0687b4eb1654cb8bd7f42c37af6ec2fdfe50a696956be2aeb2bf04d84dc29252

Analysis

max time kernel
302s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-10-2024 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OxygenU.exe
Size

2.5MB
MD5

0e99ebc3be98524080cf2276d40fe5a8
SHA1

4eb977a1bf92196d68ce572260122b94bad060e3
SHA256

0687b4eb1654cb8bd7f42c37af6ec2fdfe50a696956be2aeb2bf04d84dc29252
SHA512

35a272330aa1a262e5e7cfd5c3cd532c96611c1eef5c868de8a940fd53c287ded51b4828cf39d3b2be53565c2768bd48025440e1c068fe6431cabe31d27525b5
SSDEEP

49152:WvCbY8rkxYOPo4gtUUxJerbY8zBkqXfd+/9ADqanUUh:KCbY8rLOAmUxJerbY8zBkqXf0FhWf

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Loads dropped DLL 1 IoCs

pid	Process
4348	OxygenU.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
18	raw.githubusercontent.com
19	raw.githubusercontent.com
194	discord.com
196	discord.com
475	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OxygenU.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4348	OxygenU.exe
4348	OxygenU.exe
3928	msedge.exe
3928	msedge.exe
4392	msedge.exe
4392	msedge.exe
4712	identity_helper.exe
4712	identity_helper.exe
5212	msedge.exe
5212	msedge.exe
5212	msedge.exe
5212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4348	OxygenU.exe
Token: 33	1032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1032	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4348	OxygenU.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 4392	4348	OxygenU.exe	95
PID 4348 wrote to memory of 4392	4348	OxygenU.exe	95
PID 4392 wrote to memory of 740	4392	msedge.exe	96
PID 4392 wrote to memory of 740	4392	msedge.exe	96
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 756	4392	msedge.exe	97
PID 4392 wrote to memory of 3928	4392	msedge.exe	98
PID 4392 wrote to memory of 3928	4392	msedge.exe	98
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99
PID 4392 wrote to memory of 2820	4392	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\OxygenU.exe
"C:\Users\Admin\AppData\Local\Temp\OxygenU.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://oxygenu.xyz/KeySystem/Start.php?HWID=fdfeab6384cd11efa4a3806e6f6e6963
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84a3346f8,0x7ff84a334708,0x7ff84a334718
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
    3⤵
    PID:2820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:1168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:1216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
    3⤵
    PID:2056
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
    3⤵
    PID:2344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
    3⤵
    PID:228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
    3⤵
    PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:5180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:6064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
    3⤵
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:5308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:5464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6152 /prefetch:8
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
    3⤵
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
    3⤵
    PID:6088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:2800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
    3⤵
    PID:4360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
    3⤵
    PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5400 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
    3⤵
    PID:4360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
    3⤵
    PID:5916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
    3⤵
    PID:1588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
    3⤵
    PID:2996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
    3⤵
    PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
    3⤵
    PID:3196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6632 /prefetch:8
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
    3⤵
    PID:3244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6380 /prefetch:8
    3⤵
    PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
    3⤵
    PID:5476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
    3⤵
    PID:5556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:3476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,12365167424080038450,4354595539382835056,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x2c8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
108KB

MD5
01d099cf1c80e91732fe9b1b3a534832

SHA1
d0b28f5ab5f131a4347c20bda1d2370abc707c3c

SHA256
c6eb0413ceeb082e3790a9de028823568b31015eb26d28b203ae36ff7a79adf5

SHA512
8c4f7d5fa45c4a0dde905f0a22f9e82450c36ef833d93121c147965d35b6be086d0e964f39d156a7dba2304247e684cc365d62f4b93b880c397dedd9dd2d9f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
299KB

MD5
130d7bc0511c56e0494312ee4f828a33

SHA1
eecd5548cc8937e5d4fcc65074d6593cc52faa64

SHA256
5a49f196d17f458f02697269fb37e1ad354f771d7438883ef83aed9b2ac6e6c1

SHA512
e4a2dd819563c9a857909ba8a091da1b5f9216c4c780789a10319336f6d43ecdb9a5a1184fcc333b66c404985a21415f6b7318d85f2af997cf2b9fc227f4d924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
27KB

MD5
6f6711e20b9478a07891e68bc7502637

SHA1
b80363b53efd2a89ec17e7579496dc2601e6453b

SHA256
284b47fba3c65c0f87c327fecae885da0b719ab72e1dc4943691011391d250da

SHA512
4405934a8f1bc22eb0ceacf38df6d132228771f7b72ea7d2044306cae2ba2446590244c3242d29292f8cb0244eb492bc0a01f20860b49c50a8f29460f8e38e3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
fb03add841e71a9111b00544fb80c13d

SHA1
ab78592fcd875f25abb4d85ed3fcc65d1caa5f2c

SHA256
78542266a35b8d553b7d0f468aef8a39c7267bdb28afcf9c6d944c738a261cb9

SHA512
f1cbb5b79313963e56e656c2b0ace6965595499b39e7dd04a5abc51cb50db286ea82f21c2af7c8f6239cdec40c7ee8bce1495d19f1a72c216265be2a227487b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
5d69e38f3963beab3e79c80802e246d0

SHA1
4b1132651788a94c7bcdcc53207db144403197dc

SHA256
1e43612049655ad3560a28c25be3f7c944ed8a548a9351bba80289a1993977f2

SHA512
57bef80b71a3b500768d6f61d1010bf57f34cd48698afd2c10755b5ed3ec8eb75b5a34811f16272d1bfc3d2ffe99ddc31a1f9b393180ffb5b4293efce33eaa12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
cd549bbc28ca4f68f52368b750c4a4d0

SHA1
a225a134cf1a3749df4ad8d4acb16fc810044c4f

SHA256
df9f623afa27972d1b8d9ed2564a9ba38e712c282b755cb401af3489ad5723bf

SHA512
23e3f54708421ef95180d246b4cf21f74d5fdd81594d103b535aa750d5159e3bcd48cacebc3644577682bfd00c29390fdeba267df2302cc929df9699f4c88f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dd61fe879f474e7e06ed4f637c161869

SHA1
e4c0f4d5db81d0e5ad15490c995bfb5fd0b3b2b9

SHA256
a0078dd190c1b745cc8e08cb13ddf8377a43faae74b95ee489306286c7283880

SHA512
e8d2d8f8ef049a9db99e09258929f5c9b001a2eb43730d4db13255ef22262256fe29c891201370d773becb9b80def619740a8ec13cb35af78da0dda31bb86c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4c519cb794f40b4dcfd7e9a8c118b4fa

SHA1
8cc88c185726002fe618493211bbb00668bf8514

SHA256
bd850bd21ee8c75b89eea4b4bcbbed789ad34a04ee40444f69d370fa14c57d63

SHA512
904f2d0cdf72ea57d879c78dfe39ac79f7ad6660b27588f9d0a138f2ae91656d6716ab28f97657bd6fefb7e47bd93802aaa266f2b72c75d182fad4f7c3543e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uk.yahoo.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
4d9527e658f08f1eb571745093ff0750

SHA1
15325d4d3d3f204aa427c32a9cb35af026abef1f

SHA256
d6c7bc2e95d42a778afafc2ecd5a7c1b49b92e5e0f6ddb8789d58683a9672cc9

SHA512
bd9031d66b3e3e1be675065c4c7c4f1d1b107a7a4bd29f89b7444abe265d5c5f1da4b600ac1f414e1dc9c3a10863d79d90a4fb80afdf291eb730a2e197cf05d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
20016626cbed4b58782c97a32bcee4a0

SHA1
76c4752887a5d15fdb61e5d151b49cb9ef9d7f63

SHA256
67b3520e32edb7ba92e2efee16623d12ec477a806394d75ce35285c593f1a422

SHA512
f83c89b625df26d34266a17a9ce6a8512e9e906a61e97462a38894d2c0a8ff28828c56525bebc7f0f85dfd2b99f613783317e3509ad56ab21d1a6c599c062de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
46070405d069c082a39a0b5cf1b58eef

SHA1
24bdb1738d564e7e5d9566693ad7e175cb3a3bef

SHA256
0ea176d189004d6054bfaae06f2d0f5f865cbb4398b509110eb93997c56745a7

SHA512
107ff9577261cf21106c32cba96cee43ce8556bc591e6e6cb9ba23b398c9cafe2b98ba14262e0ec238ab275e270bf2cc83149ef7ce36792555c63918a59a194d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
93ea57d1b8e13b045f162896ede29bad

SHA1
7f81c9ec41c76b4d221ce9d9e4aa8c5bff6b4fa4

SHA256
c50c9d931ac3a6dec4e6ae902dd905309d3dac79d5561c56b361df41c20f8498

SHA512
455a8c16a8d09e56392fb80635eb2abb22cb554736d188b653fd303914fc78a51d06f6c1a04f42666cbccfa726c179aecdf1d7a728a5e9ae1276a6e33d283531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c74c9a7b649730526f210397c498f761

SHA1
85c3b8ff4184a863116997b6e920eadb1bef9252

SHA256
5aaf17f9dafe521d046249fa8bdd1af1cc5f6817609a80d6741f00186822d3ed

SHA512
1195f46756123ce1a3d979b57761d00c5bc9b6a95ad834d9c976e1a8bf5d2cc0c511443d87db16062b9210e4e3f9fdce6def4e3194160f373263f98d881eaabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3efd2f9cbee1d600d3f51ed7afb0ec62

SHA1
5abb38f0c874dade165c775158ca53378bb5a0eb

SHA256
f75226353a378e235e133639d8b61bfb588271b2a1db27b82294da3f2097118f

SHA512
d21d710af28c945106e56f9dba88f69833304a49cb7f2986f539dfb963310a1856843a51364bd245c61ee2d1e923bfd278af13c3203169ab7ea2c813380ab40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6b604572a14da117f40d77b36a7729a6

SHA1
424912d457c94511232b9536b97526ea70e65969

SHA256
2ba8e9e87ccc6677fa43d349e68d879e6fe5bf34ad7c02e0298a2eceb827de12

SHA512
bc1df537ec8934efc4e3b012fc45164064b5634ae73d648ae092c5e7e197c3662922f7bcfa15597e40e1dee17aca69822b7226f64708fb806e9b6d838c83277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
67c265ff7593430d94bb4472a1e0712d

SHA1
edb329476d1be7aad3c77ad118f7bf61a1092c20

SHA256
61e4c0ba6aa5cc6146377f0d7e2bc614d5a1ff4608888b704693755b0994c59d

SHA512
ee4ead689ac9e34252ce1fa3db2e042039210776ad49491434adf6c5f96bdae1af64c4c735698dab3fcbd1aadeb7fad0dee2c6ebabbd8f5931e68e119e8f4a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
aaaae27659ac32dfee2a41ab2775b329

SHA1
7c51fdc8077527a2ab9964eab4ff0f70a6eee7e1

SHA256
4bb9a0d5854a573649d9c9a2de5b8f2ad312b0fce43ebfb7377704ece85b0af0

SHA512
f7db9f909dfa467e5c034a1b3ae92decc10d158afa7ca333050a4857f218111657fc14ccf0c4f0112c548ef82952c55a9eb8b0068091babc6b3d9decff319f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7318630f88c8f2d0c172fb4995c06cb9

SHA1
13dc280f6338d020f3f2335f815ff4c8192809ae

SHA256
75c8fd74234d78ae54d8348625bfe95886395811bad17cc384c1d0cb298d8ab6

SHA512
118b4fb8f2ccc2a18bead30529d85b68b17c619c4887fe7febe6bc3cc58a558d98bf9b0758167baf14b0a98aa89ca06f036faec0f310bbbeec5a2c4c4c10535c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f90b9565a34b8be4988d8a75a4632186

SHA1
52c5fed853f5b683f7d2387b84320f98ca4f1044

SHA256
fac15c7d23975dae4dc85d2fadd5a26535de98a70bfd716583d36faebfb0e359

SHA512
267e9e54c5ff6bdc0eb28887c2b74bf9f29a63c170f8a491cf5d041256b959c343d4272494a684e66c619dd73b42b40558c86930d3be8d91d529e5f8027684c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bafd91cfe8518b9a6d38574f63688d22

SHA1
40e674c644ac412cdfc7521ce8a77eb748f9ea0a

SHA256
750cd07d41223e4aa1420dd1dbfb09076d58b0d3121fbe014ce84fd985fc62f9

SHA512
cfc6fe1b6a942dca95834d96db495a9712dda73b9cfb993d5eababec0a956e536346439e1f6c49ada7f81d856e50e727e97256845c646bd8a8f012c47b4a461c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2f25b30e0e35e97ff31bb1067de79060

SHA1
2adb03c71daa182a326a6ea2899a53cdcfe4ee4f

SHA256
5e2754fab935491c3c28166b593bf3e87f06d9ac80010d34430729b227f6e4aa

SHA512
c64460b7afbfffdc5444f2558636675dcba3e452d929893d73e740ef635673b2f3ebe99b21fa797503e6107a4a0c364b528b412708fd531c2e7e8509b09eaf1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d8aad43d0a5e653a6fcd41e55decf08

SHA1
bab4d4fe66c08956b7b90b7da55b1206b7b1326e

SHA256
4c1d74c79a789fd9ac16ab1a11c508d73683a540519aae6585a5e80f7f5720a5

SHA512
e78e64c4c73c92e9e7d1a15a2dffaff4d96047dc474a1e14aac47cb516ba89d08e42cd657d7b124d27eac01a946becb145c76b4afefea949582a1c3c4dfd5f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b896e5e21e20632fb0db138d2023ddd4

SHA1
44388eda54a5e23ccf39fc5550f57985550d1db9

SHA256
22d9bb1d5446bd8efff3a54513f5b397be4d4793b7845fd4d3d80ba162ab456f

SHA512
a8224057f422d6a25344ec69beba5fa1a664cdc4c817e1ae93277e92300b9ea58e28fad3bb903b96bee3fc91ef15953fe7024cd1ae16018cae09756c08a18f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ed618470eb14521dea4c84571f2b0844

SHA1
8da225c1fe59055af0e1ff70490d71a953262eec

SHA256
5d45a0cd2165fa21e163563fbb3c5f8820e62592a6b46862d0041e3bd86a59d2

SHA512
9a129ef5bed51ef88e3a09a5cf3f6710fe2d4a4ec520e4c9594449c3a39f2d706e9fe1360e4556d4155449d711afec89f5aa0affee1300e009e6e02dcb4b9b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
66ca03200e961ea0e93bd6a6f4cec113

SHA1
f33248a495a00d5aa021c97a272a20a52cfa4507

SHA256
3744385cfe5f38fcee605b253a37e9a896e4e1c8ac69f042238cfff829f0b034

SHA512
a7e34ecf7fd52961194a9164a6049721fb697d776820ddcd9df5b19fdcde4e2c943ed502c86cfeb8ada6cd54c147978ad8b95f69526e702fc0515a87c3ebbb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
d4c911eae8b91cb2b7cd9bfa3fd412d5

SHA1
643c74f0ce9317da62fc41d779e2ba27304afb61

SHA256
81ddf853d8f2a11f4874a7c3675f5d83263c4eece9b0c61328eb7b2df5c2365d

SHA512
b9578d69d1768d1df9a0b22e970997aaef8d03b722b29082225109c47beeac2e8a95576056eb73ba847f21286b4da72ee99da59f0bf954e0ef9df52d59d5625b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f2647f9254d5bd7f550db96bf7c4c022

SHA1
b5759b09dc7f19784a2719dfff4265d9b4941d10

SHA256
95db951449917d3ebb90b2d229340845c6af6021ac89e1d051ce1018d931a763

SHA512
dc84726ae2726684232216dc3385532b0d3e030ed88cb5e9cb9474cfe9fd276f03a15acb649494d8a7c2ace54cd55a857a05eabed0c7d6d0ab7193cb133811ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\b0c0a1c9-0837-483a-9545-e268ba260229\925a02cd30dd2ad1_0

Filesize
87KB

MD5
81503a8746a70941c2ef32d29d6f31b4

SHA1
bf0341198d83b3ce473f3ff9c293edd5b525259b

SHA256
b4eb88c7ed3dd5b2a8bb0448d3b3e6499fa15039ff266b4d78259f6bd334a0c4

SHA512
341efb63b8e5cc1e89db5017cea7e4bdcc6b3195e9462793f63421fcf0d93d63c0cb5e36decc0d0c83c2ac28e6532ee961f5fa1632d0e54081ef5b88621c142e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\b0c0a1c9-0837-483a-9545-e268ba260229\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\b0c0a1c9-0837-483a-9545-e268ba260229\index-dir\the-real-index

Filesize
72B

MD5
3495070d5e709f17630248c780aadd22

SHA1
e73765bf2083ea42f935f4d0a36a53d3b682dcab

SHA256
b11c7503a667ac97e3227a2eb8693ac77491a9b0f54419f29c8af6b00e6d4cf6

SHA512
1bbe0ee74a9461a40782c1690965315ca1cdf7734633c29cea7ed3f173f5096fa0f2d9f0d3ebb9160c32b76df80532cb82926b13601ecf5cc7a4255208a5668d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\b0c0a1c9-0837-483a-9545-e268ba260229\index-dir\the-real-index~RFe59d8e2.TMP

Filesize
48B

MD5
c363a6f9fa26089a86bcf4399a1f468f

SHA1
92146fcba768d0ce5a3125af64ab85e484dcb126

SHA256
5ccdf1eea026e43ca91d1a6fc561d41696af51f992be9179e51e3cbad5a4c81b

SHA512
a5fb4a93d221fe6b3be5a26ced8bdd4cdbd4a62385f3b0a78b99743e3c98040801b608ee0287545ec52dec936ba87c37cb28317f6368d64c0a10b8c37df66e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\f0763b08-6ee4-459a-ae35-4ad1dd9b042f\index-dir\the-real-index

Filesize
3KB

MD5
209c6d706544f1bae5934fcf6546bb7a

SHA1
dfb572fa0b45b5c9da5183261d45b4fe1605599b

SHA256
a1180afb444f32f94094fb89c7e246c3d305254fcb8c64bfb2722e676628f57f

SHA512
fa556ef56de369751acf3156687fe0c598aec0e68eea7d8a272ec101fc4a0777b04d9f2404a48bed33abde061b8250d41c6f31360571a72bf44286c5fc6cc067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\f0763b08-6ee4-459a-ae35-4ad1dd9b042f\index-dir\the-real-index~RFe59d845.TMP

Filesize
48B

MD5
042b6b14ea38e66d04a8da50dbebb66f

SHA1
f84988671de24264cadf97f6135b890f352ca592

SHA256
47cf2e3fd2d9bb366647c111a18603a378b7fd6502b7234976781b0bc1e59468

SHA512
f696a9f055df683bcc84d90489cca04cdd3d74409a61ef83c3aa5a7c632d17a69d505d2f239e53927db18e1ce2ace04e774b4a721ca004335bafea763b351e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
86B

MD5
f8bb9df66add2e8ea25b00b4412ac811

SHA1
5b87e11a7ad2460fc765e97cf940a457735f1494

SHA256
a607880f517ff50b9638f2d958c6c51e25b56423cf42f0aadf956f04bd3acaa8

SHA512
ca8355d55a04a84c86922f82a5bb893d1ac2c6f0bde6c84bd80a6cc802522a7aed22078a35514bc37cfaa483b817fbd5cc854beab4550a58243d5485a01781f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
176B

MD5
d687b09493a0aa2e05fbd1761396f9ea

SHA1
2c7f9d00482d5b31cb4e5aaa4be597845ae788e6

SHA256
77bf506e572702d6d7344c35f5ba4d870083a5c3ebf7e9f158685b34a61729ee

SHA512
39d85ca42d26ce750f069c15fea53bc11e1122c7d83f38d85b87a7fb4461ecbcf61078299ec81bac078b86b23e5ea7e5a6cb35af615d62cbed7d51533429f236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
236B

MD5
c57e49cb0871cf9314cd6bd156c96817

SHA1
de420b933b4ce36d138328bad22a06879860f538

SHA256
ef5a5225e840676dfd1ad4167292cbf2fb0acfe81d49a9b57bfecfc27e011a0b

SHA512
b3e3b1c890ac65407b786e176464c8e98239a77d817cc1db3ab1128eb4b84ecd3d19ca411a77a825b64c9ca01454cd96b5471d8656f43557826dbcaa49cca555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\016523c449929e1ba4b2689b8bfce5aae7410194\index.txt

Filesize
229B

MD5
bce6d3a17aee8e3dcfec50496fc0aab1

SHA1
f760150c8974515dad9f132f7c1a4d9fe95df4d3

SHA256
8e4910f8b74ff79c8b0a5a3089b4d76c83e96f9c4c82e13e2c8a6c76cd330fd5

SHA512
4fa2a41b6c1a59ab7179d33c26dc692be1c9ec46ae0aa3f9530ca626329d0ba4a0a9b6b8e9adf853daf0a0f49f6c3421d770a67e1629e12082e4ff2e2ec801fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4ed1c2bc-07fe-4d21-98be-982eefa8b623\index-dir\the-real-index

Filesize
2KB

MD5
a30edd2ed8b02163bdd6f1724efc7f2f

SHA1
ecabdc724f487853aa9bf02cc86dbafbfc780652

SHA256
90c77c0db9b2e599a60b563e959dac960b952b2f30f2b91dfaba1f259bbfa211

SHA512
139ddbe96545db5b62ededd41f9cfb9896b614b47c83c7f7116b45722ae5f4cf69182b42627f13724733561e8d100fc6cbbb73cd363870924bd4a5093e65a4e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4ed1c2bc-07fe-4d21-98be-982eefa8b623\index-dir\the-real-index~RFe5ae3aa.TMP

Filesize
48B

MD5
8959f0dd3a8f0496a03eaa068066dc23

SHA1
d90c59e8632a88f572fb4967a8e2e3cdad74f571

SHA256
efc654c72d9da18018824964f1d6f19df54a0134cfdc7bb9e5a1595a2082ab3b

SHA512
2eb4ca69022966ad573e9e5f6c7ad4e6183de235927833759f80c13031e48cac6db39cdf95a55f290df82887e044b455af97a132c07d2ad2d1562855578879b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
a7e33d57f9b33bfbca9f00d0eae6de5f

SHA1
a95c5d4f993fac7b6d7658f5e6e81b7ec6b2e3d9

SHA256
28f634e1fb3098693116de207e657cacac6b365728b0b8af012b4f5a17b385f3

SHA512
13d7169791db189c5938dc61d70354e77a1608fa1dcf52219cfb8d8d2a28ff59f28ba91423ef28b5e6d1cd50334cef0bfff4a56ac5c61dbb12844a4961ed53ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
9c192a99a52db006173390040e23f815

SHA1
4f6bc3fe2dba6f4ecf8f7ec83568b16d8ae1338f

SHA256
03f5ef7b592fb4deb83e35a2196bf62eeb748fac43e68271a8bc7cabb11972d8

SHA512
48fb81a4be06f531771de801dd256bcbae0fa37114667fe768c972a9d0c51ebd454c9d2ce358b58409c6bbf1ec1e281113c4b8f02e9e35392aea6794d60ad037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
237b7c269c9a0f24fdac41cd1ed0f691

SHA1
6bdcfb246e0f3e4515c57d9903889bf2c394bed9

SHA256
1669c1f89a1a3c74663794cecd5924bbb4d16b45fc5945a874a5fc46f9be712a

SHA512
a2e0560183814fbba7764753d9764ac85adc5dcf63acfe5f8d93f9bafb23513a876b751f06391f7b4cd39e98969376eb439bac3f4b4de54842405c76468be9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
24ad5b8c89bbfbaf5dba5c62216583b6

SHA1
1efe0b058136ac2fc130b6adf16d56e2d29c2efa

SHA256
1b6650d2a204653ec24a3e32a3eaed797f9f8f310a32011b89e020a93a13f40b

SHA512
bcfd1c565d98768f8418ab5962602be03c91effad68316ec533b6b2de6b0ba8c09be6165e4e8f624ff8be822eac068b6244a98af994357c40da6daffd2b10f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
e1874699c8f344ee15ece6a62bcff2a2

SHA1
eb2e8206fea1edccb327a18f990ed2b72ec46a87

SHA256
dfb1eebb8998d683ce73afcc26ee94596c4dedb9aee431f2bab5aaf98d987d29

SHA512
5010db8ee1e3709b505bf8f04d02581fe1d7ae038e26f87d92b45da46b3935a53e63d07f0a0ecf10d1c10918b14db1a2d744c94d5adabb94e7a2407c0bbd6f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
18b6153fe130d987f36a95298f4d68c5

SHA1
d821a75214ab4976f294775e504f87a3fb17e2fa

SHA256
8a558958607c9492b20003c80761452e7d5f6478cac3fee4d2cab3c3f2d8ac9a

SHA512
f1c0390d254073409c8d9c86aa59885b957a14e6d0617d510c005eb4b8ef33e2151d7118697fc1b00d8e1db4226418f047aa86daf1dd56af905d5133c3af39ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
8b38a01040765367238f4228178ad956

SHA1
0795588f39a83633fb2afe715c24444d71fcbae6

SHA256
e6073a564b066ce7f9b1ca4d5b2c136da21b4aabbda193487817ec9999c06bda

SHA512
858d3cfe8d0b0530543201611bac3cf7d0949624858ecfa782fe709b9267a21cf652503a748fff33717b9c7ef5f3569ff65da3b0699a5925f243304ceb5b298b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
38d42cc6369463ed8be0bb207b6da100

SHA1
06a9d74285cd80700a6b9f3614c793dbbc4f37f1

SHA256
b069343542ecf986321b00a3c57d522a5817d88c843601674c013014f1437659

SHA512
9b2aeeebc0599db7b42f90620495163f913fb6efadb18616e77845b0541054acc5b72a8efa03f78cb1587151d0c363a5942059a1168c03b8b7826d06977bc96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599c46.TMP

Filesize
48B

MD5
7c090fbc0e4e4fd58945ed7166b79857

SHA1
dc24502557c5f7fbdc77567f4791e257d1b0cc44

SHA256
ece377007e886812ba7916033a7e7f1a9bbd28b3f1e3137e68b6d131042cca9e

SHA512
cab81e032ab4dd4a5c088c163fca1561438d3916a525813cc8e92e43206274e4c037dbbf9cedce9a92e7d231d9d5070584c9f3c024e61e4ea15aa7d6b3819a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f271a7202d8726fba0bc75fd2943e1e

SHA1
6583a4b05bf3fa0637411304a05a13801692299f

SHA256
c76d0713e44ccb6172ec8cf83cb516ebf9e62e6d69e8caf59f9389e343658c42

SHA512
dffa301ee2cc1e4cf6147b9f86bfd9982061a6956d0ab8800280b0edfa4c5d79d21b676d7eeeb485882ae744f470f751f21dcfbf230151ce7cffe64b6de165f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0051232e5b05361325dcd423fb4a54a3

SHA1
fb287069f95e2919af305ea03da4545dc7108c33

SHA256
9e2370cd281f1fb83a754d2198b8e299f28831e57306524becae464c463fda5e

SHA512
4f690a9be7583e6a25078599725aae1ba05bf733db97d0674551965795dd3aadba3a9ff4cdd16bf2e1896aa57230a352393df19e0cc0d807e34215c5ae15f457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
58e097b006ebee1da6bacc1e67b81968

SHA1
37641c052dad43018f979e8f7d9b5c6640a038e1

SHA256
d1ae8a63f1c7d63e0c3cb623ea013bc963edef75ef6a5fc4b95afb374353ce9b

SHA512
45740048967e2ea5a9052c7b0eccc145f09abf15d34a2c7b6afca6bc510d832acfcc9f2a6c4c49d598fb5fcbd1f01b9661ff56b0d6625b9685e6a6c30fca9d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
5706390c8187b9814234c3f356134b47

SHA1
9fbe969e12a40c9963211a2ec1f6dab524a1e314

SHA256
2ba89649e11c1c5242be91768d7003d8b1404d420dd2dc75d520bfb7cce97185

SHA512
2d778ca856f5d6eea78b144370cc0fb96c66b5883567c59be2e06d3dbf096e22cce009ef625715289663f2f5e5d7107cdc8f19361e063561e8e817280175b349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9f355e8eb14cf9ae3a8e26a29d875662

SHA1
fd4de59725c8275b5fd6656302dc91bc50e0a550

SHA256
6e29b2d2e16aef16e498e9ffdf67372c117ce3b7f5e5235f31f7bff2f2e23737

SHA512
f9493ff4277d4807cc5c0458ddbb36110960480a2a00dcbb702a870f0a6962622070458456777ea4cfc6b85923d57a6bcaf9f4eb80a203e581762adaaf8ef647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9492319cc7170c861796cb780ed23be0

SHA1
352dcacb98d767413fec45c0ee172c6aa08ae78d

SHA256
2175d9d4a6c2d432d62e7155d276063c7f16d77bed1547f3562ba635dc733899

SHA512
5494e5432f233b82f40eab7157b979dd059038116a17515fcb29717811bdf1b62d2864d172e12e8f8da67c3241be9adc0d54af37cc0572c9f1bcabbc6822344f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9778579a6a4a1d12a02497ad6cffde5b

SHA1
2d5f3a744d3e6d61f8c5af5695bbb2ec47683877

SHA256
af5950a3eafd12b2b0495a94c81cc907be70cca536157a0a43db0f813b7362cd

SHA512
743ccf1e3ab7dc2b9d550542066a4dfd5637527e9b117aa0be3dbbc818a75e534fd9c72ef6bdbebd5e0ba405aa6fb2fe8b5c48e1715203a900f796ffa69c32e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d9770c81f71c830bd4ab17b568699bef

SHA1
f2e5fdd0e79d0497885acfa95aba3c310aab9b3b

SHA256
ead07265b36884f07f1e4b07af40eba08f25bf72602077988972bc2796620536

SHA512
3bf13a42e6d8863b59567307e60b68a4da509c51762643350665c99241c11b9027cd3cb7eb93d23c91d38959a157fe3caa8bba7ac847aa4b4d9f9d55a880c131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d0f81b408f00a963b07338aa3da205b2

SHA1
fa2c671008272944519f3e2864cd408231c280e1

SHA256
5f3e5aa7709d17bd87f6566494a182471625a8c6b412f78e2b4262b16fac9c09

SHA512
a3d25072d2af8efe1aaac3419e7a6e4fad06365707220e0e7b3cb9b1d8c9b1c9a1baaacd0b2e5e97ee78b5e09efd89f8ccf5ae00c650996b32115cab600b054b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a21f81b57a52fdd61b53105ca93585fc

SHA1
49b09ee5f689d2413a396e5510211126e489d857

SHA256
413a08c11fbfc2bcb0959300a348f75042ce2a177ce6f440e0605f76884a8f89

SHA512
7a97b1cffd96924606374a384e06846a7c9942cf117bfc3ed4c3ee3ceb77c63df448d890ba23325e866e101417d82c7bbe73809eb8a0e4699ecf26001c877afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584adf.TMP

Filesize
538B

MD5
22cd5226dcc9b81db433cffd743717f8

SHA1
0756d1705b84ea00075ace72f1d3cfe168aadc95

SHA256
6cabee3c0bcd28971712b4f78eec74a2a4427a9f5bb5d3da02c276b1da9cc4a5

SHA512
a4d06646886b312eed001702aa32bbf9c6d66aef41fc615967e26b21b31e82a459d081ab13c1aae5bdc88f0ac6fbda96f1c0021874345e52cfd4b5a63f4c2da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d8d1da057ee9c1688afcf892c51a94e

SHA1
6a8488e36d79676b0e48a32210468ded6ed61125

SHA256
504149d540fe50d7d74a1831237e7125e3ef7ae9275aa73292280f6ea3ffd960

SHA512
426da493c0f2436e08ad6d707ce7a78b0820ad7e5cd8debf9984a8fa4c74a74dcd683535c005c6aea6c4fc181b0c8a5580fe3b2fdbe847fe94d8a3d9a2207fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\OxygenU.exe.WebView2\EBWebView\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\OxygenU.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\OxygenU.exe.WebView2\EBWebView\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\bin\oxygen_auth.dll

Filesize
5.6MB

MD5
cd3e516a5b2611997f141863de6f405a

SHA1
d1e1ba9219e32cea476ec58d5013d6c2874112bc

SHA256
48aa0793a1fc5e54fbd37268019ea7e3aa9344c6456c41854a8e2e7c3a39e857

SHA512
a43ed6168af5a8f3976c9d4a435429504674ba41f68e332c4f01c7634f0314f8356c95082d886d6ae8b760c5af65d573c8a8cc8bde2728cd029a72778e674646

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
54643cdbcea3062f706c433696f33c3e

SHA1
5cc1ea7f7e3dcd692e7eaeaf3f8b5249f44b1343

SHA256
20aeeac49b1f392c43fb2afabf06a821f31837f62a8a8e5ec16b1381f99b355b

SHA512
63eeed160f0d0c28cda70b186dda3b2a58d3abb4cc8f0da4dbcc0c3ecf94579081d57f4dd0e37e9fa7ded14c2649e5a60ca9411a578086e9b45095389109176c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
ed2c79903da023fbab7af1bd508a121c

SHA1
1edf2741adebe36e41994ba13d227b311a66fd1f

SHA256
58ee0d9b548d9a5a47c17d2eb4fa382e7cc8d350267c53a66ef71e975cab7f4e

SHA512
7477ed72f1f5287da5d098ece1489fd2fe53b77bdbdd6160fbcdf6e7fff8c712bb0c6077422ef738571039df517fb162319f8fb43bc2eecbaad4259f2b54f851

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
599fcc0147c1b0802b2858bf0ddc6ba0

SHA1
1b93f9602a34b377c1c653a82f2f8ae241cb3c82

SHA256
0a38ed7880dd2e70a1184e1002e7a97737594f8230c4a90806eb1b796d82442a

SHA512
2bef7310c49ea5f1add3acabea2abe1e53c3c9f0c9d3c4f06688f6c3e9684c7d60ea6205b3eb254d22b72a679d880d5847058f999aedecc697c13853565976a6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
a31ee0c8d19e971c928f90d2130ea50a

SHA1
1ec0ca5331dc235adbdb979bd408f44297911729

SHA256
069ee36225d2abdc48c68025dce7ee057ffb0181645a811ba7996f840b2c284f

SHA512
5f4a7e800e5f95c34d604f127f26930d191a09ce0fcf8b2d545f7ce734c23bfc3bea50810821db0181dcabf0fc551fb10b1879bb3adf1c73b28dd94f28be6cee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
d5d8db67fd1aaba834436febecbdced0

SHA1
e1ae42606aa0de9f79c0d70be74d68485107d2b4

SHA256
28ffb68d13fb4708d94845f7d23510df1004f63b2a8e537c7acdf2487f5ac8cd

SHA512
67e9009edfc465b437618f927442678e91137bbafbcc0472001e7b48ace611feac3c16071a298b97b3d04ed6cbfc1f19f65240206a1db5206a4fc1d5ee8f6f05

Download Submit
memory/4348-481-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-468-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-469-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-471-0x000000006B4F0000-0x000000006BE1A000-memory.dmp

Filesize
9.2MB

Download
memory/4348-470-0x000000000B080000-0x000000000B081000-memory.dmp

Filesize
4KB

Download
memory/4348-474-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-475-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download
memory/4348-476-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-477-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-478-0x000000000B0B0000-0x000000000B0C0000-memory.dmp

Filesize
64KB

Download
memory/4348-8-0x000000000B090000-0x000000000B0A2000-memory.dmp

Filesize
72KB

Download
memory/4348-5-0x0000000006100000-0x000000000610A000-memory.dmp

Filesize
40KB

Download
memory/4348-4-0x00000000060A0000-0x00000000060AE000-memory.dmp

Filesize
56KB

Download
memory/4348-2427-0x0000000001880000-0x000000000188A000-memory.dmp

Filesize
40KB

Download
memory/4348-2428-0x0000000001B70000-0x0000000001B78000-memory.dmp

Filesize
32KB

Download
memory/4348-2429-0x0000000007880000-0x00000000078A6000-memory.dmp

Filesize
152KB

Download
memory/4348-3-0x00000000060C0000-0x00000000060F8000-memory.dmp

Filesize
224KB

Download
memory/4348-479-0x000000000B0D0000-0x000000000B0D8000-memory.dmp

Filesize
32KB

Download
memory/4348-2481-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-2-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-1-0x0000000000E30000-0x00000000010B8000-memory.dmp

Filesize
2.5MB

Download
memory/4348-480-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-514-0x0000000074830000-0x0000000074FE0000-memory.dmp

Filesize
7.7MB

Download
memory/4348-0-0x000000007483E000-0x000000007483F000-memory.dmp

Filesize
4KB

Download