hxxps://github[.]com/pankoza2-pl/MalwareDatabase-6/blob/main/Trojans/Windows%2011[.]zip

Resubmissions

13/10/2024, 17:27

241013-v1fj7stajn 8

13/10/2024, 17:23

241013-vx5d6asgqj 8

13/10/2024, 17:21

241013-vw7swsybmd 3

13/10/2024, 17:03

241013-vkn7easaqp 6

Analysis

max time kernel
207s
max time network
208s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
13/10/2024, 17:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/MalwareDatabase-6/blob/main/Trojans/Windows%2011.zip

Score

8^/10

discovery evasion

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	LogonFuck.exe

Disables Task Manager via registry modification
evasion

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4504	takeown.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
17	raw.githubusercontent.com
28	raw.githubusercontent.com
29	raw.githubusercontent.com
31	raw.githubusercontent.com
32	camo.githubusercontent.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\LogonUI.exe	LogonFuck.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LogonFuck.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
4596	identity_helper.exe
4596	identity_helper.exe
5028	msedge.exe
5028	msedge.exe
1236	msedge.exe
1236	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
716	LogonFuck.exe
3308	msedge.exe
3308	msedge.exe
2224	msedge.exe
2224	msedge.exe
420	msedge.exe
420	msedge.exe
4856	identity_helper.exe
4856	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	716	LogonFuck.exe
Token: SeDebugPrivilege	716	LogonFuck.exe
Token: SeTakeOwnershipPrivilege	4504	takeown.exe
Token: 33	3848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3848	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4856	identity_helper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 3352	2356	msedge.exe	77
PID 2356 wrote to memory of 3352	2356	msedge.exe	77
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 3364	2356	msedge.exe	78
PID 2356 wrote to memory of 4004	2356	msedge.exe	79
PID 2356 wrote to memory of 4004	2356	msedge.exe	79
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80
PID 2356 wrote to memory of 4112	2356	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/MalwareDatabase-6/blob/main/Trojans/Windows%2011.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,9019065219650948308,7237126290828000977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\Temp1_LogonFuck.zip\LogonFuck.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_LogonFuck.zip\LogonFuck.exe"
1⤵
- Disables RegEdit via registry modification
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:716
- C:\Windows\System32\takeown.exe
  "C:\Windows\System32\takeown.exe" /f C:\Windows\System32\LogonUI.exe
  2⤵
  - Modifies file permissions
  - Suspicious use of AdjustPrivilegeToken
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kaspersky.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
    3⤵
    PID:2592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6376 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
    3⤵
    PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6976 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
    3⤵
    PID:2488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,7886720251202401341,18412096639632990110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
    3⤵
    PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.norton.com/
  2⤵
  PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
    3⤵
    PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avg.com/
  2⤵
  PID:3408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
    3⤵
    PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/
  2⤵
  PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffe945b3cb8,0x7ffe945b3cc8,0x7ffe945b3cd8
    3⤵
    PID:1940

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
49ce2522dfafce29b5b2537f304f6340

SHA1
5da05153b123d275faebec9dafd823197f1daef7

SHA256
054ccb20828b309994b76468681664341528ff3d7c5d77b8c01bad56e3f7f441

SHA512
664c058063425db71263b3125ed47f2437f4c2479f4441427b8d1cd0b396fcdcac9b93ffe50016a975592220ac0f3c1aceae2837ca11cf32d1ec878c9277b34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f7e703dc4a3814b361ccad9835ccbfed

SHA1
b49f53aa045fa16520f13c76333b35382cb2cad8

SHA256
9487ad07b0be1a5c3dfb48a85cca577af382bd19ae36e45d2c3635b88b79b2b6

SHA512
df75e4a5a2ca3c8bd9e371531c5c204e4135c2c53bbea57e8399ee546409c9314a368d184ca6625ff8d0007f45b04ba1b631f5fe097800ac6d37b1ddcc52ee1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2b11af3a92101585abb11743f678a372

SHA1
958eec975c69b2c48207d9d0309a389c1dc3136b

SHA256
c46992f31ebee3f491c083e4d106a08486ee9b58eda9e388eb392f8c50dac200

SHA512
9ea2afe0b6aa0a36d2c0cf6b856549abe53108cf6855b03e0012d903899aeae7c287c719b1f4d2f9867ca2fb228532d785586eabbc14454c8ba3d62b828e382f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
9e75f9e08f4d0212786308c1c17b376b

SHA1
ace501300d94b8cd84cf8dcc9422f6110dab2027

SHA256
cf04e9e5edc384c00cd291eac8c94c788ad674eca32304c35c76b6546c19274e

SHA512
621cc725fbcc76c540d7d968aa0645b3996d70b551abea787052eb63feaa0fa88be722ab90314610a5ba800413d730e695bef8597d7f2e175033f7f9111f656d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
397e30ec6ed747f6ad36f2ac05aecc6f

SHA1
4de13e0c735e4f47ca8576c7382d8677cd25bb05

SHA256
83103de4f7bda6fc941b7d20e2add209d98555f8693bd0e3736be6cc6158b080

SHA512
141e65e8f38d1792f013cc738f0d8d882da6acc8ed0c434f8740a9ba8fd2b2d8937bc7ba7d088a3a61dcd25bc4f7104e34a4e26da4abc578f5144a706cba4ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
3e4369b14387545edf241f232cf7a6af

SHA1
a926e411057d4ac60c084bed838fa56c3a3dafdd

SHA256
8df619fdc49e7003bad1b378b43e0bbc3f2004bd47f34a0f959c0080c396d4d4

SHA512
25b6d849b6a9f29ba5e57e5bcc17f67c064c54e9ae15e5f6b62c5d69c54d5037f943b198dab2731e237593c1c862de6736f8e740f89d214e90aacefce32e367d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
55KB

MD5
84e0dcd510e177ef7fe667e95c560317

SHA1
30f66e05f3595f7be33e73c69088f068803c5247

SHA256
f63466f4d1f83d7e936520de84f05bef96da9dc2f7ae712f556cd15ac9b94bfc

SHA512
49f00266df56db3484cb69d383765061063dd12dd4525ef0c6134769133c84dec810cd191e7d52ef7e9fa755f9214752536df0237fe48211cc36ba40b7ed9a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
36KB

MD5
62fd1704573f0a1ae4c7db83f9f5b470

SHA1
09d03a37492cfd0580ed3b819386bbc4ff64d960

SHA256
3b14ad4d4df0e681fd5aba556473e39e52b31ab98f51dc3db4937bb641a6d667

SHA512
c8108393f8bb91c018ee06ad51d746a33e24ad9041d5cd84792e4c59fb55639b8042ed5c1a424b47263652182ceafe516d0b6adab147e33bbf261d6aee1d3f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8bc6b5f9e622db99b78ca256f9f33b9a

SHA1
4c255d73db26f6902cb490c5b56425a776f91087

SHA256
9faf37f72b4f34938fa6e243773246caf83eea2ea2df0846f67314c8a769ab61

SHA512
243a39231430e40afca71521b6893dbc4930ab098b4c484c21062882eb40d9cb59404880a13118d7e2c07bb072c26026b185eb681b662c04733bf9ed0490fc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
5eefa92b40672627aff45bf85bc91f4f

SHA1
98c776ecafe78795695824004148149fcad2c78e

SHA256
85e2e248eb49e984212108b85339dfefde283515b279a1c4ce5672f83a44a551

SHA512
69cfe4c3033bf6ab7953c6bdce4285c505fa0f02f82b5817b0c3faaa77476802fe88c393aafa1e2bca2a315c5c1c30c7d4bd801cd8e0071328d0ddb4d6a46253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
9b96506e2bb47100d2b8cb132ae2d0cd

SHA1
267d43bbcc8768f4fd7ac8883eee05571164bcaf

SHA256
3668fae8325d61fe47bba4a1f5b2a8241a1fe0c34001cbd74050739601092d2a

SHA512
33e7e965e0952963e62ad242452585a4a922392ecbc5de7887f9153ec405cee2cad54c0e5e20eec3ea150ec9367010c24f04f0a52d4f58413a19e597fbd71131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
4edf4cc77e4d74c01aac68bf5da8a09c

SHA1
19211f25f4745375187f2df69f61a9ce276ec1c9

SHA256
fefa228e7202bf6d16fd1e947005832527335d3a98154c9fede476f4abd36380

SHA512
5a1c516742e941d2c16fcd18b6e9fa0b863a5cf9b3a1230eb44abb71a7d83703e5ab6c3b469f318c0b78b87efd0aaf2ae1feed6e77fb4c57b67c76aefed34420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
5aa8a4ef12c1bbd9ea3c555228709649

SHA1
c325f34ede81d53fc02c5a61cb1706105e88db05

SHA256
0620a50b8e86a5688770737526cfb9b2896fc70f0bdc90855ac1cac45e2660b8

SHA512
3cb366a10be13d405e32773ec9fdce2244abce991d6ef52e31ff5d7117f9b6d4293c632a8e5a99c892695a31a03d2523cc5911ff6dee10dee456bb377022a1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
a8d6cbc32e5117598a2e938a84b1f8b0

SHA1
d95de6c6bdcde9cb92bf530ef63182ff1ec80b4a

SHA256
aa3851de72e245c822fe0e78885fa71ef631765cce7c4d580a53f7c6b5ec301b

SHA512
d7546b3c2371b234bc48d66dd175f59323cef7e96b77bb3c66cfa591b80f326c37762f2c9c567f004f979f675c71adf6f6806e64c4e93fb26123faf762c745ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
11KB

MD5
fd2f10737be98553e4825c9f07bb6e52

SHA1
da47ff015811a82516a0265e99e3fc76080f8e12

SHA256
2aac86bc0eaba1f53ba87335c32e3b431a493b7af1f115176d511a6631e3d203

SHA512
d648ce278504961a83f059f25be5ca1fcba07bf8b7b0061335847ee3c2e1cb444d00ba7861b9b2b7d5e7fa95598088da0c1854fe07563d92add903aff99c91c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
628392408b2a16187f0be71628c12634

SHA1
3c2d1da9913687f54016976c9a9baa60d9be0652

SHA256
eb13869835e1f911629ee7e015e6af5b1d12bc5a3393aafc7664ac104b3f26ed

SHA512
32479de026e0ce585e5db95d7abb14e618d6b5b5a814e9bac9702b8fc73d12a60d3afa0ee09efb59b07ca36995f7b2dec0e7e4872798ab20151aa9f46048c3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
492B

MD5
a4cff91b2e289bf850d7661928c61b63

SHA1
4db7a2027a9b392375d61760f3a5cf879cf493f5

SHA256
524801e85aa5b065348beab81d679fae642aedc7c100004818440b3a51fff24a

SHA512
a1dd92a87da06745eeb1253ff1f47b58d0f89276b351ed58af7dadfc91bca9a00f596cc30f0f99119f6066ed328b93f71db91174149aa7c71da0218251d8d3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
492B

MD5
4ee3e698e9f4715dc99b7407e037b612

SHA1
50df6eb4e818d1cd34e22b5174649f1828110e79

SHA256
47dcb9c09beda79584dae7be655feae4053451f5c8579bfb3a78e2391ab96a07

SHA512
294cb14f14e55b9e74e87b7cef4084e3dfdb54fb0b55f3f84e911facaee3e2fa8a98e49c55cd84afd84a88e8a18c902316fd25713bc2708abb78f89e5ba7bbeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2c7a3eb14b95ddff0698a51c20746a1

SHA1
773af4c79b4505eae74f30b4b108f38d4e2294da

SHA256
45ebe8b73492d667d5addd47c55ca7b9dfe204507beab1136760c48d75c4807f

SHA512
1e945f07b723d23fc7bddb60fc85b80cfeac08066263a02d4da5c1067fb0f0ad91765da18eb60f149df268d3a78825647cd208af3189b7f84ce1edc57a8154d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e46f5ecb6a2363cb512373154844f20a

SHA1
4dcfd589ef1dc3ee95ac0308e6c80a1ecaf8393d

SHA256
1e0cc65d1d7ae6626f54ef729a0d3612b2751516804d838f7bab88ee9e8fa957

SHA512
cb9e26aff177229615ddd871cf8f35b938e61fb41fc4922b862bbf7ac9ea5c9bf7708216994a633ae54b5909ee476b7c3cf46ef476fd7e30eebed360cce58078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
930d98664c63270506ef9ef6a9c04e24

SHA1
603a9380799ed8ba727f7441eaf1b4db5037f158

SHA256
43f7643ab37a04240252e18f17acfa2af9f8c54a7b6201ca6082baebb3262a3a

SHA512
b5187f1c05bcb711482563d3f0b250e9d4ec3f7bb0f8ba02bfda9b31a2993d4e43b84b1188df7e4cd43b3c43edd021ad892ec7b9372297200c0d61d8cdfb6576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d58cfae206eb8acefe86416317fa49c7

SHA1
012f39fbd7ab17a19d90ff0bfc83dc12d0099441

SHA256
7134fc7fe8c3c807cfb99e4a1ed8394c9733ddd0770d473a291aadaed2f53e43

SHA512
0dd37806d3516d6d3cb7910bc7a2c4f9deb01535b86f33c317549b5ced85bfe5267efed4ff8320ef42d43cafdb96dd452eeda081153db97d7c0fc19b52415c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e3ab18c98ca6d1dc46b620c92099a37

SHA1
a2713fc47f1b01d0eafbc9b211371c16b7596aa8

SHA256
61ecab4bdd9d9580eb16ebb4af19c169fa70c2de119ef54b1d7f45f46ce698b4

SHA512
04ee689df18aec28073878054ba8146fedfa7f8ba6e8680767d4871fa9357c82c3b89949bde0a1ed2f12b492c6099e191c9e073e148ef137ccefb8658475e8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
919bf6ad2f084e313e01dda0bffa3936

SHA1
837ab5d2eb620418d337e4b2dd82c9ee3e5b3167

SHA256
375452aba4c7bf6e821e5502f3c563e6679a0868e14c5e99dd6127e001d0712f

SHA512
999e9b6144dd212b14306cb5d569fc02428565ef686438c07a8c1d574668132c4438d947c7b57c2ea4ba28a5e979a358033c8d9f103e3c9c5d8fe25ac7ea3470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d4c360f54dcfd075c3ed42a56684b121

SHA1
135a1cb810ae6674b5ad701da2b125a899b92aba

SHA256
e960013464a0fad58f02af4ee282f380ad75964b13822ee35218e3121a8ae0b6

SHA512
031fd50bb954f1ec21a45e61fff408de3cc5c70dbe4abdbc6d73411841063fa81d67bd08fc6ff4e131650f2135985f5569110402d45f84b1238728c9f2332fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
944B

MD5
a7fef61ed6a31e01cff1c85ece593f61

SHA1
624380d991cef51473bd88154b239b6757c77638

SHA256
56607ef9463c60c39ee2eac49202eed2ff899b1af00f5ad4b810730015ace898

SHA512
f3da336af9e66c3276c6eaa09a150c1261914bb3f409e650506984e0f209298efa91bb44f717dd6d33f9810f67634f04bf6394240789e2b95bea25e8196a417c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
67b6c2875feee890fda471758e3a279a

SHA1
f2e89ae5e141507ad2ad12816353d468d95ebe62

SHA256
70262b476b3d627aaa023b2a78acc8a7fbce7e7e0c4441df571fd2eacf569969

SHA512
bd2a2f462854aa98fb6accd4279cff48ad344a900149c3fdf7b7510c2ce280047c5d9257e5a5c786bd9fbdacbce202cb9140e2495b872d22d97bb4747ae65ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13373313806222233

Filesize
23KB

MD5
d8a3adce1b9d09fe0ef92e14a3fa3d00

SHA1
8a676f73e89b1243e15bb6ce09ba2798cb1ef151

SHA256
28ebfc12a38a28c1964bfb336f7a4503795db04615a4f83a399fa19f39d6c440

SHA512
aed5a9e15b179574e1d5be6f590a10305cc7dec02eb680dbf004c3f8eec9474f85c910513de52c890dfe0b0b7fd60570d5e494ec1afacd4ef7c4394528e4787b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373313806409233

Filesize
717B

MD5
b3e9b876008fa162bb3964700788d94d

SHA1
93f8522a700ebc8c217387f3883f1b399086c7b8

SHA256
d87aa5b506f4a629993b5bac8416e1322f2dcd76783b048002946ea8409de527

SHA512
6ffd77b0817efc29372d64d7786d963932c9bffe9d1d3118f7dbc96333d30757f0dfaf0c768720edb0f53ab1daf4b4ebd6c66d2b6a332b4d74dc0660d89809c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
1425de6a88554cfe26a30f4d4c733a4d

SHA1
d911d04157a43e5524a4003e17a41a7f1736ef10

SHA256
bad2d80194766cf5862f506dadd459149e4f971a0364377935f9d52407e2b929

SHA512
fccc21ccbe3c7cff841d34ed7145f4cfbbac6b83f255b5482ebca59ed820bb5c48f19a927414c4dfab697ee21fa4616e33e243070733125921d21d9fd36a6ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6b287d6f245ae1aee55be6d1c41e176a

SHA1
691b9074679389937dca289221992cb89ed2250d

SHA256
dbeea15a790c2a6389df8a18bb927b335da0d8b79c4d7d7c624e0dbef7fd4e00

SHA512
47ee87e55e217941964da6b846dd921121691cf92d03001094244b4fbce8818c4135bc3d78bd65dcd32295c81dd5e1238cc2e0a26b7ebac303a25c862f9adcf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0021bcd427266d715d2c7e4802589d8e

SHA1
ef9830ab65011aa1b4a13fd4e74001640e04f9ea

SHA256
693de610b786e2e7a7fa8641f571cda0968c76c59b02223a8e84d835973f3260

SHA512
bb3692c83b5b71b925ddfef0479e4c7fb3d1f2fa6c8b8d54c136ed82d1eba38e62091888a46f87c04ba3508524f0d6c222b5c0007b0ad68c33fada387940dfde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2c56b8a4e8c5d4af422ba29cb6c1613e

SHA1
8d1c4e41b7c466b429b37f8d3a2ce99703ff8f46

SHA256
3442220f56cd21760405949cad787f0d2ac990a5b311c2014b95461fec028576

SHA512
08c855295228d8436cacb203faaeff9ce465bc3a3c8a945791b09abf07e7f2e5c56fd9a8435839219aae8da40ddf12bbbffdf507e46ee7a5cea5c842b58d75f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a0c5de2fa81f535c8dcb360a760d1a3

SHA1
c5b32fa5275e3afca34e3a90225d4a08577db878

SHA256
ec44e6db30624da403e3f61b61ee1acd009db45bc86bd4ccdecffe1a1c078e35

SHA512
2f0ee06cad3f13f7f3ef8d4c4b79daaaaf2339aa959698c05a6fa316454e30c9d07aa437eda97bf4d842665d118d38f50d9fcac8792149f1a8d26dcec5a8604c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc7990b5779ca33425cc03a94fb7e9a5

SHA1
6726d0b867d7742648335d1c00ee2eb841868d64

SHA256
596fe2fc1d9605141390388d9233da4c0ef3808ae8b52f4039c5db35414df92d

SHA512
fa71e1ecc110117771f0de10c35b6eab33cb9502f061d7760357fb7e42f91b2067a0246cf88f6b02b20cf654fa4ae6de642e1ec1d6bed8b96cb92eb3700b033d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
8f12025d7b23a6cf65c3baeb54f6d3be

SHA1
189bfb82e64eadcb21cb96b07599f4c5262729bb

SHA256
760cd35372938370104220e02aca6cc8f048ccebdfd2bfef366dc0f4b1968e85

SHA512
f9945f67e1314ec5446a3a1968fc66ebf97a60e0c3ef643feaa9d91b76ef8195eff101139b022f16c44798a7fcfa491f092d13fdfc37b56e0864052321dce33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
88fbb3e557cf4ef0e146395536fea3ec

SHA1
429eabeb671e522bfe2865f91970af3576d256b4

SHA256
dc972fec0a104e8b28fcbe93596b7b1a8b80a36645017a7df142b8b3b1cea16a

SHA512
d9354209b83e06fc29a672b050b48ca0686db3f6933c26c17e1fcaf36c4eaa71b0b08d0cdfd5f4cc768ad1b75988347fb76d2dbe89f88521e03648a176b010ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12f1e28926ec567aa317401197c9b98b

SHA1
85c9b25edb1fd3636dce4d4b4f4759fb95c7d2a5

SHA256
f5605499e7ddb8f9c9d53c58b41219967e7f02310f0faa140ea1af3b2d536a07

SHA512
857efd9abd84a8b5ef5955c769ed9b55a00fb119035510cd3a1a64714838eb0c1fc9bca02fad8fd03d263350486f7dfbbf306a8dc9e25d90378a809be7806684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
cf802f137379ed6ca3f740ba20fe17fb

SHA1
fe851955f4cbb07a284c9ae02788d2eed87bfbc9

SHA256
fb5e411569d62bbc622335e057da193fe19e56d99028ebc1b78ff71c6819b399

SHA512
73b246003593528750cbf522f81ac1a5fd18204a0bc6d90e9edea8644940ea7e5b62f9fe7e01e56b717b0d5807ca42f3539164ac479564566cebc499d7874b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e724.TMP

Filesize
706B

MD5
a18e54192a914b82bc05f069d3b3539e

SHA1
bd5375f0ef7e8677d495fbd56d7e406c99e4a705

SHA256
513451e7bb8c834ca842e44b51a1765f45e4c12b5ad1d6c2ae2e0c45cfa8d62d

SHA512
57c2accb73358859475944671ad54e21fa50f8f72f58d8fff04afe2ec976aaf27bcb50829a074f3a1a4820781affc6e282ae4cab7bca73c9345e67e3375ab9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d2807efc33e456831aa0200675da38d6

SHA1
8494b4508194d8b042f02f7179e9df050a7b3d7e

SHA256
2e147bc3db776e6ac3a2d2324a9512a279148c46f9fd3613c3b696c8b00ed0b2

SHA512
946247c1b388d8df9c65bb7e46acc30b6456fcf7f82eb5601b190d0acc2a75a11106c73cb5d24a8d8e381a323a4563bf38ad76a9a023bf46f6e07d3ac1497eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.6MB

MD5
91d0c16e9e1634d56f0193e69fbf76b0

SHA1
6eea58f0569071eeefd42c1cdf6daae8d824b77f

SHA256
6b42e3e60501c0cec373e25aa8fea071b90ae9ada305888493acb6aac5688cc4

SHA512
a52fb9f242f922c6dd37f4aded19e55766a9a44de50b3d23bcdc6e16df06bd50d540d7e9df129fd117f9f4ff5d1f4ecba675619f197fec0facc185dd39b2d031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
1d8982ea03fea4b148788596e2fea164

SHA1
f349893962d105e1d182a462374b4dd8ac58d9a7

SHA256
2e065e034573e59288f2c4cc947d49da2c992e093c13d6cff08b1883ba760596

SHA512
f85b975c083f6cf69b19452fba0d8b8403a484c054e7c8148a573bda5caa6af6a499fcbe8f86e6e28ee1c6fab1b47e27782ba520121469ebf7311cbfe5122f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
46ea6a05dd647af02320d1fdb9cb4ede

SHA1
440f26c55edbdb27c60993f7c3e9ff870ef0b20f

SHA256
a17cfff506fbc9f04b5dfa8251b77a5d6ed00c6658549d333fb91440e72a4e18

SHA512
d54e0a945eeed4d16dad729dd60e7e49bb0889cf1e23f4225ab3cb51b1ed23b064675de4fff2c089cd1596410253869119d8510517adf77e7b6c1fde81168b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
b3d99c23825e3957c8959c6bfffbc862

SHA1
b5022ac916b879946fed3b189e30bdc487a2ad35

SHA256
e7232ea508cf763f2b7912bd1b17dbd267b5d90989600de729a543a86a2f791a

SHA512
a6ed9cf3ef3de1a47b9eb9f8cccfc7d25af5e82e70547f856f99ec1f48821f95a2a9942431a51b19d14b31ed15eea0797a40d3ad68fc9b8da15d58b818640d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
3bb1a92a22fe8c187882274462a4ec35

SHA1
bb1f0c52bde497ad98c6233ae70126fd5508d825

SHA256
25b20a9a110e50e435a600c81d90dfc971d28ef3fc05e99f6347a839cfc06847

SHA512
07632da1cacea377da839ce411ef05bd7f3db9bae95d15d078d3e9a9c83e6af40d5a441106f771474dc485acce7b2d17d4fe7625ba91a38cac82b3bc4a1bef81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
efdde096780ab390f028a06e83fce8d1

SHA1
5d8f88b188b290f9a09318982cb8bd7323f1b760

SHA256
38c36f8cf07dca16b4971ecd67b27dc1e7eb70cca9d9286a6abd9e529491f754

SHA512
acb80e3c375c4524891f515444d43a6dee13bbc7752d46b1c12ddc9c1a8128188cf0d6c90c1427cd9dd46c92f848385bada6dba054bbe126123d57ebf1b26060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d3163f0de0bac8d8c7da2e1a23624cf2

SHA1
03da907497da43bed699b6d0b15e6e482a8e52aa

SHA256
fff820cdb74b2a3eeeb9e19ed6c3b9ea2df1055f066a36e7476e8728013e919e

SHA512
4b5aed9464ca4af69196f0348e3e921bbbba1a09842b4ac9a42ed0cc0dfeb96f516bb962b5616e1b1d6ef4d5fa247e22fe75fcf77cc92166600c90bd9bf03832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
635e28e769f191fc5157dc8d2cc44c79

SHA1
9168e164acfb37f032914298f9cd438f9fdb5058

SHA256
844083885ee9c6522ef2637639a374bcb630cae30f9294ef58fef2f31bacdb86

SHA512
acc39bbcb995b2d5bce846bef2f8ac5f835702137abec2b4e96f9a7edfc411135ff464ac7f645013bf512b5d6142535bcf3551dc628a26bbc68ae42e02b9a40f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d00a901b24198ef3c60c565d400db0b8

SHA1
18602afbb200880224e39bd28f925d26fa9ccae4

SHA256
64bec5be5ffbe247f5fa4507cddb400696ab34c916c1efbd4c8845f23c1a1ddb

SHA512
820a88f1c7c83e8163d32acd8162a60f1f6e464f9e6cac016f573526fd45c7928caf2dab4c1998ae9f80021b1dda240d1836cbf837499854755e2f495ead3379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42af29db48611c3a2c05d5e8e4610a83

SHA1
48161a676d1ae023c962d7f592a0745093f3909e

SHA256
0dfa58570bd9048fe84a66fa4fcb8f0f74272c611fcb2384db7ca94f096a5bbe

SHA512
a20788b4eb05d5e7b96c1aad313740140f5e0387f5aa55e4a303f152126dccfcee982e6f915f281caced5fbae87778fa886eb7f6ffbd93f437b2a4840e453bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84e81974d1551f1e3fb6372e3949baa9

SHA1
b0e28881369617b8b65218b7127651da1d0d0cf3

SHA256
59f1f7cd803fa1f3fc08ccba691fc2eb7221b1547cea667fcb5664b28baf850d

SHA512
6b7a7766308f66f9752b3ed6573ddc645c8306169569f8d8173c396dff3549d487a3580b84c7544b882e926d4490db86747681c9c56d68e09ed0d63e6eb04450

Download Submit
C:\Users\Admin\Downloads\LogonFuck.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 529925.crdownload

Filesize
8.1MB

MD5
a2444f7dec45365dfa277ee47db79e0a

SHA1
d5edea9aae89e5831ec1a36afeddbb71f774a4a9

SHA256
7236f49aa234066854570520a1473a55d0c9698a859008d38c13859502c88201

SHA512
686d182b15224b66bc2509633479ba86f2e59bf5679f7bae2fd897decbd28fbaa7ff1d546468e1f195f78ee46d4b023b8d7f32690f8464504e635d62742111a8

Download Submit
memory/716-338-0x0000021506A30000-0x00000215073A4000-memory.dmp

Filesize
9.5MB

Download