e406bd70c0af41dfcedaaae4b7fe1191ef18b58e

SHA512
c3b233a7bf6f6af323f34a85d8c39a436d73a73e38811939eab13fbaef8acd80dc67d488cf96b2dd2fb166e7ae9730841c8676a7516c8a8b24beeefaa0a7f7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\cat-ceiling.jpg

Filesize
7KB

MD5
f488f8cfc743d4c85fdd2e568f61ce2f

SHA1
61c9978bfd4e6ca0462be878fbd04b427a0218f4

SHA256
03ec03f11548c1bae13af126e5f90fdfac51fae70b4749f80a76a433f0fef860

SHA512
9057bdba20d925b565f38e338241c25d8d505de41771bac33194920abba2c7bacbd5ce913a43e49ceb29f7888232363219e833e1eee8b7cde8d863de0e8419f1

Download Submit
C:\Users\Admin\Downloads\cat-crosseyes (1).jpg.crdownload

Filesize
26KB

MD5
ebc880bbc38875853640cde5964f595b

SHA1
14267b4b280d9792795c9c8ec8ee6a0212a2ff38

SHA256
e3dbad3f3e815cf016672c4374361a9d68d5a77f2c89f26b62260795da6940c5

SHA512
0d0cc77e016bfc2076a437a32e42a19ce71c19191ce78a81f2164296491ce92156ffc25684ab6b2743693b7a16c55ca0c75fce8754d5a2c2aae071535ccbe93a

Download Submit
C:\Users\Admin\Downloads\cat-small-face.jpg

Filesize
49KB

MD5
89095c8234738dd985d0b6605fc6d0e0

SHA1
90ca9298510b376a2af356d9a034536f1bcd95d9

SHA256
9614898e1401364b5dfd727965230477855d21cff4fd49b7f4f9510387659bcd

SHA512
442e607dcf36d5d4ad00aba2f302d53ff5c6d8386061fbce74a961db34614ff714955836afc64e1ebbc94d2518d72374bf881bebc3374299c70ec6e388062e7f

Download Submit
C:\Users\Admin\Downloads\cat-smirk.jpg

Filesize
92KB

MD5
7556d4000001faf4691fb2231c3759b4

SHA1
d2cb1c4a0b5a01521a8b19c8939a2694d7e3f105

SHA256
e53f7e60753ed99baaf3f08dd2f07d1d96fe43476059a1745f9b2f7ab81978b3

SHA512
40d5569fd6466a3b2396b4a3932ec6f31e01b21b5d8bf78b0a598439bf2e5579e60296702d0a98c251b443ab188d6b8cc62da358eab12309cb21051d27c3b653

Download Submit
C:\Users\Admin\Downloads\patreon (1).png.crdownload

Filesize
51KB

MD5
e38a04fccc918f99e4ee279f2a8bd165

SHA1
80d59f045bf9ea60c5e12a44998e3229786b3717

SHA256
a0a96707edfb3a31f96c90978e1fe7876b8c2f8491d776b0b6dbf2f628ff975c

SHA512
f24e487833454a5640e89e294e618349952c1ee785ec13a93f95ffc9809c4dd2bc312595afded5def0aa54781b623a43a703a134cbd4e182fd2f9dbfa64b8f9b

Download Submit
memory/5568-511-0x00000292E76E0000-0x00000292E76E1000-memory.dmp

Filesize
4KB

Download
memory/5568-495-0x00000292DE940000-0x00000292DE950000-memory.dmp

Filesize
64KB

Download
memory/5568-512-0x00000292E76E0000-0x00000292E76E1000-memory.dmp

Filesize
4KB

Download
memory/5568-513-0x00000292E76F0000-0x00000292E76F1000-memory.dmp

Filesize
4KB

Download
memory/5568-514-0x00000292E76F0000-0x00000292E76F1000-memory.dmp

Filesize
4KB

Download
memory/5568-508-0x00000292E7650000-0x00000292E7651000-memory.dmp

Filesize
4KB

Download
memory/5568-499-0x00000292DE980000-0x00000292DE990000-memory.dmp

Filesize
64KB

Download
memory/5568-506-0x00000292E75D0000-0x00000292E75D1000-memory.dmp

Filesize
4KB

Download
memory/5568-510-0x00000292E7650000-0x00000292E7651000-memory.dmp

Filesize
4KB

Download