446e83f044b6319c85d16ace8fc63537a0d8b541658a90dae375756495535003

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
Size

1.2MB
MD5

3a6da0bdd054d3f1bb0f4667c00dbf77
SHA1

888a1e905691c8b2b3b4daf556469be493fb10fb
SHA256

446e83f044b6319c85d16ace8fc63537a0d8b541658a90dae375756495535003
SHA512

1a384a49b4b5a81f8cf559bb476c57a3f7b73250eb86c625bffaa32a0cd679480076c9aaa49209fa73c79db1bf199724078763c1ecb05e7045911453c57f070a
SSDEEP

24576:HqgTM8/TP5XsxDzwHhCeiqKl6lKiWj3MryahDSVXT5X:HjTT/TP5cxDze2qKjE1GXT5X

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
Token: SeDebugPrivilege	212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 4472	212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe	91
PID 212 wrote to memory of 4472	212	HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe	91
PID 4472 wrote to memory of 3740	4472	msedge.exe	92
PID 4472 wrote to memory of 3740	4472	msedge.exe	92
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1144	4472	msedge.exe	93
PID 4472 wrote to memory of 1748	4472	msedge.exe	94
PID 4472 wrote to memory of 1748	4472	msedge.exe	94
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95
PID 4472 wrote to memory of 3080	4472	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\HITMAN 3 v3.10-v3.160 Plus 13 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/download-wemod-trainer.php?name=hitman-3-trainer
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc92046f8,0x7ffcc9204708,0x7ffcc9204718
    3⤵
    PID:3740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:1144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
    3⤵
    PID:1748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
    3⤵
    PID:3080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:4020
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5040 /prefetch:8
    3⤵
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,10382702212479386304,10202633833399579225,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5988 /prefetch:8
    3⤵
    PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/wp-json/trainer-api/update-page?name=hitman-3&lang=en
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc92046f8,0x7ffcc9204708,0x7ffcc9204718
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:5060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:2872
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,10653155183350387315,11623015627258769169,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
b1bbca09b36cb289ade05d23968805bf

SHA1
4262ab9f2d9dcd5e36b51475e8045c9bae8a2657

SHA256
4492ada570c424dcc16a2b7d03012a46b106989077248c8ea268de389d84f7b4

SHA512
fddad27a8915ac1dbd8d6b982ae97696e81cb392090c52f861c49df3bbf3b98061eaab7929bfd67bea66fdcfb28c959f810ca390f7b3992a3ae7deb9278a9159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
1c897dc238b05527d0a081a43a1ab9a8

SHA1
ae684ac496ec1c9144519bdedc9d41f3a2702eb1

SHA256
707d9b29007cd6908e1a901c8fb68a3660f71d8666cf06984437b02b84ee03f5

SHA512
326c41f007c37e00f50aa04a62dadb92160d094a0970c4a4d84b9b2e06ff5cabd3428c747fce8ff47f76c77aeac2022543226a6a57105e591abe04dc8b129ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a72b37caa9b4f6636ae71781811eb92

SHA1
11c8c02de873368c2f644969c3416e6d23bdb249

SHA256
f2e2971c7afdd67f8895a9e49980b2e9ddcc640a93a9f7baa4707d8632cd371f

SHA512
c6336508a0f2dd4d3e2fe892000e6cdca3b57edb63da522bf03915d8d50b49f84263c57b7e05934984b85b067a92c3f13debc82f23453cf504a98afdad629140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
48ba0ca5d6f29ba0ec1f74b8f4f90263

SHA1
1d9d79696af3205fd121ec8c786468cb438e1467

SHA256
e062cc47c2a3785a73131446fca19919e668b68ad842a3b256036c36433bbdd7

SHA512
a7e31e1f859d0171a7632e49d935692fc10f7dcaaa44a17591f59643f051f25a08e4494ba2bbb0f3dcf9540d8cf34d8cd027287e06bb84a6403e23457b9a6f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c5c933b42aed8bfbbd7208eeb1e8f24b

SHA1
37fedb3e4825a76170e469218d0999d548ea919d

SHA256
c27d9d3f5da38d8e7ba3a002bcadb17b8b8e7a931ce1047b6e5ca0c5e6786952

SHA512
74ccc735b33a643ff58e067fe7763e8d134e9f26b1dcee6621c12f581e7673d6b05d3d34be638c7a0e3103f310ee403536a069fd888fe3d0deab076b0a7bed69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4d167a5e38b30669a97634cfe4a7f3ef

SHA1
679d772dd5a581f1c1fdc36d894809f40232ecf5

SHA256
af06c7ffdbb2971a491f6f9ef849e321b995cc1bd43ef67fc120ce39b0f0ba1e

SHA512
693f073266b92d31976697c838a10faf4ec3c5680913ed7c335acc62a30dd45ce90aa5574b4ca5ae55f8bb26e4567a9f8a40e649a2241e0d27a981ed5f16c76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
cedf6bdc2328ea2b37ba72c4023ad16e

SHA1
01872287e86a1364a4e5b000fa24b524b6c75b7c

SHA256
e147b51c0f2d01332ec5084cd01e5684cd7be39b91ad3b6be2d2a615bd986abb

SHA512
37f967f0396aae35398a168d9e953da7202744ec4756589056de7e05d0d070b7cd63efd00b98fe46ce8502ce35a2264fc4ac35b3d8cc36a2d3451aa3175022af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
c69df574b7820eb498474be7d979e6a0

SHA1
dcaf341206719d4cfb1b5253c3f37952bf0df281

SHA256
235bd83454c18f0f2da27c3187e19db139ee4aadf0f6361eaee83259f491c3cf

SHA512
2a486ac584755b8cda5efbf50eb690f7bb501bd039c1a7470100ca9a0b9bd59f367f91855fc44c0875832d07e3b6a9e1fbf599017d4457ffda726c7df3f1b59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
0180c2fe8ae69911e208577714700407

SHA1
e8612c45f5bd893c51ffebe716426c9c243cb1e5

SHA256
0e4f67f3cd589e73f5af453690a7961de6800a0a378ad3583649102ba026517f

SHA512
c7c5b19f01d3def0ceea9a507e0e0f8ac5c27f73510b3c54ac128d088c08c686109bdb0007d11170bb6641ecdecc37d197fced5fea4ea283d19917f57fc45f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
aef13b43b0b633e7e638ebad59b3002e

SHA1
2abe42f7996c6b7ed8962cbf34a1c2f3d9730872

SHA256
b19972ced2569d0420768790494ab661099afe8a09d22758c744de1014708d5b

SHA512
8bcd8441d6103f65300a703ebc3be346b1316fa1619192c62586f11646ff311311607154338c418710d227f1066cf04053becb7fb01d646b5355a68b1646b433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
7852d0d6ff224115d43d359a4039f9bb

SHA1
27c57d8b1c8e4619d56c79757ace3381538eab53

SHA256
3bc9acb59b205b7045a0ca2f03be00c562bf0a8f3bae8492d6ae121704f3ec73

SHA512
e19f0b632879ad4c62edb5ec7a2b65d9fcf4ffe92d1312b8a86428a2291567102045fd590fa5c49715b0826d1cc4d1e204167f302ecca1ec8789c782ff3572af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a5cf4df979c69b8144a739270a9b4ff8

SHA1
455dc188b3f8ea14bdfc686c34509c767a9833e5

SHA256
d1930a2663539291939092c6164f52e7255a7131d6f80f4d892264bb872bbfb7

SHA512
3d6b08efa5e244ad022bd057b903fa9f337b4bd99d776ae6f7caa9587fdf249283fed7b1145e2f7c2ae57fe30c3befdd39d60381b7716c4c95c5b76981f83f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
255B

MD5
fa8bae10becacc2c93881d2313ea0407

SHA1
6c42e9e83c05753f7b6bafd328a5164b5a2cf33e

SHA256
bcab0d3a8a664ce39ec2165b753041e7e924be98fe789b78876bb8018fd1c7d8

SHA512
0a17cf8122818a3f0bd5173c56f43455a6a35513ef9018b120d07dfc6597ac0551a21a7bb481c9d7dee20e3c92b17f527b7e0b21bf26a17a82d5bfea1408538b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
001629cf43494b3af9e71c913df2dd6a

SHA1
7a90351f3e569d15d9fe5d096ca3ebebe13517c7

SHA256
032aef482c4986e627ece92276fb1940d2b65e8dc1bb4166b1d9da8367d5924a

SHA512
521fc466465f20ce3c6ffab04fb40305f3245a8fe03f488fb76e8c5255018bedbdd913898ebc25866543285a7a73e6b920cfc5d900efade4d7507a04ebce1bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe3b75d343e0e71d6f6f22e26d357e5d

SHA1
672a9522f125fe229517552ba5881b3d7a41ccef

SHA256
e6427db1fcc26c29f1a4f53a1c0827d179f76ccdfc8a6538ba4a0110fee75d3e

SHA512
52dd297cd7e74f6f59168a3a95ca4ba50d690084b077490a752e36b75ecc86a6db8aca9f36804e55421e998dbd5e06d18b24b56cbefa59761b5ab16c5d809294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5138120c1fe07a9d61e7d2dc3fc075d

SHA1
c8b57703b665bfc65573bbad35254383172b73d8

SHA256
256bb68307c254a23a01c7155b143efd952b702755c77ed70f772a2f3928c31b

SHA512
e01b4fc630e4fc6ade4a4f766b4fb23fcabc19badf675a1416de5bc50d3b8f9f3b6784f5ec92bbf29162d98cc04a8934dd5acdfc99aa0209d80acef0749e48d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ed4dc8c3b8bea08282c50ca22ab5d3d

SHA1
484ac08a0efcf046e494030b32dba81de937781b

SHA256
02dcb246a395246f66162940c9ed023859caf84ed4b285519fd0e581280e88ac

SHA512
e45e79b57ba03b3543b8db41f038efa0dad369797b55c9d64b816e6c9b322b1b09d0ff992c2dac67f60731bfcdb08298b29a387e48b946fb327d53fd8c0f6e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
991cb72f5fd3cefd22fc4e88a1b83344

SHA1
f47cdf387f918a4f355f126aa0b2ca78882c75fa

SHA256
a3b012d558e38e42897806da88f210f55ba566d4af58215236829e2bdd96e906

SHA512
ec365b827a7bf64e744f2cc3b4902d86b1d9fb55dadbc7d4c3c12a7cf0898c1007c5fa4c61c25e9a16293ace25cc36b8ca4f9e32cc982fcfc81aecfdf7d9b816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
954d4b9013c54d8c94c06484770ccb22

SHA1
5bed4e36a7d7a65cdbdfcb2d7605c2f59d54ad2f

SHA256
2c0458a280959618705bc1f491b8b7f9dca2d318af0487c4c23a34b128d01ee8

SHA512
a3c6c5332c4ecdb5a384783fddc9abf1d3381407acebe69cb36aa3146d2e60a11e5247e82e1f5ba0d1e762a00ffa8a9d35ef0f66fab3f7efb1fc019c18a6ff7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
e598c6ed96abe231e2d302b332e2e2ec

SHA1
44de2d9b20deecc446614b6515cb4ce1b02cf341

SHA256
cc3aa544ae19b0913e3b2883626311dfe7e8a30e2e0382ff12198f6bdee8a920

SHA512
8821f8958bd9d5c73e3ca40a10aec1845a7238f0b23a541380195f7c354348eef494477ad4e802012d3e06c1eb82ba887df369b10eb2b4dd9175f5c48f6e8a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
325f7e151463215f054ebd756f29c11e

SHA1
c410d5987f04e272debfdc19b56fc07eed2e506a

SHA256
533841cada5f43f3702d228ca1e85f840b40b327a9561b1764a3e94b8c8fba03

SHA512
358a474c0d05fc07bb36c80af781bd21c515e192c62699cbba55c08baa60631437c7bd71acad982933c74476548a9e64645bd0be7cad0c36a394f1d95324948c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
950c879bde81c8fc0370e5281502b58b

SHA1
3be4159ebcc629ab6cf9931748820a50f71e27b7

SHA256
7f69c09756bce40c607ec2bd9162cf77ade7c7f17395b9a15a8e45ebed21e0bd

SHA512
af68b07cde3e4a4e98d35a9a5fe8e992496e09a0d72ff0133866666243857b710a994c8dc954344e660cf72e5d5b8f25d783cf15149a2755863ab0072d2afecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13372269400397141

Filesize
427B

MD5
f15902c26ba934c41364d619b7b74815

SHA1
eb3613b39a2d6b46a4766b66fd6881f942d993ad

SHA256
230ec9dad56a53fb93302238f1126e00778022113d825ba4d40fdb890157ea7d

SHA512
ae93d2de8b54589dfc532c13f28d832d475c5d1cf2948ea0a5060b5f8797d02ce46c6353db7b3a9c3f7ac910cf50a2982b853d8703358d6584a438d7b6318e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13372269400569141

Filesize
933B

MD5
54d9f0ab8da71c7d7dbd5fc34d2a7031

SHA1
da454972af53dc81cf6cc7fe69ea97b9cd83eae6

SHA256
384e8b6b36878d4d845d5662be2e88ee8319f60c1c01f1d9e1cecb282d9185ae

SHA512
4b57ea0e0cc19b4b91aa5e9c0784b9f54eb36a7b1caebff5719d5206716936eea455b087112ddff4dc41fa8d81bfbdbc40db355521c0c41b43884161fc0b80e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
96d64915ccb1125b5c87917caec3eaf9

SHA1
d89d8bd9b7494a899519a7b5b14b738ed8ebde38

SHA256
384e655a142fe6d1a233cd50316e98308fde2adc494b3a3f116f3b93f5e02252

SHA512
440cedc0176f0af76fab4b5921741a61a1fd0eac4e3cb8633b34fbc3ababb8092d5ac6137598c24b3ecf4e5a380937f998f3ff60edd5c4e2c6f38edf232b5bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2ee85241b36be96f94006480efe8dd03

SHA1
6ace7ec3b3b991eb0457d2de0a9a385bac32f7ff

SHA256
a24836df8a50d71398441ab0f2093a2367cbbdb64b25d077508031aa0c9c65ec

SHA512
95a203915da1bb15e5a86ab134410190e7ad677468d5e57694c61b30d1ad93d5d99f3f38022d3b1d2a5e0cc5c22271d4c0ac8c922920cdb1b8532c24887296d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
968edfbf4372940ea3dc8ad7e0e058f1

SHA1
495ab3dc417b4046ccedcec506592ade88e973c2

SHA256
e40214224105d4fa216f0df7c5756869e51ef409a04eac45118bbf2084bc50f5

SHA512
f3f75f54d0af6197463792886cccd220753e13b026bb59160a3874d9441925cc0f89d449d7e1414a009ca30bad9d9f72631dbf706b9635ac66246938fa56101d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d4895471cdb9c192a7ab5bf03510fd7b

SHA1
cf4e3c64d99318d990a17e011d2e98438974a91d

SHA256
47158f5b83a780a8a15c13890420f3377edfa6792fe2b73dc53b28803a667f10

SHA512
3ffed1c108561876abeebef040d898192dc073db6cda0972dcdfbd30a44927ad4eed24e6bca53107847787b53d1d3f39a34b767af08a86fbc6334f847e00814e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
d1d0587805969c9780a62a742beeb5de

SHA1
28b970e51e22f38e04aa86b516b9afaed3a16858

SHA256
72195092aaf567ffb159de5cf03d14aa811fb6990030006e157e010626f7e823

SHA512
d2cae497e6d8929f2f55fb70f506f7e6f84c9e53b4691894234db5da142d454c2c27a5065448460f5796082cee6c7299236167637b0610dbc5564692abb46d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
851eddef292a547b583ff898d444d802

SHA1
ebfa2aed96b53fb821d237888e3a7c3520f0f011

SHA256
4acc1610c4b3167f318e44f6fb3f19dde404c0e41a28eea7bd3616d8d0dd4b4d

SHA512
959051e06280b60c19e7eb33fcb120a902a4f7cfd5fc3db619e9fa481d6866276ae34c2e072956853e906f689bfbd29feeaa5c6d642a0bd0ffc523dd973ce33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
817fef8d28968a36dc2cfbdedc94f3a0

SHA1
97a698ba796574d32ef1144c119429f3f4fd1d64

SHA256
01548a95593f9083348257b3faaec223626f608bdc780831758b83015d18fa1c

SHA512
b3fb5bdba3c124ff5ee40f3e94efd074d2d34add33826cae16fdf6c630f80abe749a97500963c49581c3adbea1b25c9cbea11bb531917137bf2db7e0cd58f885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
231b47e92b7ebe1effc01843b3ca21e4

SHA1
810e88f9e38df76873b1c164fa464c06d4d811b7

SHA256
a1b78e64af5765697e52f1ef3191405c4562e880afee01309597b52209953087

SHA512
c0ce7fcebd4aa4daaf9bc8aac9d80f11ee9fb37edb8756ce95bad4b878588bd8d484a300e08a88711b14d847fafb0846652da8f3398ab934c529245ccd19415b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
139261b6c5bd5c4f30cf1e3ba4194c95

SHA1
b2da51cfcfae7782e7dc6542f2113583b4c9084f

SHA256
a669f75ca08fdaf8214732844ae9bc0b4e52bc5ef2b7b3b538cb46109d33976b

SHA512
d1034161bdff333a5ebad17f56678715e821be036f26c225c4127e84ff2f48dda196c15385587acd562e7640170350d0a8a63ee976f1c684e3073992d6ff7bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f380fe9bb6efaf3537630734920112ff

SHA1
078a4a52d882469dbd47f9af31b27e57de8d39ad

SHA256
9d24bb0e15582bbc43e7f8f91c077dd30e96b108355647764bff23a65a5ed755

SHA512
a2b86f8263f47d4008dd0aec53d874a71b982b22ba30e8288189dd785e43bcdad9731891c52561680749773c2f921775d9112cebc7e6c889548a4cbcbe9f2b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
25680db2b4d0a389a625fd2dcac33b32

SHA1
86884bd319f0c870b235dc614705464c1019ec37

SHA256
75d231e241f6e12bcacd1120579c216fdf5a543ea74e9e90ce2334b8e7bd3e94

SHA512
00871fabc8e1c47c0e8767b90a70132043792d3842a7b33d84c15b74238f4b10e531111fdef0a93b6927a044a873d62b4e32f038e305f4c42f3884f9bff70fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
283485a03cfacc74c200c2fbdf6b85d8

SHA1
dd474b4284f19ccbec260ac2edfb101a820997ec

SHA256
334c9540f6296d348f1bad1bc6f15212199d0866bd9ca7d07ce44d58b03ac9c5

SHA512
6b9515116f30a888ff5117d7779a1750a59c8be2f22539b7b2d6c3cdc2d3d4dccd7d7ecc821646cdd78b4fbbe7039f48d77d445c2148a5e9f8a2649f45775952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b64191daf94c22907880db79ebf15411

SHA1
78dff945da97cd57a1c55860fb39967b068dbc09

SHA256
b151e65468d520aaf3e84edbfa69702c25b7dca0d146cb53470cab0acb35540f

SHA512
18a240d4d17e833858edf05018bced7da5d1982c74301940da8909ad85cc871abe7436817ff7001cc22528f86d20955df2768bca1c5a36791e6d50af7c63915b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2069417a5ad1ed2eeb8e27ea87a91d55

SHA1
f281b97a7e546524337ced3ec846c3e9c3ab9f55

SHA256
fb0a21e4c9952608664e92cf0875c255091cb62b8b793581bc54f3525cce5c00

SHA512
1f68828362e9192ac6256f562a23f12dfd390b865c96d9646a4df6b42e35bb07839b8543f124577d2d07a72a88da89b58b0d9221e924f5b25b379772d4184699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
e09f61118b4be1386d24242390fb563f

SHA1
ab5fb1c699c36b4510743fa24f0b06dc70ab8397

SHA256
99c931f38383eb00b3322318221f1f28e4272264eaac7da21afacf5cb4eda814

SHA512
ea751bfaa5cf483325bead5716ac726716089c6d7966f7da32c8bc4559d7e898f50b8ab7a6f936968981f18dc6aa987594c4dcdf8d6ea6de11bea57a278eb0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
a842fbbcc0a2ae9eebf720ce10f294b7

SHA1
4e54a0593a47bc19d829942c4ab3b677f86cbf56

SHA256
fa1407029d1a84b23a93427a79402b666f466efc6c46ee730266595f90f5a48b

SHA512
95409f4bc9e0daf2059e4545b809ed23e785ebe05fbbf496e2ba6ce3058a2fc5c6de82d7eaeba471465fe372b13bbff3b67e3179d9b8bb7d3197bf05e79ea102

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 304035.crdownload

Filesize
141KB

MD5
d26bb2bd2081651e0f1da3e05738f788

SHA1
14b279b46c6ec9064ccde8bb363274437fbe2864

SHA256
e66eb74fbb815c238822c7d152bf1c57a8dd4ed4e122516e9001d4db29ad7d8d

SHA512
8be133b632e1f69f93c5853278d12fa8591b5add6d25f60a36fb88ffe833fe91fe851e02453c1527171f5d089b90b7d398de98657639bee5ad696ad08fe69651

Download Submit
memory/212-8-0x0000026CFA9C0000-0x0000026CFA9F8000-memory.dmp

Filesize
224KB

Download
memory/212-27-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-22-0x00007FFCD1983000-0x00007FFCD1985000-memory.dmp

Filesize
8KB

Download
memory/212-25-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-6-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-9-0x0000026CFA990000-0x0000026CFA99E000-memory.dmp

Filesize
56KB

Download
memory/212-23-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-7-0x0000026CFA350000-0x0000026CFA358000-memory.dmp

Filesize
32KB

Download
memory/212-26-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-5-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-4-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-24-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-0-0x00007FFCD1983000-0x00007FFCD1985000-memory.dmp

Filesize
8KB

Download
memory/212-3-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-2-0x00007FFCD1980000-0x00007FFCD2441000-memory.dmp

Filesize
10.8MB

Download
memory/212-1-0x0000026CF45E0000-0x0000026CF4614000-memory.dmp

Filesize
208KB

Download