efa19e5908e4063d1b104b810136d3138f4b34d1350c00123ae1543fbc93c012

Analysis

max time kernel
1800s
max time network
1803s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-10-2024 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Subnautica v1.0-v20210512 Plus 15 Trainer.exe
Size

1.6MB
MD5

802562bbcb719682e5239724bbcb66af
SHA1

26dddeaa207b363225a0bb923177096b753c681e
SHA256

20c61005893f31e43e1efb523cc80a6267cbaa1d0f878d8b54fca7e2878aa81f
SHA512

315969abd2052edb5dd53ed5e1e0080320dc948d8c52e13114ff3971d89a59ce4263cdb1be1d7eab85d1368a10ef437541a575727bb373bd4af83e2eeb33a696
SSDEEP

24576:KHfTuC9i/EAVw5MarrOE8Q78D03McY04WzDSOcxMbJ7:Kqh/9u6aGQgD0ccYKtcxMV7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
1764	msedge.exe
1764	msedge.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
2900	msedge.exe
2900	msedge.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe
3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3032	Subnautica v1.0-v20210512 Plus 15 Trainer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe
2900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 108	2900	msedge.exe	81
PID 2900 wrote to memory of 108	2900	msedge.exe	81
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 256	2900	msedge.exe	82
PID 2900 wrote to memory of 1764	2900	msedge.exe	83
PID 2900 wrote to memory of 1764	2900	msedge.exe	83
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84
PID 2900 wrote to memory of 4628	2900	msedge.exe	84

C:\Users\Admin\AppData\Local\Temp\Subnautica v1.0-v20210512 Plus 15 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Subnautica v1.0-v20210512 Plus 15 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fff6ff73cb8,0x7fff6ff73cc8,0x7fff6ff73cd8
  2⤵
  PID:108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,6724497521387994200,11180791888378508326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6784 /prefetch:2
  2⤵
  PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
67e486b2f148a3fca863728242b6273e

SHA1
452a84c183d7ea5b7c015b597e94af8eef66d44a

SHA256
facaf1c3a4bf232abce19a2d534e495b0d3adc7dbe3797d336249aa6f70adcfb

SHA512
d3a37da3bb10a9736dc03e8b2b49baceef5d73c026e2077b8ebc1b786f2c9b2f807e0aa13a5866cf3b3cafd2bc506242ef139c423eaffb050bbb87773e53881e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
2775358ef2fe31ce7079aef11edc6136

SHA1
d5736ce147852b6fb11074d335e9d348496b3511

SHA256
d65bbb17178a559ce9fe6737c6283e9e5ebc018e12287b337b1f37d6fbf83b23

SHA512
ab4570f79b7eb207f5a86c25ff63471f568648e45f016889160905896ab101c6141992aa5711503b06e60fbb889e501d5f2e126b6d824e63122375959c71e2da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
3aaeb5d20c5b6cddfaac2fb615974a0b

SHA1
fed20e28ceeab148414559a80beee920f49f8725

SHA256
31fcc2562911ec76882b264abdeb8efac570bef3056c7d498690574d1d470886

SHA512
ce3c165e21c3dc5ecaf3d38454378333dcd480db3d4fdc9bf48450f8130975b53a06b9e1d1544c098073fd6804c51f0d4933f806293f57008432148f694a5814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
16KB

MD5
5266139241b2b03aef221469be74239f

SHA1
75c259cbb11bab36b68a61844f3db890f30f01b3

SHA256
e40bd055253be595ad5453e0de6e22904856a74f1d6a732a9b4882687a73cb2c

SHA512
e4252fc77925020dc2058aa9b0a2e6e7ef9d39d3eb05bd68bc1f771395c6831cde2e77c4439942a8ece9d856acdfeaa1e316f37a68f55b4a2d4ab9bf3f1d7deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
18KB

MD5
4c2dbce91bbe85998cacd6059a15a20a

SHA1
cd4bdc923bb81a66d570cad084f4af4f00270111

SHA256
ba66abd74d68eab696f8f2f804098529bfa09cc5beaed0e1966efa278fedd1b7

SHA512
298473e3bba9152cc5b60c2cb2de1363d4cd6646b3d11a4e45cbf0a3880693d97336be2d0e22361ca4f66b3c93a6753c89960663022e812fa4e5e83ab96eca10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bcac8becebf2d3cdc3e126be84b8dd73

SHA1
a19793a600ee24709e665282abe3873c37003110

SHA256
9b4d9d85b38d309b986569d3cd61c042065dab042586f50c2c558ff4561eb0e4

SHA512
19498b51c6355b59c75daec84c8b302bb32eaceba173957aafcd0c9f2c5bfdc9e0c0430e49b82355391cb4830255be8c56bb56846ca382115a669534dc90f7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_gamdie.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
cee28d370becac3f0cd802fb07045139

SHA1
c562bb45b94de9f2cd1617809b93fc29058323f7

SHA256
de37f38f9be332e63b6a8c44e7425ae7bf748377e99990f53fd24493df36ec1e

SHA512
1a16b821b82a922008da073ffe59d1fdf4790e820cb7d7292fa06ae8776c05e18443c361092ae6503699026644732ef60d5c1218348f2992fae1a24a9859b74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_gamdie.com_0.indexeddb.leveldb\LOG.old~RFe58cd9c.TMP

Filesize
599B

MD5
05f51e016a94c9a5f283a28617ae6469

SHA1
6aad81daca436753e7a0a84c425ef83bb7416723

SHA256
e4236ebf9795c67c74125eb4c74d7f77af07eb42851906137ef947cfb71f89c0

SHA512
1db4c8cd5d75affea8140fbb4a62d7ad1ac7b3b78519214d2c0ba0d44480383c16083d6cc5b45fa3cbd3ecd241d9839d7c5e3a84a1069e119b93041020ac6a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
63e4bf12bee4dd273d4847f1c052eedb

SHA1
0124681f498af2a3d19b51f2e6575b70eadb6902

SHA256
ffe21664963c159d028fab472f58060947e506d0c47f1cb2ccb04a55672bf3ac

SHA512
33d168853ab32bb52014d7e5cc3ff674296c2b2e002fc78a74a856a077742c2fdf2508dbac85250cd1f8ecc875fed57b3ba4772933a81854c14e5859294f1ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e278670e5c27008b4009f51cbd9c4aaf

SHA1
7d8438518f9fc90e0ed97eaf23626eab3da841c0

SHA256
a215896cf04391c1e6375a7a32fef5acc489381e515bcd74e549c9c1d8bece26

SHA512
6c5e31a4563042fd4e170ff58ac120c5226490dcb669d37a116882142c5443d1da9fad24b7fce7019d492d2710091bd3eb41bd54e116db51854c10923c691e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82d68718d753a7a0027de0daeb8c0cc2

SHA1
244a5a95c8e6d547c2d539c872a6fac451c0f2ab

SHA256
226db1f6e07d790eb7bbaf8036886a9795d02e9fe4f0f4620a68fbaf84b9c246

SHA512
6868c166b9966580bfc4a8b9c0a847f3d9b9d45b940749aba4781f155dae23bad2cffdc36fb832fa654a2627aebdebb8c398e31f49b2ca7a568dd27251007d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e19a466a896817ed0346a74891ac51e7

SHA1
e265fc152b859f974ec63e371d2e33dd03719384

SHA256
e20db465baa18bc7692fb4bab8f471b52e7d6b9a1ea555d33e1a7a4eeeee96fe

SHA512
b84adf62371a7253bb350a1ec2015bba752ba1a16f0dfd516ac15d8a87e9efde0c3e696831c9fa6698e511763e9787eb1cc0fd3435592e4148c790553b482865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
684df25ec2a3bdeba0d472e494c355bd

SHA1
92b18fa39822f2c2e6cdee5831875e56bcecb4e8

SHA256
0f49125a1b74d89b25291b8487ccb821b709b5954f1a8ea0febd621c709b3236

SHA512
0377744e282df232334f223ef108ecfda8c7af0c9001104e8dc6601e4d5e890f1c14382ceeb3701dc2c56fe4880822f26842decae9a1bf6d8e5cf090293323e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a8a6c1facff5f3837746696964af09c

SHA1
5f961226969d42a2cd330906d6b49d6ec29f27a1

SHA256
6068d06a0d482923a767f23c341e38e466771a74dd2c9ba55ea4056956eb6e77

SHA512
c787b49798d1f1053604de6eb37c4b336349a60985075cec93c50196e309ef81c8c202150344195b050fadbe3f2a7d596063bb1bbe783f30e76bb74b38cb220f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9ceebaa6dcaf287d64d65ddb84fea340

SHA1
60c08633ed894edf77b028066e0e1403b460e6ba

SHA256
c9de44e67796eca72f236804793bfb28e63f79be67723d19d52c8288f8b9f982

SHA512
e0ccb3227dfca9d85c7d685043dc00c5b8ddcef5903c49bd242445bddefeb0056907dab532d76be5e38c0176d58e4fb399b5a3c01213ec22100b07354d099800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7dc07f91f7b3998f107efb6e67798e06

SHA1
aceb38606fe7ed5c6e03ce9b508d63a374c6a372

SHA256
d772376e278e5a384e6ca785644b6ffdd22fcd6aaf99250b974272b78f0f5a7d

SHA512
956791c9544365a6fc36d560d89da4e0c9efb404ca32e707d5b78d174a1b57877bc73889892f05dbd40a809fb3343120d41f502a30448753c956572dd2117adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
605acc63b947bac643b3fc64bc5604d2

SHA1
fde2aa08c05175bd0320c343325c29684e33d6cc

SHA256
c08f94cc312ad35110388ad52bc220d569defba65d0e2b3a3245ee56ff3b3ed4

SHA512
d98bd315ae9f95e9e0e627f7d4624af4b2afa2db14b2bf546cbbae5758a337002f640d0e483aa5ac8e63bf35e7d60bed88562fd27ad77dabdc8778f740b7e686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8b85adcd833200e501bbc9b35cbf264

SHA1
6f14e75e95f1cb3e1b6df50f9f0f7cf24cb0a36c

SHA256
c3bc0debcaaf5c7064fe5c9fdfdab07d0a22426617f9b4a66dfd0362ac8b64b9

SHA512
6d4dfff4bb5f1ad0c423b5a2e0e7daa5619e47235c2ee262166524454627c81886b802372202ba544e206147d607f7a5269d80c52e4e5897e949d348817a035e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e5df4d2a5984431c73910a89e8ebab2

SHA1
cfef1953cb514c133116c604857d197af4d7c3b9

SHA256
6d97803c8b0f5445c587b1a82b0f98145238da92a845553a430484dd235bfcb9

SHA512
02df68a4327574e4cf7ece068efd1897f75f888327f40020ec570ef2c108cc8a266b3687818c80b3d788a598779dc0a981f185baeee14f28a0b35aed2b8b091c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e6c6ca4463748be6d272b9fc9b06724

SHA1
c4687b25ee79d1f29522d28560ce1e8d513c4c2b

SHA256
2fbeee4a129fae6492187b0d7490f8dc749b79c788b639162f278944834c28e2

SHA512
49040f397b554be8ab91c0ce136fdaccd42a5a8362c70ba2d9fa45e450c455158296c00dd1c6142f55a5a85ae6167bfc6cc393511b50fe91d7873b97c9fd5561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
078b16cd4e6bc13fc8797d334ca4395e

SHA1
a85bf3a7b920ba97af2353a2dcbf1344f8e49d07

SHA256
4c9155ee0057f2d738d500374187b9a10eba060cc99652f59e2c8d5f0429ec95

SHA512
57562f7535595bd8908ed5731ce0c47056c02c0dfe79c145936913d3e747e627d394ff5840bae337620d630e8cdf297ecc114a5bb37628ba2753cbce569e0d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4b2fe7fdfacbb264e38b64a4a3b7fe0

SHA1
fbff2725c470436a50f3a2ed42bb3064f9ac4f04

SHA256
ae8ed66cd98307cecf46bb373d17b2feb7b5a26eeb98636bc945fe2d0b5e8e9f

SHA512
64334a58dfbcbe0cf2cd37d81fb3222b06d54ceb89a7c61870f6a715688ecb1f8f3baa6e5fe418e5ab166a874b4be1a92c6c9a4c0f880e2a7369d05407b06bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
82d97ef3be9122bac2c7bfed654a5e6d

SHA1
9437f00e1be785ea28fd79e06d0df6cd580d8125

SHA256
7e5c51afafb743eb2ce09981d1bfccfc4abd9dc60c8c8b389f71d84bbf7bf137

SHA512
ddbd6e51be2bda7e314eaa55a19e41803c01604a521a543d757c136b7b4139b45b4529ce04402af2143635398cd9e0a4d47066f10c3438b41231c65c015cf5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fe390060897c3b5e0b82bf788011514e

SHA1
596033c9042bb7a593be98544373b102f84311ab

SHA256
879210ba8046c1220f427f073d8ebf64507eccfc11afda7e7320c522fe2f4c96

SHA512
5334b90f789ec7b32b54117a13501a51b9a058d45e4aefcd314dc80bf7f03d87968dabe42d040c3b6a934bdccd97062126b9e2ae89b70654e979a014681211b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
97af333ab64de415d3560ae1c0524f66

SHA1
aadacaa2fc9abf6a5231c6c2c101a91eae159aa7

SHA256
ef7db22edfc1fb1ff8d09f4d67d1d49916d28afaabc55352130380d8a3a6e064

SHA512
7c2913a54c8cffc65a71bdc1c491a0826536f400fcd20eeefe844c8e01480fe6a4eed1346f18d9c0a8f0dc470b8890c8d21da52f57b9be1262bebed57aca3b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5850da.TMP

Filesize
706B

MD5
0227755edb6475511081a2c8fc6003ab

SHA1
48af2f4189fb3701743ea273d19bba137eb8e567

SHA256
ce950ede21761d624cc28cb245faaec263ed4d91b7963ad567685836e6d5a710

SHA512
c207dafa1aab2319a29702ac32e4401cd25707b85ab79fb2ef1847fb5e19657fdf527ee12b20303cd96b551189e2a0fa188c0c80c5ef2ec60a37ad022e09272e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d6653ed4af129aeae1c763dbdc6fb14

SHA1
2e5ae8a03a0b3afb09015f0fdfd1a4449faccb87

SHA256
818ba29b426edea45e75323cc84c1e5718e09143f46e11ad7330e2995f54fae6

SHA512
c1e9512f8d08697244df0fd347622c5dd8641974360fd32ed019983894e6d8d8a2cbe04b9ff8cd9eea41cb337ef09615d49ecae4f4f60c69ea9709df504646d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5aa7784562d034374451f7b9dbfb4ec8

SHA1
e1a36676f7c7ea5554ae7a4d395bc1b36e7226ad

SHA256
9726fab6eb111815ac894ca52a4546a106f6dc2c4d032fb6f5d6ff469d229063

SHA512
46161b10ad6947936736e5c0fdfbdc503673a58eb363e8b6ca8dae448091e170a169f163aa86f5084cfd61cf8d85ff9be6042d933dc1579eda46d6e501a5d853

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/3032-1-0x00000273C82C0000-0x00000273C82FE000-memory.dmp

Filesize
248KB

Download
memory/3032-0-0x00007FFF5E8F3000-0x00007FFF5E8F5000-memory.dmp

Filesize
8KB

Download
memory/3032-44-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-2-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-57-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-3-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-56-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-4-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-55-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-54-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-7-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-50-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download
memory/3032-43-0x00007FFF5E8F3000-0x00007FFF5E8F5000-memory.dmp

Filesize
8KB

Download
memory/3032-9-0x00007FFF5E8F0000-0x00007FFF5F3B2000-memory.dmp

Filesize
10.8MB

Download