hxxps://t[.]co/gHdmLP7nlZ

Resubmissions

14/09/2024, 13:36

240914-qwdgtsxamc 7

14/09/2024, 13:34

14/09/2024, 13:25

14/09/2024, 12:47

14/09/2024, 12:47

14/09/2024, 12:24

14/09/2024, 12:23

Analysis

max time kernel
1385s
max time network
1387s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/gHdmLP7nlZ

Score

9^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 2 IoCs

pid	Process
3120	wscsvc.exe
864	wupdate.exe

Loads dropped DLL 59 IoCs

pid	Process
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MailRanger.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wscsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wupdate.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 44 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\1	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	libexec.lib
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	libexec.lib

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\nexusfncombos.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MailRanger 2.zip:Zone.Identifier	msedge.exe
File created	C:\ProgramData\wscsvc\wscsvc.exe\:Zone.Identifier:$DATA	MailRanger.exe
File created	C:\ProgramData\wupdate\wupdate.exe\:Zone.Identifier:$DATA	MailRanger.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3360	libexec.lib
3120	wscsvc.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
244	msedge.exe
244	msedge.exe
608	msedge.exe
608	msedge.exe
1676	identity_helper.exe
1676	identity_helper.exe
2340	msedge.exe
2340	msedge.exe
1424	msedge.exe
1424	msedge.exe
3928	msedge.exe
3928	msedge.exe
4988	msedge.exe
4988	msedge.exe
2172	identity_helper.exe
2172	identity_helper.exe
2816	msedge.exe
2816	msedge.exe
968	msedge.exe
968	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3360	libexec.lib

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	1572	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1572	AUDIODG.EXE
Token: 35	3360	libexec.lib

Suspicious use of FindShellTrayWindow 63 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
4680	msedge.exe
4680	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib
3360	libexec.lib

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 2560	244	msedge.exe	80
PID 244 wrote to memory of 2560	244	msedge.exe	80
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 2632	244	msedge.exe	81
PID 244 wrote to memory of 4020	244	msedge.exe	82
PID 244 wrote to memory of 4020	244	msedge.exe	82
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83
PID 244 wrote to memory of 3220	244	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/gHdmLP7nlZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d7d13cb8,0x7ff9d7d13cc8,0x7ff9d7d13cd8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,17616280622649665193,1671104025347098840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x0000000000000420
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1572

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d7d13cb8,0x7ff9d7d13cc8,0x7ff9d7d13cd8
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2128 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,1885508855577504131,3912885823453123469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Users\Admin\Desktop\MailRanger 2\MailRanger.exe
"C:\Users\Admin\Desktop\MailRanger 2\MailRanger.exe"
1⤵
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:3144
- C:\ProgramData\wscsvc\wscsvc.exe
  C:\ProgramData\\wscsvc\\wscsvc.exe ,.
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  PID:3120
- C:\Users\Admin\Desktop\MailRanger 2\libexec.lib
  libexec.lib
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2184
- - C:\Users\Admin\Desktop\MailRanger 2\libexec.lib
    libexec.lib
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3360
- C:\ProgramData\wupdate\wupdate.exe
  C:\ProgramData\\wupdate\\wupdate.exe oItBQk3l98q6PP6W4s4Jbp0UY0vjX321Gi934QR7UZc2RxZSNFCxcX7bYoNKtm9I
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:864

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\hotmail hits.txt
1⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://win+r/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d7d13cb8,0x7ff9d7d13cc8,0x7ff9d7d13cd8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15095992058173289010,15479975701243455495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccf521cfc69bdd2a529dafcec62c80f9

SHA1
fba70941b3a0702bbfeac2fa43c41b7b72aa159e

SHA256
6b521d27ba1293fd8233770640eda110d9d92163ca29bb488e1e9bcf9b6b1592

SHA512
9b6c17dc48d39b12813ba0461ac41e9124e4707741fe7c091fc4f75ca2ea9cc1e286af51c440a94e2e706a6f8fb74665686a863307dba2cfc39ec380ef692421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccd4e7a6187bfcf73c0558ba1268c940

SHA1
4aba29e34066b54df04707b645dd9f3f063bb953

SHA256
3f553795ef54af5c2b53abd6b855bebd064b09367ec2e5357e9f3c3a2aa2dbe1

SHA512
aac8b190299866747e68f7d694ff034bffde92f9a175254818b16f05808a4ca090103cb3607288d9ca74f94bcad91e8016304b64c56d978ed919c38df17cb0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d6d4b9856a844269b806d637ee35d724

SHA1
26c811dd35da2bf4469882de8ddd73224c094788

SHA256
c81e0c1ddd76bc1ccd1f6945b6e728233dd8f446e997ac884306bba929a93f78

SHA512
bcf0fcaf6e66b65ef819ad034f52f22c499d118e637fa3cea9b3de374bc38144374ee8169164d871969b7ed25d4d50cf5d8e6f8b0e87116ed59e7865f7ed1042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0451b2ee-a683-44a2-9097-3fca65fe8aa8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
42KB

MD5
1e839b4744ad28d6e340113882563fae

SHA1
89cb26bc12ca7316dbfdf0003b8422a1bb1e8e19

SHA256
beb665068f875334f864278e14622ab0228a099461a6d7af43c75272ba158953

SHA512
c2ed45f74099f29d40142d6a71f5b1aacabc362975b78b1289e4a02d317b1e7aba1c093fb1c87c22da63c2883088a00bd9cf8f22572b29719197fd75c536fc2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
30KB

MD5
d1ac99f22b8d1149ba74efd60d894819

SHA1
29a846bd46ecab2c9fa87d1a86fae6c08e642b70

SHA256
4b87080fbb2db7330df4068005d45c3339a603f29579731eca94ed8dfff88ddb

SHA512
67cf99b90dba66196ff724f2c4d6fba333d88cca9cc42312530973f2f145cc24b3669178ab7c32e254d957ff84078edaf4fd9918ae2631f75e5cbb2fe10cf416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
34KB

MD5
118ac39cff9e828be993490f864266ff

SHA1
ae5df00b1ffe0cc28ff84dac418a866540267d8b

SHA256
4a81760dfecd6b4890a7ad37ad772d15a7dbc8cc409fcb48a0501ee75cd55767

SHA512
88272ad598555ff57f316466c7625f53b07bcc5e65f11f44573712dcd6144a4ac2e32b11c7547b06552168299b8b7b01dadce6dfb92fc99289bb9ca562b621e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
83KB

MD5
dbe74a0d7ea9563e298c6a6349247442

SHA1
3c05134ecdd42e889f195cdd00e971fc2c088f0e

SHA256
84c74c7c1dacb49a172b79974e91554415597a618b47180dc95f286f61de7cf8

SHA512
89ca2dd0b74103677a11a0c0732032b843b6c135b5fbfc4abd0f0e50169276dbb5180982b04d4375b442c1901da36ed0215db447e18d92d50d018e0473f3e569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
102KB

MD5
94f16cfc0d63c0632a7ffcfea76602e7

SHA1
4e721cd4a07875e4028c56fc0743b9cd9c45c650

SHA256
4343702def9ed11dc8db2489f03d38cdc08cbfa2bd8a8f869920aacb8f33ff28

SHA512
2257c5aa0e6ce80445778866468efb04a9a07b60872a420b8617d3a7c653055207321458f27018e3fee002aef2733cf62eec1ca6aa573baf757d331f7b57e01f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e12788e399b10cb9e63d546bd11c9928

SHA1
bb8fe01e2f0ad111caec3c94818736d46360b0f0

SHA256
6ad1207d8fbbbc2abb8e272d6bea23fe9c6153a760e1ab24f39928b557ce1a70

SHA512
2257d9687b1905262d203e5f999e87b0bba2c048926f71bb7737f3c7932cf687a306338079dcf0e52413d6cb15a644443eccd34b27ce6b04c3944b41c3b368bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
912ffae9dba92e3bdcaef2fb615e4a94

SHA1
3c00da696d7c89761cb3ef84db334d9023415a50

SHA256
a33d6236a0d378037181b028dc241532538d302511b7aa34e30a367afee49f71

SHA512
9df2f034b3d91667c8804baeec4665c106819c864dae8e4906433189d5954d6d56be5c6aedd6cfda72b29d87ba8404f067cfa66cd9ac4134a8e60f8d53cf3a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
28eb8ee1953ea2e16fc4802be5466e66

SHA1
e5c7b0d3338b70e7d97c3e549f2c9d84efd58196

SHA256
6cd81b4f42f745f26cd1243f24adcaf7ff88432707bcbade5e821869e433d55d

SHA512
9d813eb5c72eead51a5ba273db1cb6e1286c916aeffe76e61dddbeb9a7ce2dde281810029549adae26983f2eb67dd39c445368c3c462082b9935c40d13b219ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
9759a7081a7a2e1be75f88df56b59075

SHA1
c1b3d86e27eef5b55fba0baec73952b42e662bd3

SHA256
30b385397142e62f71a90ad22fd06ac80fd25a88d4d16d6f7808565415164542

SHA512
a081cdd26956b0443c48570edcce358640433ceae8f43394ff3670f7702887c6e9b5b0ed98300ec1d9f9273731706bdad9723d67f16d4b0d880de519cbe3f47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
9c0eab6a782d46e4d8006670a6ba046d

SHA1
dd35c7dbe2c762062dbbb496510afbda54ad0264

SHA256
63095e7463a7863429e5fe7a28499ed56b8ee1d1c13a104c7ba033a95b8fc81a

SHA512
0ccd228876f2be296265c7b86aeaa06daed635bec6628b8a445003835da34ed8935225507ccd65ad96723fe6582763140600bc8dfd12c6e292b721397c059de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
137479af67ac1b347050c595f07b2b72

SHA1
55256ad7722d4f99a7237fffa31717b2bdeb8e1f

SHA256
c5127dddfee01c0ff7e7370620e178c013636970e190397a1d7e4c8002e2c830

SHA512
7ada31d0df6ca9a01851f929ab0cbff89ae6f0ab892ca3cfdbb786c3019f841bc253e7518abc8135d888a2ec8763ebf40af82ee0e85cbed15d416821709b2671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b8a8f66329fcd430cfeeb0100ff828fd

SHA1
e5bcbac0a61f70412ed2b75317eeced7dd8f1953

SHA256
8ca58af16eb83a6afe8f5490811522129a556a96fb994fd1f2a93d6f38586cab

SHA512
fdd92fbfe2508281374c8d566324c7f92ebf45f809e6356d2b05ab01b756b5855f1d39def8af2743b4f20951a3faf3febbd765e40828c7fe271dc702f45b3542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
fddc5d345d848710a8e1415f2823f1b8

SHA1
831952dad5840fefee5c8514dcc2b8e779f7c9b2

SHA256
89d6f35396dc6927b79c61f62ec1d74249b5a85b5fd27e6d587a58711f06d3ad

SHA512
55a7232172e41235c44416dd3b60ddd43aeb12a61224f24a2fa04b81f2d2ebc4c3a06739642d1f19de2ee5fd2ab8601c082b287b211a37d10efe948890c25da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
a23a2d2bf0f01984a1e25416534dcd3a

SHA1
6c01845a790743abccf859006c483ea92b24b1dc

SHA256
375390e017e64b736573a2780430ee8b98d8419eeba4beebdc1b760299663220

SHA512
f8f4a83e8d7a1b1fdf65deaacea90d1b6e155f5895bc8a6d1f055cf0afc27af3599b21a29c58d4cf3df442bb2f44d03471e502f400e070fb1075f759561d79cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
43c70d3e8df96dd9c4022041dd3f19ae

SHA1
32cb9b13e531f0101beb07a3906c724258178901

SHA256
10fe2b190098db8a639fe061e7ee20d7d0773390207309a68148144c64dd10df

SHA512
db0fcd4996d1031acd72e6b0d24b783d3ce290479163a81e912b74ea886c8b97a3a8c8c23b2ff9a1988532f7cc5c3e74b830effe8d7bba3d022d30a99d0f7655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
efdc06e0cd39498fc8a0b37087f36e14

SHA1
517118b4e9023eeff80a333f4f08c056e29cb606

SHA256
0a6e01dfd8a7f1d50198367cbc3639de03826c57cd4d5e765bb1a47daf87cb3a

SHA512
e1b80443aa85bbeec128075f9a386ce0f0d1c177854a585cd736536b5459c0159e526cb4ac753a5dbd898a924d31d4888df55b5028b87aa9675c79405f21bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9a4e0fdbe156826a7b6f7803064991ce

SHA1
ff4efffd0f63bda83315a5b2e84ee00f550fe765

SHA256
9b158f9df0f3d561accd9e56cfbb4b09aab736f009c3b22274056cfc77e85a6c

SHA512
db3ea97fe7bac7f6cbbfb07afaa246b02a16fe34f111480826ec4bc9516da8986166e0f3eb60fad45f2b1191863ec23dde75f70a7fee04e372f0dffa2b98b13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2bb4a06973e83275adebb2aedf00091f

SHA1
38db37ef94d179a49b13e276db258e4b53d805f5

SHA256
a86db5413b49ba30699c2da501fe5ed03fb9e8f2400eab21c9df0842ba936dd5

SHA512
5ba2ca7161579f4775107f0e4d6b5382a305ecf056b4429e9065b60279fe81a03bb09095bdc625419f554b306213fa79eef66308b556a63888477d18c789bc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b826147516913206c155b4c73ef9573c

SHA1
97d89b8c681cfd77812cb4a100bd676edd24cdda

SHA256
69f157c55ecfa685fa2f05105c53581afec44757efb1b3257b9789a75b0ac894

SHA512
d148b6f20010a3c437e03b387dd49b28bf1fad8a144e133ad0358837b4964dea39cc3c9b5dd38a1eda3d9408d5449983ad162aada3643bc9da177b12be17d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
93462d0644f46cb3243a2c090d34c72b

SHA1
21be2f300e998d49999e0c6acc495b8f5d7aeb09

SHA256
bf7c6f70dd68d71eec106b619984b45efd19d00e23459f6b891b614031a54c83

SHA512
c4c474b657877ef84ddf9e62afc0cee84ade441f8f44a3a7a40c2647cbbdc12e346da54d2782e46938a17ac10947421ae5826f0c69256670437f2d8a118f646d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b006fd427434764019a6e17747e4a345

SHA1
21318413bbf89857457d2401f2762b9c49685cd0

SHA256
eb08d2e7f25e601baca436a6a8705d6ac1c8e44b8b7d318fe2401d90b7e58aea

SHA512
426f49d3e664299ace22a8aef3955a341b1d1938d3b9e32318abc3b68b33fe06c498c6181cccc78de8789ab6aa0d5a9b5763ef0520d18715c2bd6289a6963d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c36eccb86882bb0d819c7f6a6161efb3

SHA1
8eda24ad12dcb4141e2fda09eef24ceb9bb3f900

SHA256
3db4bdfe3f77fa0c99ce93fd905dc7fa548fcad54dc4915b883995f56cfab1ae

SHA512
0456a2aa4cf0d44010144673991967ef9d44bf550e41756ebf170711dd0d335578b2077f08f828d3564922902e95d23d5eeeadd1e6a641597d5359ea62aa499b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d596bfc4c684e6e20bbadf71762c514

SHA1
6f5a437b6e4f64b21a253a422ad8c21e4fe02d15

SHA256
5e85285e36098ad2b3deea01d8ed9c1f46e4a6de5dd38a5a6959e55089c53452

SHA512
f72bd39ae27af645218ae1cfccc81c96caea283611e0fa8c9ebd0041b7a7078ac40732abf792900257016335a68d0b1d2281213bb59065943fba0608a58f4eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dca7d8beea4aed4d45b23abcc18549e3

SHA1
175271dce1185e95e55c424a564481cb854f34db

SHA256
4fed40f6d65e5b6d5b5ad6b569e157a49e49820c5a44efe97e2538dab44887bd

SHA512
abc55392883a7174c6fb826dfd113ed7b8ce41c12874171524fa469b65351570e651671bd855a656468a0f8fa6c22ffb81dfe9fa349218a44a2f07e8d79bbb71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e98765b4fa3b041c78368efa61fd6344

SHA1
13200e2599bc510c0076f24b0e23421562af2500

SHA256
b5e4b63af264303ec7e10cb91b23373f21c9f60609871cf12ad9ac8d73fae013

SHA512
61b3ac5493b6674262d22c8016e4bcb49e8533bab8c661fb887f762e5d03128f10e1b88ea21689bf09fe2892abb10e56f0a3a68b586063529ba6a480346683c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f7ebaaf473badbf986cc47136c91fb7

SHA1
1df590c6667db5714e46b86612c49f00ada2576a

SHA256
6c52b75045e3f913c31c45a34414acf63220e303b49a1197b9f451a3d24673b0

SHA512
ee5f328caf528fdc08c9c793fedb1a50cef68166e26d6b9be6c791f30b545bfcf641148d721d08a9539c4eb38d5bf57f9fe5c72d21878fb7e6eedd7639dca903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7588665b7629fbb6939d3fa550679beb

SHA1
5434349a167f951c593de7e8e445934ee78dfbb0

SHA256
31e395b0c86016b8e23241412a95023b5348045b4541d79295c4865ad3c252b9

SHA512
c060ae275a94aedb3f9f51c4782af2cf430ce28e9b89052a2bf8950086839ddc7b714e59adfcf9fe4ebab609ddd05d8d9732fcf431f3e116d92da90e44b2a6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3e7e19b91b986c0a8ca062ca04b9fa4

SHA1
71614292ad914000002ea4715adb6de30b291ef4

SHA256
137f303f7ecd7b058a914b8da0bcab119d49efabbfacdd7047e7a282f259baba

SHA512
f915318d95e75acb788a2d6952c2872074d45441ec801c4c3018c5c02fce4477eb2258558be0c9bd8321d84619d50d8c519f1bf9d6382697711e3babc33474da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a17dca3e274da5a1a14e4490a16c99eb

SHA1
3a42853f2c7e5d2d986ac73df6a3abf386c0f141

SHA256
38547a4d30c55258701759e1e3e6bf4984944ef958cbebc1dcecb92e09374fe4

SHA512
7df528d02992f42058a56d4f8749f7fa932fd557b1b0702f5cc3ea8c373ef84e29ed05feb11058d1cf8ba4778344f07966c4f9defde9cafd4753389d17d5545f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b4024efc55e07dd31ca7bdc985abf9b

SHA1
411053dda984f3759aba4e0415e61acd932726b5

SHA256
ef4374383fcb8dcb0228e7871d467cc4186d2e29d7b973a75260573fd247b691

SHA512
db1f6f4172dc0e9bbfe59a7907263e3697489a9c634d17d2b4c111c5cb3fe64d966b7793a2b0b7b924c9bad799134644fca7fa5c7475062460adbaeb762bb1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
28ac3d53881cc213469ee517cc195990

SHA1
29a5fa1020f36e418fd285b149f030cc56279f25

SHA256
a6c7f16df8e3060d98f216f578c81e8017cd165f4557ccc132be5d76157add2f

SHA512
13f177985b37d9f45f391a95dadc0f4cdec59d59f6ea1d64f4fd2a1bcf59f77cd2962d22b50978b0d55352983006125c30a6f6cc66bec57a3006783dc4ee1e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
34e21d0f4153a12f54874f2ce3be8205

SHA1
44456a11398b4b4c8aee8928243edf96f4488ab3

SHA256
8ed9a6464c159203ffde62336082b07070e832125b3cc5f1db21b0b72aed9731

SHA512
bf59ed2ca5a97efdef40e7befd80758b06b6f9c2780ae2426bb374b4dec70ab36959ef02b6373ae939529e07f0d63bd7b6ca9acf25f46820d2c19a230d65737b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
755B

MD5
299cb226b72a4e33489f31f510968e89

SHA1
b41376af9f5c6652c636ddfcc603918146f973d2

SHA256
346b2dbcb236dc32bd19a4102ef8781a6858737c747ba1c5dd38e0237fd076ba

SHA512
eefa606e5673f9c98f27b150cb76f42a89857a40562a4c17d507e4194a119cd0f7b90fb84febc850ce95f03966a833f8bb1a8a51f25ed5fe1093a8509977b620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
8cd1dbbc86a46df6b7c4ae7093f5f037

SHA1
5c8bdb719d3ed0fa2e1f0279e8f147287e6bc551

SHA256
775cbb71db7e99a576f432de7e70aa17ff7ecfef24a922c7d4a02360e7489333

SHA512
4248232250a5319b1ae7736af1cad69dddfa06a9c0b395b6fabd11709833743b50d0f6fa28b2ae655ac7f78c12fda4801e14a1eb317126afb056a12bdf122e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6e7a0063641cefe5d1e8f1fa2f405131

SHA1
9f477402ac39e044cc147e7fbd0c8d0ce911c83b

SHA256
60dcf97eb5fae5af3eb075876e449febede556062db025695ae810893151dc11

SHA512
3c885e89749660ddd800a47b266212afa6460a3ee2a9270d4acbd4a19b308a96434ac43295300d5961ca80721e9bf771111cbd98a70201a32cb91d9c08fce1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d5af.TMP

Filesize
48B

MD5
45bc3b92357ceb2a34e58e299f9f1100

SHA1
656482ff83c0199353b1fdc61bd113836490a2ec

SHA256
da83c2012c7d86cdfe994ce37eee373a9da2ad7f3af4a025d1b93f3291f4fd88

SHA512
35e01a97d9562a8de319308d428fc8c04b92e7b13081f0bf7826dfdc37a0832040152b1178a451219d644bfbab164737a0dc48fb3893beacaf352f49ed95a86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
65deaf3f74fa485c4fcaabd53c561f79

SHA1
b2196c9ae1f4736987fec7cb74e1f8f148530858

SHA256
c212d70b5f1dc5f8eb4984a5dbe581cf57e10faa0a2a8ac47d8370cb1b8559f3

SHA512
649a0370e6db0059f7dcf6e724655661b6cd50d3c2db9f80efd9613a4d14d8e9eb1dba286730add985194c5b8d233698d3d4be43525c63744e219f43b5c15b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
74ec1c30244e5d19a2dad690bbab7c94

SHA1
f8347f61954c4f0ca3a2b9c002987b74ce58e2bf

SHA256
888ba43b2e2777a1bdc190ca5c7e9e55a3ffb8053df020e466acb3c7aa39f280

SHA512
1d27200d2a7a87819c55bf82f58d0cd87d4b925578a97955aed91bdddc23a7ce5d4137f0e637f32fc63df027947a66b1811dc74ac31dbbc2b4d9a20288550a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370791666282074

Filesize
73KB

MD5
b6c2f0f671b30161da5942780188a0c6

SHA1
9679da4f341ca57795851f78a3eca51db3de5594

SHA256
a38f2081cd23c18d8c217eeff9145de2c462c0cbcedc2d58fdedcdde1d221cf8

SHA512
a99ec115fab2ef9d60b46510c36e50732feae2d7715f5822eaef4912902ab632c31fd0a71bd32c8069bfeea138ca9a278af478032913c1153867080d682cb55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
baabaac100cf2b9f486d263499387bda

SHA1
d28de33bc4cb47755d81efbaaceeaee6176b6cff

SHA256
48f7753b156406ee1a10f6b9c28893c5a14163f27355d9fc6ef2537494fb9966

SHA512
5c272b90886a1b7b4ae1756b68298640c19bce6b02587c53e49ce8db96a4ad2cb654b0a0fe0860e2b6172d22fbbb85dc8d2faefcb65a9bf36692ddf8281dbe71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d1780ef85b57027ad430c07330794f27

SHA1
87ac2a276484dfe8867f97c3c3bc3c980037ea4d

SHA256
946aead19471569a8a9b71005d69772644b2face4790a63bb00edfd353108234

SHA512
efaea1f0456317df61c18c8e60b98d54ea451faf0b062925b703769d50d6530b114927ce037c3f9e4b68e87e59af904d569853bbd3b1f4c274b2c8564963248f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
46bcc622789b9bbc5e9fd882ed5cf9dd

SHA1
530b87ad50d47df8071998316f4638945f425ad2

SHA256
0e4f7a22fc2e95bc9ceaf6af8155fa7caf5e26276b852549c4504596bbf4021b

SHA512
4fb4e57a3793b8dc9e9b61fdf47396f9e86d493a9bfb641f3684a0b221e805992b37ab511ebc79a47a51c28380e011f1b8ec960423433447e429b2d2188bd411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
165642a6a1866f32fb697ee7fa9e2fe6

SHA1
fd3cc99dd0da729de4865ddc0dc8e6117fb6527d

SHA256
cb8cdbe741f382e2728726d03f5bdf62296b42f987723b4dcf50d3628cf4ed70

SHA512
1098083a0bd5e53bbe84248dc22f5074d7015037b4453758b4a97a2cc502a7674d342b3d7cd7aa42b2e58922d0f0e35c80443b80b3841e46b9bccd5b709c7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8cfcfb15fdcdce5499f6d17294a0e2ca

SHA1
f0889acdb94f701d727a63c80a4d6593072af7ab

SHA256
ef5967794aa284894a6f6ed169717ebef3c25dbb4e5eba7dcd38aa230dc734b7

SHA512
7c23fae585688ce51ea20f8a5482037713b2a691bb8032b8bc5b8e12d5a2718a0c60b76e64c32e9e01862d94837a1dfe884719598e508d408ac951c2dd1894ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a7b1152ee789ae99aebc41d3b15a30b9

SHA1
8a36cfe355efc3dca009373bbab7b04a1e8e6eb3

SHA256
bcbbc9a10724ee91b5b405b0364b8ff13e523355cb9e9b8d1fd6b228e128e661

SHA512
64611d88e63c41c3f920ec8e83094ff489c25428bd3d32de228df4ffadb257646a3946829569bfb2cdb3bea43496b86f37ca7aeacc264a32f80a1ddbdaa4949b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580579.TMP

Filesize
203B

MD5
160bb44727cb08f9fbc4a460ee987a14

SHA1
5bb0f928edfbeb2497de5ca2c53ff7de9af20f77

SHA256
50af002ec393ccce013670401d0052bb0ea9030e92eddbfc42668dc376085c62

SHA512
b275ee106950f91898442533ff8182d0c549409407ea8fafb917349015efa20da18483480ed954a4638430e22f50684c68e132345d83c3c6cc09f4139757da74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5544ebafb653a048c4fcffe4f9409a90

SHA1
5f45588813a467424b69333f9ed2ed51bacbe7e8

SHA256
d6570d850a0b144cdd26263ba8bfccb199ef166a0721d35c4e67c7852795d268

SHA512
d59121145388b3eb83fb67ae5e49edf786e85e6839a320978db036f8dffdd93bf3657e4b0767f2e58fc993539fe16a95958b5b773da44991b3dbcb573f5d397b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
66717e418495f7fb0e6c121d343f68cd

SHA1
03001dc0d49f356196926d09afe20f7b7ac8936a

SHA256
19943f7c88dc75e4058e6541219435b1ebe21aaf6257da7922f74977683b7d9c

SHA512
557fdcfadfb0ea5687ecee2a9a670764d3fa1bb53393a92902d53019ee4f746a8297b4e0ff55d8b62a2b1056d94e562470d6136a9b5b14dfa162b553b363d96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
32e92d590c804ceed177f817f9ab7174

SHA1
527021d3801432fa41c677c655843c951e700c2d

SHA256
aed7261bd3cfb52178cfadd0da41d7923073ec8b1867cd29c6ada84147149364

SHA512
ecc971ed3f10e29cf5b2f2ed2bb7f1ec52b99b8b91f4c914bca12eb04a2f4b8f8c457d5acf32a5d0ea2425d65e14e58b9895d64f0cc0e6c88455dd0874fa850c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
68cf922418a0b7c1dd443121dfaec904

SHA1
9f1566755d5b732231043e32e411859071489701

SHA256
f06df42278b95345e5102a03ce7199c2c809e7b788a4f3128111af5244adc20c

SHA512
fa2bcce7c8de5682aca9783ab592fca991eda1dbd92578e18ced1a5bc99929865b4b7853fb0fc303bda603f1d7dee4bcd418ac8fa28bcda52b7c51b41c822934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
5bdda7f761b041fb6609e740607f5009

SHA1
395d530ea728153c4dd609a4599466759bfebc50

SHA256
67801230a92539b5b944ccfb0ae4104d4fffe8898d49f2ea37c4a15c68235f88

SHA512
e282ff2acf114076aa97faf375cde6dc30cd2d7a7b0e05a6c64117f7746bfbcafec500013410beaa8c350d973e30a6728a134c909b3124ec9b569c45f9ef1f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
753a4726b3bc0fc442f1dbf11676b86b

SHA1
7ad5be9047e80a874f2fb0ba383eb390e1197b23

SHA256
2dd3c16e432a841a09bf2e6ee716bc3d56877b7faf75a63e0c9947db11efbf74

SHA512
a541bfd0e8700dd53166c650cfa05edf02c2e2f054dfbfcf36d74c2e8c0efd3abf0711e93f66dc8031a3a8e3facaa3701177b12ef61f10d49d33e4a627addf89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
1f9e087aa18b4624893874a9abda8749

SHA1
6381b8bcf398c4e624c7f9c9728cb1c74f7663e7

SHA256
6b7a362f1d64e6bd373da68bd6b8852ac4978e2e14ac1435c70a15c54c1d68a1

SHA512
90efdfa8cf3e340cccd5d3e0d9ea61be6d434a0e58ee1eb150af20d93c1b25b8a429ca2b3f52ab385863488f623360b74444fe657ef5cf7ff347372b06dacf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a30df8994f924a45bbcae3c8c67c51f

SHA1
d1919e751e81ea173183e24a5dbd6ca8fc4b68ae

SHA256
605e2e7f1548e79a16afb30c74133fbab29389888113d63f0b6312f2054be069

SHA512
2426c5782270ec693d7b3c4068c745e88a258e9d2f6c3d3ea0dfd12e3b7fecfe62feb979e0f9ddd07a8b35e4c5d6214b288c41a096ea34563d3da4649b3c61af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8f9e59ce54d7cde2b2c83b8989bff518

SHA1
c3a6442c431b5e5c7696c2d3abdc0ac0ce60a253

SHA256
dfceaa94e11463e802a23e7ee879da3c89973162059def58dcee8658d1da5591

SHA512
46ff62eda3e2fd61998043fef18ca349c8a637dba99b431f49bc590287e11426e3404e487d59ac18eb2d240e9ae09f922daf37f2b32921a37876517645a1e34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0cce14f646606f98f462b25feff3c3a

SHA1
3d2a592d5ce45d4d2e48e9f3bd04334000a0b4ea

SHA256
b01f964ef2c6161a30bfbc662fe0c1fd0bfc86c1522633c82cdeb881f9b11f83

SHA512
a05ccaa04822b7aac5c1f9fa58c1ea33b6a182d2f215c05a5985dddbf5b79b0f0ff988a3c557d2504af96e3f1b3e77c4cf1a978f6a97448d9ab199a47436812a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5508c5dcc3b81c19add727d5ceeb34ea

SHA1
be1cdcf8ae419161853ac9da44369d17301f2aee

SHA256
0dc6cc1a23b959de35b40cc30d9b7e4b729a068f86f58dd80837b07c5c238f23

SHA512
10d9fe444c02d07164652cbe5a3367973e0089bcfe438ba3d57cbfe8527b5da42ff4b9099dac838ec3577bc43613d437da13ae57be20675f95d36436746db445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7a53651a7dff0ca025b51a6ae8860844

SHA1
98950a44fe8a63263d5a4e906f9ff420080d9b8b

SHA256
2e325ae65643fb30a549f999feb6dd0be57f5287bb561a190570c27e276a3c41

SHA512
4767b05df1bfb28b223af73555d47456bda7e390070d009b6c964521d0deb6e695e8cfcff1eaafead5c2530c57779352f67d1076bbe812c242f8ede323cbfb6b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
7d76d24dc8b8c18f5a7cd99c5180c879

SHA1
0fddfdb38f66ba0625d6b79cb41da130e5703f9d

SHA256
c3ae000f93c94509a846568418a3a87d23282b469d4bfff3cd17cfd9e798c6e8

SHA512
26902a9d03810bddeb6224f9e60492f0c627974319092d7546428920987c61746f309e0641811425635021a284c894be2350eb47bf7fd0c76b12d9bbf4a67a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3b08264114a4b97afad4c30b362d06cd

SHA1
672c6bcdc61e494080ec367e36631b0de745a926

SHA256
c5f101b5043e0ae5f215615c7d8aeb4751918622ba5b7282b1c03705cfc641ac

SHA512
64b192eba4283cb7b30c871b2b96917f7c4e631b135974d3aed56737b98f9d3b6d954b544cfeecea4040d1e18aa7f790b32e3d8681eaec3af534de087d7491ae

Download Submit
C:\Users\Admin\Desktop\MailRanger 2\Mailranger2.ini

Filesize
590B

MD5
90bbf7c63dc176442d714be668108afe

SHA1
0b47bb361e86e7182c1b9371b0dddde2b45279e4

SHA256
37c6873ac374d1bb60f4983be6990797bde11f677f894df463856e18298b1814

SHA512
cf31c11e533ddc1858571386768ee380cb6ebc657e9b706ab159846492cb4a8cf63fb4e38fbcbe7ef56dc222cb8aa0f195b82812de38db4f73d7187344e1504a

Download Submit
C:\Users\Admin\Desktop\MailRanger 2\Mailranger2Hits.txt

Filesize
4KB

MD5
7ee7b51ee0a3df76cee275132b845c11

SHA1
999f21908d4334a2eb795655e98dfa537b0b1f04

SHA256
36f9e52a580bcc4e5873abc1abe67c4bb8c4237008bc2383a71788cd075d24b5

SHA512
f9af2e0cf47b92b8bd9d4bc2378030fc2d87df1fc36693713bc1a0f502b66c56528c9ee12e9db1a7bd35b076d10a0aa60e9e978f4b49c9e2a4ca90617bbd4719

Download Submit
C:\Users\Admin\Downloads\nexusfncombos.zip

Filesize
123KB

MD5
40dc26bda52442466a4aa3286893e4e8

SHA1
e4069193cba6f8061cf7a8ccf4e7333783806fb3

SHA256
15e500046f3fa32d78666a44fe00f6fbc6f07dcb2259d4c755d5dd3f09418379

SHA512
267b00ed99b51e718e1d946742d845fe07a0f2cb5805c0c2ad40f00ae9d1ece3a199df1da45ff3774294c762fa24adf805a168023f74074203029bb715c71622

Download Submit
C:\Users\Admin\Downloads\nexusfncombos.zip:Zone.Identifier

Filesize
52B

MD5
dfcb8dc1e74a5f6f8845bcdf1e3dee6c

SHA1
ba515dc430c8634db4900a72e99d76135145d154

SHA256
161510bd3ea26ff17303de536054637ef1de87a9bd6966134e85d47fc4448b67

SHA512
c0eff5861c2df0828f1c1526536ec6a5a2e625a60ab75e7051a54e6575460c3af93d1452e75ca9a2110f38a84696c7e0e1e44fb13daa630ffcdda83db08ff78d

Download Submit
memory/3360-1508-0x0000000074410000-0x00000000747B8000-memory.dmp

Filesize
3.7MB

Download