hxxps://t[.]co/gHdmLP7nlZ

Resubmissions

14/09/2024, 13:36

240914-qwdgtsxamc 7

14/09/2024, 13:34

14/09/2024, 13:25

14/09/2024, 12:47

14/09/2024, 12:47

14/09/2024, 12:24

14/09/2024, 12:23

Analysis

max time kernel
646s
max time network
643s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
14/09/2024, 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://t.co/gHdmLP7nlZ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1324	wscsvc.exe
3500	wupdate.exe

Loads dropped DLL 64 IoCs

pid	Process
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
4788	libexec.lib
1188	libexec.lib
1188	libexec.lib
1188	libexec.lib
1188	libexec.lib
1188	libexec.lib
1188	libexec.lib

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
86	raw.githubusercontent.com
153	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2720	4788	WerFault.exe	120
4624	1188	WerFault.exe	127

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wscsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wupdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MailRanger.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MailRanger.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MailRanger.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	libexec.lib

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Documents"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	libexec.lib
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000100000002000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Downloads"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "7"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	libexec.lib
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	libexec.lib
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	libexec.lib
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	notepad.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-242286936-336880687-2152680090-1000\{C9A0D7E4-CE1D-4B4B-8352-7B8794BB407D}	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MailRanger 2.zip:Zone.Identifier	msedge.exe
File created	C:\ProgramData\wscsvc\wscsvc.exe\:Zone.Identifier:$DATA	MailRanger.exe
File created	C:\ProgramData\wupdate\wupdate.exe\:Zone.Identifier:$DATA	MailRanger.exe
File opened for modification	C:\Users\Admin\Downloads\https.txt:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4788	libexec.lib
1188	libexec.lib
3092	libexec.lib

Suspicious behavior: EnumeratesProcesses 45 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
2436	msedge.exe
2436	msedge.exe
4340	identity_helper.exe
4340	identity_helper.exe
1900	msedge.exe
1900	msedge.exe
740	msedge.exe
740	msedge.exe
2688	msedge.exe
2688	msedge.exe
252	msedge.exe
252	msedge.exe
3916	msedge.exe
3916	msedge.exe
1372	identity_helper.exe
1372	identity_helper.exe
640	msedge.exe
640	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
1888	identity_helper.exe
1888	identity_helper.exe
3428	msedge.exe
3428	msedge.exe
4212	msedge.exe
4212	msedge.exe
664	msedge.exe
664	msedge.exe
4864	msedge.exe
4864	msedge.exe
1592	msedge.exe
1592	msedge.exe
3760	identity_helper.exe
3760	identity_helper.exe
1796	msedge.exe
1796	msedge.exe
1680	msedge.exe
1680	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe
8	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4788	libexec.lib
1188	libexec.lib
3092	libexec.lib
1796	notepad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	2028	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2028	AUDIODG.EXE
Token: 35	4788	libexec.lib
Token: 35	1188	libexec.lib
Token: 35	3092	libexec.lib

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2436	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
2688	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3680	msedge.exe
3092	libexec.lib
3092	libexec.lib
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
4788	libexec.lib
1188	libexec.lib
1188	libexec.lib
1188	libexec.lib
3092	libexec.lib
3092	libexec.lib
3092	libexec.lib
1832	notepad.exe
1796	notepad.exe
1796	notepad.exe
1796	notepad.exe
1796	notepad.exe
1796	notepad.exe
1796	notepad.exe
3092	libexec.lib
3092	libexec.lib
3092	libexec.lib
3092	libexec.lib

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 4228	2436	msedge.exe	79
PID 2436 wrote to memory of 4228	2436	msedge.exe	79
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 4928	2436	msedge.exe	80
PID 2436 wrote to memory of 1016	2436	msedge.exe	81
PID 2436 wrote to memory of 1016	2436	msedge.exe	81
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82
PID 2436 wrote to memory of 5036	2436	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.co/gHdmLP7nlZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff835d83cb8,0x7ff835d83cc8,0x7ff835d83cd8
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,7266140241873597840,17141665243517071930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff835d83cb8,0x7ff835d83cc8,0x7ff835d83cd8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,5734874140501334232,2665980480081115939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2080

C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\MailRanger.exe
"C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\MailRanger.exe"
1⤵
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:816
- C:\ProgramData\wscsvc\wscsvc.exe
  C:\ProgramData\\wscsvc\\wscsvc.exe ,.
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1324
- C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\libexec.lib
  libexec.lib
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1936
- - C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\libexec.lib
    libexec.lib
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4788
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 1172
      4⤵
      Program crash
      PID:2720
- C:\ProgramData\wupdate\wupdate.exe
  C:\ProgramData\\wupdate\\wupdate.exe ljiHbYWPlMiOxmyLctWlVaaWbBOC4P46Gc9e3qxM2k1RySWrx3P6Wt6ZBiYydh5W
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4788 -ip 4788
1⤵
PID:2712

C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\MailRanger.exe
"C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\MailRanger.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4152
- C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\libexec.lib
  libexec.lib
  2⤵
  - System Location Discovery: System Language Discovery
  PID:252
- - C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\libexec.lib
    libexec.lib
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 1760
      4⤵
      Program crash
      PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1188 -ip 1188
1⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff835d83cb8,0x7ff835d83cc8,0x7ff835d83cd8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3580 /prefetch:8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,5023274423140815452,11320604336457693660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff835d83cb8,0x7ff835d83cc8,0x7ff835d83cd8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,1230443294473217805,6914805691698987834,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  PID:2712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4752

C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\MailRanger.exe
"C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\MailRanger.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:960
- C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\libexec.lib
  libexec.lib
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2724
- - C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\libexec.lib
    libexec.lib
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3092

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff835d83cb8,0x7ff835d83cc8,0x7ff835d83cd8
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3908 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,10540222925969167393,7863787873820747810,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C8
1⤵
PID:4800

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ee16858e751901224340cabb25e5704

SHA1
24e0d2d301f282fb8e492e9df0b36603b28477b2

SHA256
e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

SHA512
bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56ecc1f2b5ab02fa4d6affeaf79fc774

SHA1
2115e8125108d2c139fc592b0e7cd0af2593ce7e

SHA256
166a56d906ba8c01b52315691512781b373c5fb037f4c2a2e624ec767e1ee864

SHA512
df713666e32df206651ddc6ae8829c8ec2e5fb2cc072d1a89afb7227b162d01a2934fbacb1aca711863673d922536babd31197a2ba49a742704ff3e3d8c45cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4662c09b465ef7564427f9c090f9150b

SHA1
9e84576f2918203708662bf614f4a28f3d756209

SHA256
c662232be86aea50589242139f008e1c141cd8f72ab65bf0f65e3f051db59e48

SHA512
32d3fccb5d013ead0149e8bddb9678c4ecbe0b5f4026ae8c04403bc1e910302ce57c243e6bbf7b44b2be076887d556cb45cc71b890bcd0ad62d757ab0725cf32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a1d6cd9232412c4dc9165a643a1670e9

SHA1
b8fab236bdd3585832f483692335d03f014597b6

SHA256
5038f464afa6f19760613ee5a1a3a65eabb49a627261bbe464ef71e816c42fe2

SHA512
333c8ba65d322ae80d928cb89906fd0b467f0a6cc9a569a7377a4f2e41f0ec91e7715fb8a9cb4e4e80919d9617c4c555bf3cc6bffed707a237bb640b13b052b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e96477fb47e4a8a6dab965f692cda7a

SHA1
fc2146abf8af3b6c6dfd738942b327a1d6785e96

SHA256
427efbbfa6e0285af837898d92fd1675022dedd3fd4c79432c30e84678a3848d

SHA512
1f68a882a2757842fc9ce59d25fedcf24cdd040d31ea18675766e258f288bdb618faed69198c079b2578f3014aac78a2bf1662ef72ea7579e4e467c780fb3de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea667b2dedf919487c556b97119cf88a

SHA1
0ee7b1da90be47cc31406f4dba755fd083a29762

SHA256
9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

SHA512
832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1bc9f115-4acd-40cb-a856-9c3a635df9bc.tmp

Filesize
9KB

MD5
e83c306b8f0268d330183a1d145beb69

SHA1
43b2e4330d45a8ef9eb05eab872e2d000a9e2d73

SHA256
b6fb375ece0e4c45d70fe9fb977a16a6ecaa1db4005cde9dee9d6f59e1b0229e

SHA512
3f20d91461f145eabdd1ce8973ff3acef025a31812ce0221d06dccb36895e899016708ec5eabee91ef8fa5e320df83ef21a66b073d96bfc1764f079d57eeb287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\49102b06-ec4b-44e6-b5c3-9c3f5f4fb376.tmp

Filesize
5KB

MD5
240398b6d8b647ce8b846190adf4833f

SHA1
e70f009bf22e893f6c3dec544d795f0c289cfa19

SHA256
c323101e5a73251aade4ab6815c665578494ece0070094753994eefe1db41596

SHA512
06b2bd9ce7ffa5e54fc14212592c092d1f9e35c608efef8be5498de931c36beca24e89eeded61784c8d1df68d918019d937de0147ff1e0615aba9b624aa0723e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
42bd538735cb492d6a81759e7ea86d32

SHA1
48617c85ac625645eab4c070979fc2ee80e1f593

SHA256
e1b51e2d613239fef90eadb8b358969d71d6c36596fbddbd880b20a0f53ab22a

SHA512
614a205030d1adff4e5cc5a6500245a1dbd61023c70e659c01787d1e094bfa8e8d94641cbbdecb9dffb575201b5bd21dbbf714842ac977a327b83bd88cd65bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
7b1f46579fc8208e9057633956eac504

SHA1
fbd3fc5c99ba811bfc5ece948dcae221356f844e

SHA256
3ecebc7bb508649d8c0d89d9d628947876840a7864d2d6c92a7de213fca57548

SHA512
65e4022460f424be46fc93f718b0d6f5ed936b8c77f7022f2d204533370e447e97f33ea5f6f388db955a6fe0eee49b122acf3ad8c370ccd38158aaf01faa11e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
b1b83c8b2311ea35e35ce47636faa64a

SHA1
b91d28ff25777f974bdac2ba4bb6e16cd0706639

SHA256
e16c33fb2f73d4f871305c51cf57a47a53362a5507ebf09090f08960a9f02a70

SHA512
c21e2ac04153df8baebc9a84d8cf90b6bc1f387f722b63c690a824b573d27147177053f5a4e5a800154c1855d73a1abf4b07934c21ea47b164d93b15c23e9e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
bef680b10a81883c4a918fb2fb4c6f90

SHA1
a26107dba7f4f8f4df800f2bcb500c3ec024e968

SHA256
71135a9bdc5415c41c4ce9b4a4cc2e2cc56679be7afba0207401d3b398eb55ec

SHA512
eda5d2540fe703973b7c77972b93a2b8f36343073a64a8334fe4ca456366c1d200313ba8957423e5cddb776582211c36cb2755c784f81905d26d65dda83e85df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
41KB

MD5
58756d99d2376dcfbede6057dd25a745

SHA1
76f81b96664cd8863210bb03cc75012eaae96320

SHA256
f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa

SHA512
476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
1.3MB

MD5
af79d4fc626118fef6de11536494fa93

SHA1
fc93dd671ef898efed28b91979d53796dd4d0570

SHA256
f49a2c6412b03ca7b938015269cb915e199f9a46fe64a0a8844124b19b3e3a5e

SHA512
265f2f13b01cb0692ddf93997c51361304c6cecd9955bc19cd49c562cfd81bc92f856b87f0c8164f035c62cb1507154eb2848d4ac82d429fbb35f3bb843ab207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
27KB

MD5
da9335cc11a14227b61d8663d09ec33f

SHA1
8ff0398d03e930beaf80697ff8d28a0e47c0bd50

SHA256
f0b14d3cce2f618df61a2134588d44964ec9b35fbfc7d9388e3facf9e3d41933

SHA512
ea18ce7caa4c59069a1546ce390bee4f9f713fef8bebb6046a43d7344eec3c0944bb9bde2386ccf0b997cebc5dca12fd7243bb1ed4eb9acf30987ef12a9a7716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
21KB

MD5
94a66764d0bd4c1d12019dcd9b7d2385

SHA1
922ba4ccf5e626923c1821d2df022a11a12183aa

SHA256
341c78787e5c199fa3d7c423854c597fd51a0fc495b9fd8fed010e15c0442548

SHA512
f27ba03356072970452307d81632c906e4b62c56c76b56dfe5c7f0ea898ac1af6be50f91c29f394a2644040929548d186e0fbcea0106e80d9a6a74035f533412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
37KB

MD5
33bdc9d333dc6b1e3dad3b166ea3a567

SHA1
30a38602e99bdc5c6a795f2ad5d54fec0458ddb3

SHA256
24cf7e133c705d3350bfe954c4e325b2de97fd4889de600f90cf06c8c3d02a4d

SHA512
5a7095db8e8733f71656871ef8109255049bfbff78c6beb030fb0c0a167a289dc29671f28a879b5e1ffd84418b29b15a59f5a264de6da8da08b02062fa3f1e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
37KB

MD5
7193ca6b3f27e8d5ea7ce2347cc33198

SHA1
38a55d68668a6324c2f014755bba48fab389d827

SHA256
5eb61d382fb6a3f14be5213c0df50eca6f361fc0fd33b40058eea631fb5beb78

SHA512
a0b9231558db8396247ae3aa449e9722ac32d5bfd4930bb07e66497eb2faebf49c6abab0ddb0b68fac1ba103bbd75e120e6fed5b09e449731c0efbdb24831ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
22KB

MD5
310332c9fcd187f4b4c3bc6198bc53c8

SHA1
e38fa66f3a0fee61cbe37eb7452c259321414159

SHA256
119ce23f0655325e876bca70a319f7345b6c53939e2e62f54335bd1218517976

SHA512
eaba5340162f1860db8be620274cda010b72050c5054075b92fdb0b73441349aa9f6c2a1c498d7e87bcdc8f42ddc5a2e965221bebe4063b9b16c40ce52341478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c11c6a02a95dcdf_0

Filesize
32KB

MD5
599ce5a4a92e2df62b497e5373ad4741

SHA1
4f8f3484ddf8a029a0bf6c0dcca1969de62e3a78

SHA256
fc300983ddb2aeb407e6f537aaa2c0da8268801729dcd2eed863285789418d9c

SHA512
870d9631eb0b320e7ba34acc99a2aa73f9dc86639cd701d6577a68c193a4efd6ab8f657d23f7ffb8eaeb29869c90e37731bdf9f55c5dfca712aae4bf4d81f033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b53e1fc6e4d9f540_0

Filesize
3KB

MD5
1d8c55c8b79ab9572171d9c396a03e8a

SHA1
bac4010c1edbcee9b41b608fef134f4976256d91

SHA256
aa9424e8c1adbe1bd3185d1bf20eea396166c22c8088427f914ee02af59789cb

SHA512
c76e79e4c62375accfe6ffc1570fc49fb7e786693a13ef568286e9a20b413bf2cc1f958ea79c439c4cea88ea6c07721181be3b0150fa52218d97a86689e04d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1149b91fc3adda3414aa1c02c1baa098

SHA1
9a60c391fd8cc82c5de75f9149fba26c16f7b0ca

SHA256
ddcefe8b38f8fff56446a0b40c665f113369e3ac094a4e31e6791e0ad9d28b6d

SHA512
7f7c8ae87939957febd28b14ffb9e90b2804d554cbe4b6eb41ebd63dd1840f7f472172d4cff26a380393cc58874acd8463311eeeab54c7ab70a5f58cb13a2d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
26ea64631e2390a51200fd550cb6a444

SHA1
3c182eebe8d152e02c9754034a36c131e6987071

SHA256
3e65b2dd74d2eff3e7ede100fd6f1a15fbe1781b3811f7bf69ea4c9d891f33da

SHA512
8a9d910aa7c589c6e7142917f97187b5c79ad0219dd5cc0156a1bef4c786a929d731fb3ab9c358f3e530f7659a843d9669931c6fb4b9b7c96a1b3e1755235d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3dc879a5bf298786ee35485a8fc8449c

SHA1
23fa14bffc39c83ba708928946f45d064386e7f3

SHA256
10ea198ca9b98220c5b81e952b8b271419a85b8861d229e854eb828a9f138177

SHA512
49e3df1dd65a5fffe57542b71ca16fce232ae5689d84e4267d1a5e043a7c4c4c707339ac57de9c09240201f1413bedca0ba3d94ce01364614ddc5daeef88410b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
9446d6f3122e92b6b464fe55419d4578

SHA1
b9ae6b583eb880210cb5b70ea4b1333ff4eb1419

SHA256
5344485f336d7a422cd6143640fcbc4f6fdad4aaf38cad4b4cec8d2ef5cc22c6

SHA512
4943a9ae8f8125c93ac829e823bcaa39fe29ab9ef60b354d8d8a8f17961e2ed115d7523513142ea7f79df1859c5d6491c0f22a8f67e6b17173f738059204cd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7e5ac39b02693edb430185107b281736

SHA1
37955726d25e252ae79b6178af01ce2a05ef2ced

SHA256
396eb1ba5c480cf37e278e943e8d58f6047349abb02e6058cfbf78471794a031

SHA512
c231cb126f1acfa7be173b15ac1379787176bc256c397d3f69ec69d8561cee6479ee93c58626c2abde65c0269a99614a2a8851d6a7c6627f07f7e7c934b7b122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
4982afc1fd9fce089fc0cac1147fe87a

SHA1
ff0c7c333b835e7b830d6908c4d491ba8e212fb8

SHA256
8d7479af2c675f166b9ebada9535a7d35d2b1a910861ba6fdce02a59da769528

SHA512
9e0b610232f5d67399bc8ad231599a7350941ae12e8060a398866472d7a31b6b4317082e4eec24d1e2c65b81ae9e2d20e54f3fa591c87c7b28f3fc67444cb6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e8c9961437370e90aa201b5316a77391

SHA1
0256240b87c9f98b40ab8b417da89a6a4098c9d0

SHA256
b257929cf4334314ae8149d656d360a3bb79333be0166984fe987264c283a6da

SHA512
a40204fe8dc07d47ffca6bfc76836934ea992ad43b1c92dddddcb8bb638b35c9cd3f758c7f1e609ca679b57069b9e4cae90760c95da45e619f06bb961145e8fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f24f425b5ce2681d9df3bc5debbf08b6

SHA1
cfd789681e9d5d6379c6ed90a73fff83a63d112d

SHA256
1216e4628242c97d0e6d0c3c67f9455382418fb0088cd90529e92bf8c076f3b2

SHA512
f748140cc64aec95036a5a34d3859a4724039b0916d6f4f57cd320b704521bda6f207013c90959ea2764aa6037d6c0fd574d59357d1d694f4d49e2662eac8399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
605243ff0b098fa06115b7216691bb75

SHA1
7e76e9c3361d3c820f980b06594b62660761b6bc

SHA256
fc4e708e38bdbfc6a7224cd7b5ed466e5fa4c0dd3b2a6ea84b8b2f247ff945dc

SHA512
b52ad8215ca49917661660208d245679396474b37c3076334abe094b14f6169bc137472a9c8852607784201509cf621277e6d0c38597ea6ab6b8937ce5363c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
788B

MD5
c56f510e39ec4b2082f5a7c211164cea

SHA1
4bbebf38346b4aaaaee0b2f365cd103ee27f40f5

SHA256
b3d4c6b80a6dbd788cc2d51134adf8925add46e8e018a19c586b8e045c6d9a71

SHA512
bc80c5777b7ad60641f8d3e1e81ecd02dd5130c851eab35377007d828f9cc28a5ea7f1b8d75215add6785f35b038fbf966ebcd2b0e3446f9850ffbb10d136892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
302B

MD5
6f6a4d005b6339b0a779799065da7e6d

SHA1
831820a80dc5ec0c64c0f7670da1de120d91a274

SHA256
ec81f1fe594b78b6b5b1f0154657670576c572038f4881876fd9f55046aad2bf

SHA512
b3f28f07ee374cb0ea993a170c2c8838a8e869e5dca59838e056dc9b70bbc31cd9009e4891323cbda7feb0383457b38f66ba5f972b82180f76aaff4dd3aa6a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
025da4d6da6f0b6be33e34ac90bdf1f6

SHA1
94c17da04c283d05e50b6f273513f9dcb24a5e26

SHA256
3f6d9acd7d0badbd1c09de982edaf952c53e6aba7a5ceeefee58ee2055568bd6

SHA512
893ba7099b53259bc7deb421c6d7112dbb572a1fbce8dc1d09e3655294d47a9b3db7c03e728c5e448db3a6739dc6422851ea14f1111adca987916d7e35499319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a55a57812d41d9c9a59fcd5e9e8cadd5

SHA1
1643872af56f2333f0e35c8894d749054366f573

SHA256
d03648f118accd151059a498c74a1aae30e4e8fc21bbb345ab546bb73929bb7c

SHA512
c27fdd5daa90075e58d0f1c7d1dd7b2533b4fbda722c62575a2d1ff4236a5db80e5999e7a9d6dbccf63168e7c2688d701f86ac9ebd96954c8a128e0e3f991bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bcc328f8d962293e16b18611f1f025fa

SHA1
7c55b6710b94f291fb1fb890bcedde024449b1de

SHA256
6a94056962da2b93329c089718f05ec69069510b6bbeeceb776e28e5b6571fdd

SHA512
3e2262edcd00560121517d533df6ed2ea76f4fde336eb5fc4e5ca13372ea3d4bd3712def2acf1270886974f997dd715d3ba7aac3f167c18fa89c50dc182be506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
250B

MD5
e414de4f2e5f2fc8f48ffa2be55d4fd7

SHA1
b169851c65bc00fa3d71076ece01e76531b7f0ea

SHA256
44622df00f7b2973232d046a1f99c36791dd30738d6f737e29cb4fceec4abd2f

SHA512
06e6e21741b774390b83268c31b41966395f4b25daa8721822dd72da66f61bb99896257fd22a9b795b517b625baaa362518f63cc2bbc9c7989c58752448eb177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
250B

MD5
fdb0cd627c9b0c0fe4f19ece9574f013

SHA1
8637a8619affa4262a4db87aca6f3e2fd56b7ce4

SHA256
a936a6ba3205e0db298703adbc964e4f99d64039d5959669f4bcfeaf9b487a8d

SHA512
473657274afcad0af1b88e6735106d179f54a2da4c80199c49df6cb661779ee33c92747fa4b3323d531568bc90d3622c34b8b8c033e7d8e2087036156f2cb6eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
924B

MD5
aa75f7a318352af087199fed086821ab

SHA1
f4a80fca6de3d67e5599a19d0d5bfa0e3b15164b

SHA256
6807bbd0f9d202b5bfe3df2914d31596b437ce90a6b8d3164f7f53084741c096

SHA512
21d1207cd70930e2a432db24ca317f2c3bf4a9a49baa522aced3d31fd721764b201599c8ff43a19d348575d48f0a4813aacc0640d5f3c04b1c2504b41d58d24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
250B

MD5
fd423c35698e0adf2fe1db266d47e10d

SHA1
0ad962231972ab7e3aa8d602210c9f0be4457cb0

SHA256
594fa58dcaea01339d4538261307e6b3e6bd7a245a9f3b74b4884e72372ac8a8

SHA512
4167e11fd80a630d1d61721f8536936e40c29455448cb5bb6b93a8611f279368c76418f8f80359eda9c13c109821a97c9489c4c67ca65031e912a3986bc39666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
96062eeb3556a28f9c740109f37c6fd1

SHA1
be5ee17f5a0225b871859fe684b253d0a7142f39

SHA256
c2d11e41276f0d91e8207585da487de6d67ce9d4bd0e2b3941ba23a9549e5450

SHA512
28cbab9ac72cf143045f53c7f1107e987709d806e8d8d0db2b34c07a06c89a01522d672b56a23a0f1bbdbafbf4384a80ac78c695b79ad983dc7c32100be2fd5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d08f1fd9efc3d3567aeb3f2a588bfe39

SHA1
d65a32c84d2c64356e9b9280b7d8a471fd8240e8

SHA256
8074fa0b489702c0693e76d23220f7cd284fc06b6bdeed525f575e4e071f2beb

SHA512
6855e767154fffdc24491f4abaf0642df3cf3142377c1330d35138407d61b0ba4dc2ce1c899dae887ca4fe8387d24d99139504e01fab06a6d003172f53d5625d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a45e03be4264eb79a871d1aa726bee9

SHA1
e099321bcb4b5a0802b3e2ab46d2e0e482c159c5

SHA256
49108943f79e39e459686beb0d521996a79759bc5a00b038c6ba6e5b47d8f929

SHA512
77bb72d66e11725e53368c28ff4e2e9de1035c8d7bf558a7efcf438c1aeb414593d45d87ed6bd50b3ca6abd87d7cabdd8577cf8f7537adf40a874ec1203fc780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
099bc47e879ff5a89e5ae02527248dcb

SHA1
4ab31d9414cc52ef833971e6e6798b387c33f5e0

SHA256
2e6641ec623b323e958069e31cc711cf5f724a9eccfc753e1d3a9069cdd856f5

SHA512
f5a479cc898d900bd9458783e544532737249261291aa3aad436bedb354553634329cfd876c34575993ab8013ccb16cfac1c16901321f3bab79299829f3ad53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af10c32404c3f9232be3d5586fa0cb98

SHA1
8c8c7102b5b81a01b6aa3743a912b41491308c3c

SHA256
a8c64abf33513b5e0429221d241b3311fc019332492c072838197f5dcddca0e3

SHA512
846d22da144e0f1a02a55401d347769736fdf290ef38dde48469dba1906df0651b48ee6424be40cf8077f30d5a724fc7c5574cccae87f464f16d206b33e91af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
69d34997702f0a11bb0f98e7dff58168

SHA1
0c03c237421e9cfb3de7446a81840feb84826240

SHA256
fa457d07b1ac1815d15f5646a1a1f71ff54e6866075eabb042c3df8e00b2dda4

SHA512
dc14bec6cfa25afb74b72f58942842e48173a2d4d499dd31fb5b014aeee48bd37485f4c32392bf40bc623d1096eaf5917a85b7a9d352ab188cf52b3986e9a4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f453ba790c943d28a52261f768f8a550

SHA1
a90a8ae72740ee142b0e8bfca27f077295e34b5d

SHA256
6e738b375ab4e76514eb882a7bf6fc01882edc55fac9425cefe6ba883e2ebd25

SHA512
b7dc27961e71ae488fd3209f68a483f75669328dd2864269e65c8189581b0dc7cc46db39272c119bcc16771214a0202891ca0db6d11982e91cb2aefd399fbd87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d491bbf9999377dbfe59d7e687e71cf0

SHA1
039bac212b608a97800c7a5ef2136c7395c5733d

SHA256
0fb0cb5774a56f980a2751959eeea9fc3efad9a4bb50906c4930fdc320a56877

SHA512
61f37f7af8b95278de336ee273fef94087442329f46c88bf82a9de57bd08dc95da20d6466861ac79a242cd66c3355c1bfa7b376abcc6d99be7d945dfb48b6b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a33c98847da58637807a83640c833079

SHA1
e0489f4472a0a9716c9c95f46f86d64c6e71bfd5

SHA256
1b1b4ef511c8201633c0598c8e51f98c17276513e6eeeb987327756fcc6095c3

SHA512
2a5c9124fd18d29dd0966a3dd576ad93db623077d1d803f153ad8732b52d35b0da7cc2e8267fe5b73f82805fa9f4e9bdc2a0efb29a9f3f58bbcba3cb9ce478a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3daa133f5c6ebbdb76e05fe4e5522e11

SHA1
5b7d8e1e198896d2039d0afe5816dad3963d95de

SHA256
3844c549257a0aa652957f460566c770b2c623ce9b3dad9d19d360d9e979ea86

SHA512
290ff608f3a651345c6d15e31da367379d8f6703903a4deae30ed2d3748a121547a334d0d7ba5a69a781fa962247fdca5f0aa7796d5491dd453705b57ce80f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0b583bcaeab56c519d5d3288fa7e30d9

SHA1
e06dedb67587e7f237e7f4d60f7dc1723c71d02e

SHA256
36b4dab18a2d1c48bb78fe69b84b4db21bc24d4342b15042bc61d58a1da20c4b

SHA512
3b0f1d16b57569b9310801fdf828bc1fab8efe91f6d06f2370f898fc2474526c6d2cdc0eb17196ff65109c86d4a2a07815bf6ae5424c4753e40e8a6e059b9522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eeda79bfc3c6a0a21bac69c27f1a4888

SHA1
44d3d468aa62899277021269be81775bd1c011e0

SHA256
7a99f936034f30e726efb81c35dc9f44942b22b9aafa70e5fcc78d9c815b3b7f

SHA512
2aa3a30a381b3048058ce63320cf80e5e0df86a0871816b8cda05e64fd8f69e04b4940420526da70ec35add6826b889451a7284c33e525a5e47c3ee406f0bd54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
861b48e9cf89d876daf2f08b3e4b584a

SHA1
57bc33f5d55f5bdff1e9d40583fbfcd2a76b5b38

SHA256
c7c92af1216af6a07b8b517635cbb13acb2e6c8335380feeb37b558346175a39

SHA512
2eaa064dae5f8b94bda7fc199564ae80ee7dc8dbeb5c4108ef46aa0d2608a946a27307ba00e4cb1af92b3d117c8d60a55f23b00b158469536bf6985e1f5d58f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79dfabed4ce2ad1b0fe8aa227fdec734

SHA1
2ab8cbd774fd087fcc06249b62dc9c95e2b516fc

SHA256
26a427f80e69488d8f2a9e9d11e4121204291c8e373a158c3d8040c3ea8d3bfc

SHA512
c782208dfa3cc765961f0433b93036b8a710067b0d49ef64717b10b67d858b19eef237602f0377d391c35914bbd5208980e03f51c5b866283d60279370e11319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ef882523b737a3aa46780a2cca730143

SHA1
ceb1fffea7266558cc19710760ffeac7a0b77eb4

SHA256
00893feeedaffa76a41cd80146e251d2e3a7448c4f0d36935d42191bdd00ac2e

SHA512
fd83db48c41e0c546d93b1afda3dd5b5aa608a84798c62048a573ce9b198785968e265155fd276134866c8daac6dc648c12feefe64bc46f6c5a32f61b30a0ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dbd076084d43f99bfd4f2b6ed3d5990b

SHA1
fd773e8973eb1035f7f60065421cbb704c0808b8

SHA256
68e86acb36754ab9899cc19b442a56460ded60f63b41def12bc494b9271cc120

SHA512
a0bc4c4ce2f6473c3e269f591d1c6b4f477c520d52c8abc3c2fa2046d24007e7eacd80edad444590812a152d158fce4d4a7e2b66e5035ba594b8d492de8370e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a4b8dc8b4327ce9771fc6382513fc548

SHA1
b897f328a359086be2f9f7145a6eb46db0bc9936

SHA256
95a525e59e80b8e8611d799a6a773ad9650cceb596e78ce7dab8fc94d1a79562

SHA512
a0868fe1b12f753e55c59ab33014cfb817e7d4d16c0a4899c4ee284c6fdf6a2c9b7ff844026bbef4c72f312f4c7260b243bd58f74ccf100e7bb163644192ab39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
533782a566ec0d0e81150ddf75da6c1d

SHA1
2e0158ebbe5fef4e4a5bdac9c6a1b3d957d71eae

SHA256
99d16851f1467eef5492c522c067f59ef0c76ecc94c284034cac54ba4299848b

SHA512
ad893476195a88d99080be213270f11025079b4317deab053de8625ddc6860b1051cb922d3a1ba63abe74980a903331df62a4b227983a1454b719fcdb3ec4737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cf851e80ed2c3323737fae336233216d

SHA1
ef441f0da37985cc00d4be2c78864e42124a39b5

SHA256
553b613da7859ad250ec2f3c8d5c5302d9e722b581e9a7c5cfc9303e9ff70c4e

SHA512
a975be129acfa544dc06e5d61c47c0eda023d7018f6a36a9698ccda5ba27cec077f4c44db81c3b1cfc0945ebd93f5970ccb93d6884347d4640597733dfbd45be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
602B

MD5
a176c9179c87008f2ff071d37987b567

SHA1
8b900bd148838a325cb440aa23d5b9af3aca41e5

SHA256
eb63fb331fb9b05dc31f4cdedbbdf2b39873ee018847c1fcb235194d2130e6ce

SHA512
fa5f4d47d52dba8b66527e33a472c1974e8753cc478bf0674c48bfa25ec52bc7be1e637269a038bdc9759ec021e2951bb974a2d2130d8672cb7dfa825154703c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
1f58a505c15ab3933fb51b68ec38e1ed

SHA1
760b7726fa079f452622c5d29cc9f6105c3bc677

SHA256
7fce36219b90b6a809d11afeed4cf47175b95f61ef40c891c4e99161fc57fb08

SHA512
1f9d54f8f96fe51a5f8a24501be76ce9c7db4b2230aed5d7f1b141e82ea69534ea3c67e2f7d0ae1d25adcb3d77d81d4547dd64bea347f8fbeb8b5f43a8e4c225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
adb5708da6cffe4970bba0e77ed407e4

SHA1
598dc7d6faf6548b33b0447a25ff4368455057b3

SHA256
859d24f2460fa458b8f546738f9c6717b78eec6484c2b24e8d3e8d568fec7905

SHA512
f37943d8de058bba5d91576e05a188f3c7ed5b45ab683d9871363821b45fe5183e6f05f97533581c5cfdb7e45e7f0d222c4110436020082f624ea741c2255b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5809af.TMP

Filesize
48B

MD5
19f3b0c2d81c415be582dea83e4d6eba

SHA1
8f3b09ea39da363cc7942089f4259f29542a0843

SHA256
f46e898330e2fa5f1af9a74ead2f155e9f67bb6ad8bfae5b5a7b808bc908bc0b

SHA512
650fcd74ff5ce87db2867a646494d5ca6e5c05aacd52876963c5691f14ce628f85f9779fe5d0fa0b0bf92043eedde4cd34e6a0267263060679bb1142f0f967c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
545B

MD5
542ca6ba3aaddf29aca39b92f53f6f11

SHA1
b5144cca68921a49f5f948d90f27355547d0f6af

SHA256
7c1b75a602ba910afad2a479451489496783e51315085f00de3c0a342acfd20b

SHA512
e1636d869c42c14c3d98a09adc945c9abc86d2338d241464ca323f7d2230d2a77db03730d6cfd7a59768d3a74bddf99637cd454dcfae88c23bfcc1834801ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
993a7a3d52fda0334690b05f8b74c5b4

SHA1
5d3c5c6706e37d12f1af0d78c5db19711df89775

SHA256
7429aeed598229eecb4392022d427dac1234e13516a781e8f9f9643989f7863a

SHA512
4deac9985f06b19aaa6e14ffc31abfb8789b4e705cc515a36350615e021746b51ab2a3f52937cadbe77d490b8b860c53ea47a2deff7aacd5c0f8f14517cdd927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370790305019650

Filesize
35KB

MD5
b2b13c3e01b4091f7f137d4045501a90

SHA1
4fb1fdf66fb921954728f7c26eb866b57077854a

SHA256
8d66c86d70f5c8d92276683faa143fe1047e4c6a8b6de67d693ade49cd44ad25

SHA512
c339372a72f8b0fc782e15c649e74285797f8e9163c6f2183b80695771d2c7ed542e04752cb8a2b2d8f97897f584270394aaa6157829cfba965b1e60b80eba09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370790305235650

Filesize
34KB

MD5
86ac67b77692868adeb27fd6c39740da

SHA1
86881321010ef073909ce8b589376ad5d94db001

SHA256
04ccb345c6bb4694d5dd4a2748505e099dc7c8da2da0c4d74363b2de8dc6767e

SHA512
b1c26627c5d94b73b350487c0fe1add06c26a2ea9f94781f5e1f0edba599aae7e6c7c4efdcee66752f24b9495d2b638d4910a5037d7d8b4e8976dde9fd92e25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
3d08addbbc8d6e9d84c8544e9698b042

SHA1
f8607f42754fab8ae9f7c470e0b6e44d47086ec7

SHA256
efea3e6de87f51397550864bc4962f32bd177e2f8a6574a3916c07ee7a8ec218

SHA512
0befd299a828e8ed57f3c5f608cedb67e9d767bc5ef2dc28e3f57b2b3089c77d910fa91681fc1bce24fb9feac4c3033bdd3e7158ac18243522b1604dbf9d5dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
381dc6c65432eddee67adf2df40f7192

SHA1
e7589bedd6bce86d8a028ae7a0a17d963e4fa0ad

SHA256
c8ed3ac88d0ac9603c74d3d87b0fe67816b1ff8988bef709547f19d99a2fb78a

SHA512
bde9f67329c58876fea1abc0434f109979e74f63d045af078569071978170e822b9a0e6f1c85e6b158ff34359bf8ad6018d6432f0ad523e50eaac6d22368539d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
a6ee551c368f479d57579881d3de553c

SHA1
d578a672040005745e45b5b1b3b471cd94c797d3

SHA256
63e6bf95301520206b42648e12f502d109aeaa6fdba322478e312a6f2bcccd85

SHA512
6123b7f151b6160654b787a551a5f36a97226da21029b26bd83dae6e539469ac4201e36989011eaee8681f4dabda42724488857ad5d6f760ab9355f6f4b75406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3c51a49f6e04c606f0a984f550e6a49

SHA1
378617723a595ac3680fa75db4cada49ec65e386

SHA256
b75e751f8fe1974c8edf6fdf3897453a059515b843777b8ad0cd97e8a7701813

SHA512
23bcefe974bc1c480fad0a018d07283ca8ba4dd62d789211e559a5a3aef9eb85a67a36f8a38ab0873dec2231036671d2540b369dfa18cc4d280d89cb662b5019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d977b864a3bd5eec24799e4a474cf467

SHA1
25e2c72d9d73faf499815ddb8a835aca06affd14

SHA256
425c1b747b9dcbf4f8ee3a466006d28ceb1b7366a12c64483ac9b1165a4075e9

SHA512
e08826e743b38ae680affcabb7fcc0f2811e1184fe2527bef2e613d1be95b67f1fea46e138b3be3b80239338a9c7560fec2130b0fa57e88af41bbbb6f7962086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f937fad4e194dbc288b083d0965edbe2

SHA1
40e5a1f7ff2df3b157ed2eb05a5e6b635a9c3185

SHA256
143ee52c19f82772f50d2441a197090814351820886d6bc709d675bcaeb92f7f

SHA512
c8e39b43b7831f26b6b77fe420f04116b2e819861ab718960edf1d9e70238af2adb80d3b801f750422e490a20be6524c5809f5d70a81b04e9f45cff0cb754a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e150449c46e5927261b9ec8d6e607ac5

SHA1
fd88e995783c8c805f5b5bd39663740c6782816f

SHA256
18ec5bb08e3057c4485b00f4dff3ae020927b771bb0f1f6de71345e6e8083135

SHA512
d217539d2ecf1043173b7c229e7259cc995d92669f48a3a60e228ea727b2ed3182e74ee5dd3e7f6fba8950de1c53a2a33b4e75bba8fbcb27c963fa51ef87a4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
379994855156e3ab5350d8b1948c8284

SHA1
dc05a93b54eedeb23bd5ae49c35c32c60fcffdf0

SHA256
0c081b9b080e6f4ee024e3f166b1561fdb2be0d511862e8c4a94d38681082099

SHA512
d2d2c7e945e2a1da818e73e7493cd7a6f78db482b9150748c9a6b21eecf67aa8002f5ecc3ba97475efdf8ae70387df378f538b815cd4971bcfbdb9c977fd70ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1f1952c225d85f57645767988d54742

SHA1
bacc8d4533d131a3bd8974976a3a5b07d8a9480c

SHA256
7ecb7f3f00d71dd2a37d408394ec216c2b8d17f90ad4ff990355710a1615f2e1

SHA512
00f735f1c002dd71451f99259575dcc77375f0834b8a409dd1dc0b8adf5a238901a0635fa2a48f1e8d5b0cf3b64bbfa7fc3d921b84c5d97ecd28e8b0dcea9d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7be2db925d93791c8f2c1f312ffeed55

SHA1
a3aa427c7813f2c92eead4261b224ddff191b5d0

SHA256
23090dbb6fd21f4a0bb51bf42ea0f4012bf7ad217d1d584883a3afba1b7222ba

SHA512
d26a6bdd2743ad1e6fb7fd176b372fb425afafc17ff70ea838a8b96894ff4ec27041103c6e1c29cb8fa418c95ac8fbea8e62b8eff47ae141cecfa31300f1c9fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
cbf3a96bc338c0f134e34d120dd77ca2

SHA1
a3df6e2b3218b642173385b549eaac66335bc8be

SHA256
49c2c2d2a7eca1223dc71ed2d27291bcbe6ba308216ea1396e43342cfc8307b9

SHA512
3a1f03f0d0c09337b4c05754fe35050ca9442026aeca885b615261b1af8f1bbb99f27cc2e77de2ade279a5d23ebe1cbe7469d9cb45974402f59e3584708c7f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a78c9fd69bfac082522b6a23fa7bb77a

SHA1
c3d37d8e396626ce35ddee55438f66a557a7dbfb

SHA256
17d591e84218ef667051863868677176b997219651a3002a8b3dcae29017fd12

SHA512
f1c213a885595ee37202b62bd8bc28dcc54701b46447f9941914b4df7cae04026ebd2f7a59d877a34cc9a0ac049775992fd3b1a5f4724f28ff4c020a3d7941fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
221b6b19ba20b624554583e76482173e

SHA1
0131edb46efe805aa7b15c9786a24e58f2493646

SHA256
a78d79dbef6b63394ad954fbe2bee95306bd30cf63f1b782a9bad9272cf8070f

SHA512
be07064baf01de85339599ab9f7f4d2fe1f1ade6ab1464307f8b9e96e4863bf6b8e06ed38a45614deeaa4cb8e7cd4cb87668daa020a9b67b827a809fc8ba055d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7ff92b8ac745507f2800236301a835a2

SHA1
fb2105e01969e1412deba474e0d26473384181a8

SHA256
bc74d38e1ddce1bb76143b85044863f9a61dc03b0a94ec2ae380b741b9f48276

SHA512
77e16323360cd8c97301e01ef28e883726257ea9ef4a05ea81c212611b57b9a11ff0edf190277b6f4aea5672a6e9c9d20a9c11215b412a671a1e71ec33f78184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab415c89-58e3-4296-8552-121e82c823dd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
120KB

MD5
9c6c31e8bceec4ac0d8da12f973d2a2e

SHA1
b857ab9fae90f30bba0855bb89bf452d194854e0

SHA256
37bdd28bc67de2f70a9c9e36e282948a8c2361e26346d8fea15ba4f9b3b1d2fd

SHA512
1f51a94f83c4490ebc8c8d496f66a227944f32cb22a91d5a5ddd3ee438ac3302576ca92bd7c1dbd47d67e174a41fc7fe6d822022e5ba04cada794fd500ef5c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
d292f44d18aab6f9bd9dcbc536d612a3

SHA1
93a81174d873cbf77d36ea149fdc52be7b1ac26f

SHA256
3cde736ed6b30733c236c90b4f5cf9cab698d1d46f89618f3c1edfd3dc827964

SHA512
4a3b2ad834cae820d1cdd04104b5466d77b8281b9a1f1140170b6bb2c2e22780727e061e186b61dd9df3f69165731aee70f317d59e74bd4a2646193e5221bec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b674ea63a3d34ebeecebf94f62ab211e

SHA1
beab469760d1af059edff3f9976eabd349f1c124

SHA256
b1bd1eecc763d52f9d6944e918550e9960f7c75d3a57d727a10ef10d681e7ef2

SHA512
e13d1db9301df965bb05658c2271cb5be399da6834803836ee51a3601c5e5529bc081ebec6962b8be83a1a974e8b1c28b4d9825f4357ee22cbe6a012db1b59bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e2a40c0b01403ec3ea1179ccdd720129

SHA1
9a7eec6c894a9806fa9cc20f56eba38708cd72a5

SHA256
b4797d093b8d5c9343938d96bb70ade481421179d02d3a19e30e8427e42aea6c

SHA512
6b76d095a176733b0b44b3dfb05de83fbcc59555d41f420a6a39274787b67da4fcb194da3c426b6e96aa093b5e2072df220db21c9aff3b3dd898ac95a65849e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ad4295558d574af735a9c0a414af1ba3

SHA1
29307d9b82dc9dda6eafcc61b00efc61746b39b3

SHA256
3db1046128589311c32cd6cf9c9fa12aa1471e3f37f05f309b64d63425a60867

SHA512
be0919a67646233200d76283ccdcaf0fc03a712d27c8f00bbea212512f26bf002cb8f382429ad5be7628096375760bdca27b5a5d382e6cd793818b7c860bcbf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
80db3e9ae1ce5d9f9bb975cf7afc57f1

SHA1
6f7ec9c1c0067f22b555c3aeeeb236d983441cdc

SHA256
7c83e97242e2022a6b224f51a49e23ea9286cf0c674fa2f8f50d9544ae9a3dba

SHA512
4a60ef94a34b68e5700060eb5adb6f8905c9bdd19aad63ed29a2ac40fe4cb27dcc4ab51b2f89f0201a994f3c377627f83fa5f8db62b9899ff7bbc0bf28c443fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
c18b93946fd0ea88b8f9ec480cdc8e14

SHA1
f0f67cd91bc6cb9f56e9b852ae3c52b66c586835

SHA256
318f40a49a8782e36e61a798f1d01f2d8bfe7378da812c10861d1a66000ad9f0

SHA512
c4a8c230b236511b561b300193e6f58df3bea28a7e8f6f2f696aed472a4e3d2d535d8fd66a30ee8f6bb0267abaf54bc8762e057fdf20a134e7e7fd1886199078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
05920ab23e444bed9ae013748b270941

SHA1
b7d552d29944f53c4e589b17a49691662ca34ee6

SHA256
eba658f11397f7f1cc3d92b6680f5f69b690c5d841dc5e52e180ebb193e4064c

SHA512
8ad3780ff01629d9d94527c6090e8f863998214ea82bc3b5bac4761a4d01bae61cbb5e58a12df8e1ef81368e7b94a632828029c0be4111be21ebf17a719b792c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc37aad95eea8200b9ec0c8aa0182db3

SHA1
f9d6b112aa4d78580aba562c5c79de7e68fdd970

SHA256
19868b7aadf44fc328d9f25a3be6a114c6a484ced75e2cc326b0e992cff36ed3

SHA512
3530bd6c8382aaf83e53e0de1d6c631f658fd7a8643767d4985770f910b7d6e7e9ccfa12a305b197a6b45f4aabec53d6796ac0bc9db08fd8b4c207d30a004f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2dbd33105a942a585da95a5a05ec48b5

SHA1
55e6f13ff8c3781fe2c9f41e20406c29000927b5

SHA256
f6e72a1bdf50ad9ffa98a310151e874ee2840b758d728ce8b7f2bc62523625e6

SHA512
33881e57fac255c818dc70e938a03bb391b725ee7a67ea2cfde3b2c1ed266e154a1e572907cd56ffbcaa07f0b2135120d07e033f04a62830e8735f6f1258a1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59774cf532bd461eef9ad561c9abf2cd

SHA1
b71eb155c19bbd42b19eefb27db0125049642888

SHA256
ecd1336b13a0d511188b8b5485e19d586c7746df1b59ce174c6cb612c7b87e09

SHA512
5dc8fcfae00660060c1887414803aa7fedf8263ca024f203515d7f6829ea7608cabf1d6e4e432fe41bccfa4c97aee8851cd8f0e4c8f12530abe43c0fb510f84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c398c80d198471051384d479ee95b388

SHA1
f6cc2d2068f741c3abb22fdc51c1787955fc009d

SHA256
cbbba910d99c4b2392e1a4b6259d3da67195aea87207a6ef938e999815457f33

SHA512
75d8fe73dbf5b32697e1e218f3b59abdb3e7a951d7484589e11001673624154c632d192f0401c284b38cc9374eb0d533a89ad56dcdaa83a3df48731d0967884d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d50f2114cc74992af056f9f49d2db3f8

SHA1
0aae11a91f366b62340df287951afb2a8af91797

SHA256
24301a010baebc4fe10c0e2dfa2bf13b5294719926632bd911cb5e902ab6fdf9

SHA512
d42ae6a440da238a7c8d265bfcdce60723b1e689ac5b42f898987c6e356e7e53052b605657c44bfa110804dd1411dadd8be0f2ca9ccf35a3f23535317f65fe31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0cce99ef751e46e8bd23c42472ddbadb

SHA1
a353996c315fffea306418c819c34fa2e94b6b25

SHA256
d803f2eb2e873f8eab7f497e8bd380a373125af8ab1601a3952399a94de1c705

SHA512
124d136a41964f9f4343344c9be5ee924ec1fb40a7e2f43d1af5d4c5ef8ab8946c3e96e613d05a0ff1422fea3eb5049cb8802140f0247f6cbc53bff8f4093070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
331e951f89b633e7af1ac72a4402eeea

SHA1
2d19f0f98bf529827ec98824c0b9428b8b2666eb

SHA256
dade997289d50f08e60b8c4c617e759516cba722f5721e487f4aad533f09a697

SHA512
ae9cc82da09da67e9cd9ef9e03d3420b46201d63096e7304d3d2eb7aeaf5d4afdeb9f4b9583198aa6777c91b74bb24ea2ba01837d5f9b8b619893a527e5fb18c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI27242\PyQt5\Qt\bin\libGLESv2.dll

Filesize
1.9MB

MD5
02869b2a1415b9c865b4c8989d3f3229

SHA1
8c25e42ad57dae4a0538345bf85a827fa058da38

SHA256
d7c492b123b166073dc41d5d6b580e45983b650d43b18e5f7c6521ccbc521b83

SHA512
f7a5bc267e1bc76edaed25f6c980a8f7c64bfc1e952b5d82bb49fe5240ad59364b4d4f4b3251b0d23bd210fa0935a37c1776d1e1dc273c9ff1b58cbe2550bf82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
aad1f09319a21559322e77fa1922b583

SHA1
ea0bb72db652a118af4cc91172f2e96ab1b9cff3

SHA256
8c211708160eb7ba90ab9f04958d704cc50082f5c38aa08a001861f64afd623f

SHA512
e3abd8d8fa2e2928547b6a491a25d57882f7798dc6d57f0959f4300616ae5733c96841c49235dfc58e9af2d1cb2bc4ba2ae258cd4555e408f9de3de68f6f5930

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
7a90e6a8c427ce8f29856905c8dca29e

SHA1
f158b77979516c20d71b9230da6f4395e20fd4e9

SHA256
63436b0025001ed74ad7f5c1a2efc48dd756031c0f99d9e9e680a65adc6a9beb

SHA512
411a0ea98333f11d47ce73225ffb7e138a0fb739806057fe031fd66eb9fd2423124dcab90171bad9c35c05cae53f045df33521cd172182537cdd44ea476e7d53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
a72ba81044efdc420f53a96a8d91bebb

SHA1
dd73843d48d181be61d428fe62112b70ef61b492

SHA256
5df1d5359cec90478012aeb74c9160dd4535d79039bfb4179af17886bdc4cc1f

SHA512
d3db3df2bc5d486160014d06476a5ab83e58a2fc0220d6f42fe48744c89a38f936fba95c1a44ee0893ee5e07606ce84c9a0a6ea017ecce2aeb5578276abfd4e4

Download Submit
C:\Users\Admin\Downloads\MailRanger 2.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\Mailranger2.ini

Filesize
598B

MD5
38816a601eecbeccde2ae4506284b09d

SHA1
ba42c08a3340880b07fe13a9f99c4a48a1d02463

SHA256
43ac7953b6963aa4d54c40435fc58c9e0b20811a14718369bea0698fe52f5e52

SHA512
b9b1a65e08c5c65e5ec57362368e1a6e880e8cca6fe7ec69b94dc39b9ab63330a35fdcb0d4a4ac1f83cbe2f6b327d084004b0bd24b6fc4862730ded585f4a1f5

Download Submit
C:\Users\Admin\Downloads\MailRanger 2\MailRanger 2\Mailranger2.ini.lock

Filesize
24B

MD5
07c5af373b174e9e959db42baf535e57

SHA1
3d8558707af2bd1154e60f08c587e9152fe234fa

SHA256
a06227a839250153ac1de41f4b322f9613a9f2335b1aa8f8b08aca955fe6b1cc

SHA512
3f038c6173de4ac9b103b3a4b722991abd45927b216af685abdd62b3fa6f7558423b46b3c448a1438b2f617810ed75e3657f5774d26d5a9758e970a78dedecd7

Download Submit
memory/1188-1532-0x0000000073C80000-0x0000000074028000-memory.dmp

Filesize
3.7MB

Download
memory/3092-3290-0x0000000073CE0000-0x0000000074088000-memory.dmp

Filesize
3.7MB

Download
memory/4788-811-0x0000000073C80000-0x0000000074028000-memory.dmp

Filesize
3.7MB

Download