asyncrat | 7346914f0703f198aeaf4d8417ba2f729cde3e8b034e2803f94b07800d7a4e7e

Analysis

max time kernel
1799s
max time network
1801s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-11-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

idontwannabetrue.exe
Size

45KB
MD5

65702e476fe79a572631dc686ce6e4df
SHA1

2afd23c0ed708604eb5382cdc6402b4e90a68466
SHA256

7346914f0703f198aeaf4d8417ba2f729cde3e8b034e2803f94b07800d7a4e7e
SHA512

0c6132ddf953b44ab98c0f118533315bc10c1eafcd6521b8e1376f856de9620b32e5b0905f783423f9b89aabd2284ad4aa36b51ff09c5850a4880ecdeb232269
SSDEEP

768:Ju50dTtQpVBTWU/fShmo2qggfayJFxiOPIBzjbMgX3iUUacah3UjNMLBDZbx:Ju50dTt0y2KRG3B3bDXSUUTNMddbx

Score

10^/10

asyncrat default discovery ransomware rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:62565

127.0.0.1:4782

127.0.0.1:1501

Cristopher11sa-62565.portmap.host:6606

Cristopher11sa-62565.portmap.host:7707

Cristopher11sa-62565.portmap.host:8808

Cristopher11sa-62565.portmap.host:62565

Cristopher11sa-62565.portmap.host:4782

Cristopher11sa-62565.portmap.host:1501

190.104.116.8:6606

190.104.116.8:7707

190.104.116.8:8808

190.104.116.8:62565

190.104.116.8:4782

190.104.116.8:1501

azxq0ap.localto.net:6606

azxq0ap.localto.net:7707

Mutex

E2qgtjRHaRSi

Attributes

delay
3
install
false
install_file
Java updater.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp334D.tmp.png"	idontwannabetrue.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp4D8E.tmp.png"	idontwannabetrue.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\08157d3b-8a37-4663-838f-f608f007a404.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241116195853.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	idontwannabetrue.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\Desktop\WallpaperStyle = "2"	idontwannabetrue.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\Desktop\TileWallpaper = "0"	idontwannabetrue.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1688	msedge.exe
1688	msedge.exe
3284	msedge.exe
3284	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
4900	idontwannabetrue.exe
4900	idontwannabetrue.exe
2580	msedge.exe
2580	msedge.exe
2788	msedge.exe
2788	msedge.exe
5028	identity_helper.exe
5028	identity_helper.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4900	idontwannabetrue.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	idontwannabetrue.exe
Token: 33	2500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2500	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 19 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
4900	idontwannabetrue.exe
4900	idontwannabetrue.exe
4900	idontwannabetrue.exe
4900	idontwannabetrue.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of SendNotifyMessage 13 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3284	4900	idontwannabetrue.exe	91
PID 4900 wrote to memory of 3284	4900	idontwannabetrue.exe	91
PID 3284 wrote to memory of 4932	3284	msedge.exe	92
PID 3284 wrote to memory of 4932	3284	msedge.exe	92
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1704	3284	msedge.exe	93
PID 3284 wrote to memory of 1688	3284	msedge.exe	94
PID 3284 wrote to memory of 1688	3284	msedge.exe	94
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95
PID 3284 wrote to memory of 2912	3284	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\idontwannabetrue.exe
"C:\Users\Admin\AppData\Local\Temp\idontwannabetrue.exe"
1⤵
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.porn.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffec66446f8,0x7ffec6644708,0x7ffec6644718
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:1704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
    3⤵
    PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
    3⤵
    PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x114,0x15c,0x110,0x7ff7c9ee5460,0x7ff7c9ee5470,0x7ff7c9ee5480
      4⤵
      PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
    3⤵
    PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
    3⤵
    PID:5008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
    3⤵
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
    3⤵
    PID:732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,4861109688680183586,4307686471695892290,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6504 /prefetch:8
    3⤵
    PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.samaritans.org/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffec66446f8,0x7ffec6644708,0x7ffec6644718
    3⤵
    PID:324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:32
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3056 /prefetch:8
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
    3⤵
    PID:2804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
    3⤵
    PID:3940
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    PID:1856
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2348 /prefetch:1
    3⤵
    PID:3388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
    3⤵
    PID:1656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18308025336188792446,8844289070278627723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
295f18102d24c5deb473f2dc2a50d750

SHA1
394c96ddb0a8cdc2bbcfa08a36a5d4d0737b6563

SHA256
f87c6c50b4c42cc063df5e1044f6ea93dcd47ce2ae11cce1af9f6e3df7997dfd

SHA512
81628f7fdee04de81323b29cf38c587d4735c6323afdab63ce6be8c87ef026d7f0edde21f602e80289bf13fe41d1f0599fb0634973fdccca345439ed321f7915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b4b7bbbb89cedb6579e311868843111

SHA1
77a46b5a0c654490f2ec294b8a3a9263442bba6a

SHA256
5bf092527e36bb4f3d3817c9e26a04cdea3509ce45adc4094864982c6b15da28

SHA512
9e838d3bb3b1a2a1a0c89729b01ef737c1e33f3b36ef849075e489d3e90149e5d6fd819af66ad1d21a3001c43eeb4189c2e2555b745b8110c47ce3c5e93571ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
709fe095d3db571f4630e0e545aa84a9

SHA1
915c753ba69953a63d8438987d4bc332cd53993f

SHA256
14b010803939e1cc878af2300b07d5e94ff91dda47abdde18eea65a8f71c0c99

SHA512
90380b4d5045db14a920dcd65d38878b1dfb3f08baa13c7dac63343052715d6f0e4bf67215e009cc92b4c5cb93c8d68eade3bc8d19ea9b1a31eeec9b21f26164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1eb67cb9d5af009d19805ce1d3a2574f

SHA1
9c2cacd587d3771fd11b832ca99274a6072be367

SHA256
bb3d5daf03dc9fdd31adc38087cee38601e98285a1752b7cca890f6e0ef310b6

SHA512
f88c3fa264ff54c0d165005783cdefdf24cb52d82dee185cd08479eded9ff3e490d366ee77961ac51b546b4fc313a9cc9bf30da0c50385541382ed4e4da5a90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
ec30125d58757dbc5670ed37c2aefe51

SHA1
59220054534fa58bbc7c911d3dbcf24d3be13fc1

SHA256
579d77d36acdb91d94c29287e3cc9b364cd277b965e0fe1779911b05fcaf5c85

SHA512
203ebe8ab9117ddefde202324a191798792a5c46e0c5eb06ff6b0deaa07ccd2621f0005edf1771c541ba2338730d62c8388fd3c8d05c153bf34d90323917aa12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
a08a9707895c8a3d3ec770bf59c54000

SHA1
ddca9fdb3e6d6235e7908db962f3351225864936

SHA256
b0fb15d885379f51bbfe2c7c05cb3da1b38066bf3414a7b37a8f317ab3405924

SHA512
9c10fa5ee8a52aa61975793066f878b256ea1e2956649e9be38296dbc5a1dae1b6b40f1fe3c98588ed675bff5dc1fbfc8feabce8d76b5a1317afde0bca87f143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
b9fd1e706a632320bc8786b2acea31e8

SHA1
11f05d3e6c2c6c704862ed56f056c73cf9807e13

SHA256
879927fbc2a7f62be6b51669cafe6094ee312e3de1807495cf69d18922de4aca

SHA512
50439f9bb758d69f1c6cd406ce9b80d6ebc946f60a3c23ce517c09ed5868777fc92397764bfaa3f0b55f5795e26273f7cf0ffa0cb7aabbd0a2e69c2576988fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
43KB

MD5
916d4f9cd2674d69c2376f157fb1b172

SHA1
720204ddbdea1fa764bd05c80b1500854f1e7f01

SHA256
14dfe8a186470d974a8afee70ece590a9464ea2fa4caa2b936fce1a101e4fdd7

SHA512
0b22f2a6f204ca8f856c8c6d64eca4fba1dfda0a70ee254d9239b30768c24a1197dc16c4f0f651fe57b5e06682bdedf4f61365b9d06c83222336d5b7f8d4cfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
ae8a5dda93a0c5a9b941c2eea8baf6f0

SHA1
636c244246621002e723a5b38e0e8f1f27bbdbee

SHA256
1c107c7b710508c5ce686fb5dacf7a8990787a17f729fb1035f4d5afdb531a1d

SHA512
6634543da443c839bac1237eb1b9b746a853d38c798803b27ff0c6e539e0ad4d55d3c7fb2048cbe336e7e85d91e1556650a2ec7bc268abbe106e3dfc608edbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
76f41c028a66446d5daa23f222534286

SHA1
a014fa590f7c5d92fc240bd2a8af61d4806cae1b

SHA256
6bb5ed338f483ae8c93be69059e96b0836ff570b237645d642e100203200d0c4

SHA512
9e421caa89b4c036b13da8ae5acd83cb056aee7412f0171ad5571050cae68a30c93c1b14a9d96e845904f194d78bbf6c79eab68636b833f82308119fbdf62e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a0b06c2b3c62722d625b4dba443500e1

SHA1
6fa039177d1af3833220019e73b3596dd785aef2

SHA256
42f0eddb5e3802ca11feb935888128324c5e10fe082e24fe1a8dff8a42f71d5a

SHA512
0544993a4488917031bb60e4f2e089e676082b80f1780cb266fc3d13655e4d082a92ef2c1b1a2aa8ba9842b8628bbdcd30c8ebe59c54cd7ad2226e204f1c5f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe64758e.TMP

Filesize
600B

MD5
fb1059171ddad839063a3d0ed52f10e9

SHA1
6b95daff40fa13a4097f00751e68a0353cce75d3

SHA256
7257f19479f650babe73c42fe80c433f3e7a30895a9c2145dd42b6165561c4e4

SHA512
f4078bc4e84cbcb4e3ca68129869c17f07d229418dcedbbe9213b6e0fe861b894681751879d735ac091750ee9d181e0a4364b3b39fe6cf78061a5d694f78042b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
c1ce3427e708dd6fcd51b5b1a8bb036e

SHA1
c53d272aa0eeca80e725aa85f81c881653a9f75b

SHA256
24baa31a32c940a24842a2a5d6f5a7e444ad6acb4bf8987078faea07bea219cb

SHA512
3a7139e3bdf90e987229a663a8d16ac794b597a3cdc0c264fa16dec658198b7067fc524fa54e6b53d75931b9fd6a6c6c7a4266c349274e030594bde673b29efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
281B

MD5
293d409807ba7838ea12d482ddc19b06

SHA1
0e2bb295bad697e7352885121a5d1e964172f57b

SHA256
1e1790173c2c21b6aef7f5e6e4c4c75ae4a90944fabe98919afbec4578105bf8

SHA512
77d9bb68d91cb96fb26294301936123bcfcd0ba89051457e204d1c7fe10b1ea04db68a37f0435c91836cccfd8f532f1b320b117638ed50a8e821a1f2d6950d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
9ab46246a5c0ed0b80934376b66cdbea

SHA1
758ede0b373bed8b7be927ff30029555e8590f76

SHA256
dc027e654b9a6b7e03e083bfefa1aab54ea6bf66861f509fa9afe3d1e8ba1de0

SHA512
b49998fd79c505b7ea34a3292c217a1375ee915584aece2eed2eb19a7bbbe07256bc9b351646407bba0df2add5e43293225900bc0369dc8cce4e5fb5f7dcbd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
286b7d23a35b779d443e4dd198ddbada

SHA1
4bee2f5d5078f11cbabcf6994995b2ec3e949c15

SHA256
a24a52488abb8cd3edcac702c4bae7cdcf2e893e0f90f99a980307852a681670

SHA512
4c795a56904f6d8d024e0aecda1ea2bedbf7bde6f8f6a2947bce9566bc72d19dae005242c29489aafa43d1e83c6e32b174293287c7afb008c85d89137cf667f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
64da2db92f33fa5acffdc41e20b6da4f

SHA1
787587a0389829232e66857885a7ecfbcbfe1d8c

SHA256
c4ac9d04dfb17961367e93f202f692b1077e0c01bbcd91ec5278f6f26ffdd185

SHA512
c7dd84502246139fe4034b1bcf11a3667f1ed80f551376e3e650253fbb41ab36c5846e80a02852d2b7bced441d8e5c06afde70ea8f3cfb450ba5b5460f659115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
14KB

MD5
4b9b590021c741b44139710aa516a3e5

SHA1
488fbbd0ef39291cf076ceffddf94a138b746054

SHA256
14c96b20255ca3d3f07c6a4b6ad8752d3e55d82065b21fd13b2e5685cf4bc2bd

SHA512
48c6861633f00713a83a527ac389f8fb75b540effbe9d695e66795114ee6f75a2e63463b6cab77282718a40bbf50c2af23a86ec67e94af55c87f5e6519058756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
1bc64c20e3631539ad80c392eb6fb946

SHA1
5b80884fcaca5caf6b35e7b7076b29d5c9e760ac

SHA256
5d86c88ce0a01a0bf9a12e0775b8a7b76b83aaabb72788abf696deb7b49c6b23

SHA512
db8b56c9d1fb408b54c99e60dc7c165e533b611e7654c2df4b2db432b93f2054abc20db1a5e3fd144be2d8c4db63b9b3de5e64a70d066eb354333ea527556e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
93e402aa7681a73841e32a840827e153

SHA1
cedca2f0d8be3c76ccf188e27b852a157bb9778a

SHA256
3f863dbbe0b0870f2dcef506f2006975d2131f1b3ab4cfdb1a470d4c9b133005

SHA512
1459d726d2f55fdab1666fac08d01768e2bee3e4f203343d8954b851a68210e655a2dfd36eb2435b56a8b43967d60db2dca67356bc27bed65171ce0967f6eac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c4305f4b7e7ce87fe33ed3542d5b5760

SHA1
4262c307d97bc20ee7c94291031b736cbdc42a44

SHA256
aed5090a1c56eeeaad4ffb8ccec2a33196590cecab2eb39476f2e84b4fe1724c

SHA512
8e0e2256700c754b5339e47c39381acd46e06440329d43a9bb7f150b85fb42e0bd75d50be8859558af870e3c567230ec182d0426f2a2a1a2f9c900e4c1800bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e648bcf95b18fa57e6e3d2ce927411c9

SHA1
5f13bbcf7a37247273531fc271fadb86f8db7e4f

SHA256
ccafcaa1a626b4fa40090445ddaa5518235be9cc687bbbd2e23b47e9f4f2c3d0

SHA512
936fdce7fc1a6ceb75cacb3399144a1acd3a9e0095f292a1232ac1f6ce1f3e5838051d72ac4966729287c9257e77f18d8eeeaf27f0dbd2b996b4092e53b35401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4cf414e077795f3a16c713a2d5d010c2

SHA1
ca7633b9a89c71b7bf8823405f54e302df7f2265

SHA256
94d3384f30dd36b467e255ac72721821653be98de64cc92c7308da16883d1bf3

SHA512
e16b5e011a6dbe1cd4ab006e529e98ceb20ab32065eb6ce6bd372d56fd265bc9e7f8ddbb538dd3a7b2a8815714600c444b222489437405611c2716624ae7b4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
809e037431aff2a8e100b7e990840d1f

SHA1
e28885e7e279d4db6ebeff088b1c080800284773

SHA256
2431d46b5db55beed3bd7db9e43cf9d62d4dafcc6392c373dea7f723a32885f6

SHA512
140676852ee882ea6faefe6ac1b53c9595c85654e42ecd187323ecc45e8b1c1aeb15729832973744bbba3786bb2fa98bcd343857aab68a0f294aeead8a5e1772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af7135f50d095531fb18e48228f91087

SHA1
41c0f727a3f150f243d34e8ad6ee3f3aae668b10

SHA256
be59b36cc20e13f19aa9d3f087589161088b237746c95b48b7c56991baced69c

SHA512
53ee3c2f1932c892e96610a74a627b92a7f85c2aea997abc80b7e97b576436cbcadfa7b302b3199481e50a00e08b9e90811d0c177f32cd4eed3e8c78275a5edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1bec64115a53c339e106ad225a29efee

SHA1
2d6dfed0b2dd516cd8d8a8876012a49ea7d2cfb8

SHA256
250d72a1b0412189e8e99a75b6601201d00487eb53605f257b059769616e8795

SHA512
0d692c75a00ffa62a11b925a534eb52b46e948d2fa1273727e7b170ae32979e731111c146aeeb3424e3aee21e1d1a6bbf026d262c344b1d941f4467601330b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5c9f72e9d11cc0d0145e295ec3eae153

SHA1
de3b8a2322d191becdde728df5608edde10c82d8

SHA256
3349ab9225de51a1bb05598bdfff0efa672a47c812358f44762b9d7bbc1f1318

SHA512
10cc51c70c5853943ac9027e6db819dc6f533836d32237f50c085d038a9afbed3923fc4079b961882cfe84de8fa1c1f05d04d7746a0f8d0ace9ac4912b685f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
757a2b7bc81785b5b6bde880d0bbfcb2

SHA1
105de651000cd62eb14906ee97405f5020053a55

SHA256
af09b2f84e432118bcaac0b507aa1b4fe0a8f74f233b75f301c001eddf0d2d60

SHA512
0c521d661de34ffea0d5ed97621e54f68b6f557c3304de952467c3b357e0e69225b015afe7e92807dc23e0fb78a7aade5b537ec2c07ff46326684c152469ef00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe647408.TMP

Filesize
48B

MD5
da5f7ef33d5049b45f6021a9f49b3a55

SHA1
ffc8327c7b062a8faf5d2046578b4aab712508db

SHA256
731519f42b0f471ddf4af56e06b0b2359ae42f06d38276a53f38088a216a4d46

SHA512
b93bb8d300d8fbdb4cbd656f6c28c23c237acf14ab0975aa1923e18a42be9069a9006fb41229ee30240de084d4647dd9a558a3db20e28f928378b39b47d31b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376260731432899

Filesize
9KB

MD5
ad043e7b06233949f8860d82f4eddc3d

SHA1
467461268bb83e35e63adbde22531779d49d15b2

SHA256
7c815ef35af5702e3fb38cb653b6ec37876e339fb96c0689971b9f853542dc5b

SHA512
74e9bdd2e196651ca2953fe6e652298b59840151c6c44cef70455bd405a115d2bdf6e3a288c66f6affc24809df7ed781430d07125c38e285125b4d2dbc830815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
50222041d1ded59dd540507d0f499a19

SHA1
809142894ce79a2f7bc88d891a6ce4d2d1b371ed

SHA256
c70ea73abc63c394e6224c4c6b74910db068209be1926ddb3385a466663d66ce

SHA512
b23e925287687e9dd1d193efc46cebf309057d4e3f6b7cd3e19db96f4c0e40d3289c460b96198317f8ced5e0b9e50ecf1b5634597a4bef369b1da31944b2a4a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
34956088314fbb3cf74c4b3bff2a23c5

SHA1
74dd3dedc01e3129901fb4a08267997b5e4c39c7

SHA256
adaf99b0f0e2e5634e3af4ab66fbd67f4a8e4fd9ded4ed52ab485792d006f4cf

SHA512
0954c4be56c6d9607ecfe6f5988d337b3ab257bfd6fc7fd35b8b0fd9002b1e1245fb77d1d34adcd2a5bd55441b84e1c9826d02d5d19f5b2d87a631b850b6259e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b5fe21f4327c326865e6874d44753e22

SHA1
c4f1a2ffe4e7a20c19cfc2ff848c1098bf76540d

SHA256
7624d055e4998ff5524c4251fda557fde61072f928b1731d4fe938dedd6204b1

SHA512
43bb31e7a65a309c49f5710f6d78facc40b977f797137148ac152ad95f1e8a1fbc407b8906eb7e320734918b1694d58732d1d0cd9da0d0682afc3bc63c89c73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6e98678d5cb761ef45e29b3ad2e7cf58

SHA1
26263ffa6b7e738c8159c5837e81041cbe65bd5e

SHA256
ad28f52c25d005349ae4c92d4f3d8ddc645ecba3af6f06097b69e19801752d39

SHA512
a407329214999972aec642a96c83844d03d39d9a176bc3a3210143cdeb2d687eaeb2257bf927eeb1f115a3b83d1979721f6a483cfdd91828df9e341a0e42a78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c56d60afc1918049aec7cdd4c9786143

SHA1
269aaca649a23edf883b2be377a2da3c4ff4e850

SHA256
41edc0a17483be47844eae73a6b7fdaf82ea31c77531ca9473d02fee9918a86f

SHA512
962aa088b94a00af4b9a6cd871cfa25c8c90477137c1a7737ff1825b895067c9b3c76cfb1a72d2a53fc46d9e0ed73954c010cc3cc7892f3ed4a29a8aaf06a3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c6018a97e9c4d7c1c2c3c6cc21a433c2

SHA1
a9e7d46aebfc30634b06b4ad57479a0c94d6e1e0

SHA256
a79ab4ee84a23b000b2e7e2511a1328c4fe400cb7abea8f0fa58f070ef5bfb82

SHA512
d95b715d59aa2cddd935008ad74c9b0ca5898aa3c25fb1d4fcbeccc70fdaa74d38809684cf3a630f768abe40350870e44cec11433338f2058b8bcf50334f079a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
4KB

MD5
d9f84c8cf73422f2ca07d7e7462b9534

SHA1
cff6e092bf5bf1f3f47b7074847e204042a881ae

SHA256
5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2

SHA512
1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.1MB

MD5
0b9783ba8dc33bdad2eda8779da2c57e

SHA1
417824ee92e566dd254a0e199261687ebe4a684c

SHA256
4ab525f6b08ca5e60563ac33ab935e407833834bb4f15d215eec592041a3d39f

SHA512
ad2368fe5a542153ec3903dfc4aadf87061f111885ff9450c4d199e092973ef3854d8c6730acd1b6a63bf03f8b8844514ce1e9ed726876785ac4f28407ee2d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
3f8c64ade9316cfd14e83f50726c9f0a

SHA1
2e6fa6576dd5e5eeb18ea5fc6fdd1e6074840ed9

SHA256
c32e5207df572da3d6287292e6f382441998df3e9e0397cdccd5d1ac848b87e6

SHA512
8857f49e37bf00fa2e37134d7b9cf2a7abd748cf92ce85fa3fd9ee7158bcaf66fc3ef1fc163977cfa7f67e6152f45edb4bf4821061c67ae2f1bf01b9db879c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
281B

MD5
4009ffa63561048ce648f962a1fd8e00

SHA1
cf4ebc8d8dfca9441e7462a6acee0eec23d3752d

SHA256
b5142d9494b10b074e38b26dbce4e42e62828e517f8be7c0453f903902c18f41

SHA512
0fcd4a7ce977ae5f8e5369de329221b16ddf915bd9c88b4eaf3408bcbedfe37d817f6f5b04abed591edbf9f3dde52b18a921bc5ce889e154b407316960672741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
560B

MD5
ef887ce8db036cbb0988ffbef314acbe

SHA1
24c99d70550ca8d05c11bc8e38e2802f03ea76dc

SHA256
dc2432669a49c4c5f636278b4fa591424083e15c54da8ddc2e1d685f2bc695ca

SHA512
3d351d173fcf2487b7486e8d9ca20e52d6f2f34730fc9bf76ad7b00a7cdbe49368a5920f62ce07a952ec90787a70251a1971cb056c802874ffe889f8ef7836db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
299B

MD5
a0d636d10abcae0ee781396077e2b22b

SHA1
445547887492007b8880419202e8b5a0d75b96fb

SHA256
60907cd250f5edaf9b0827e5dd0cdfb1d30841d07ffaa0dc6270cd94f8e56100

SHA512
5fa79eca5921c847a48f3e2f9f8d1263539b25e32affa9370339745ae9f8fad65b8140ec618257012d52dd9079ec4ef41b28a5f3c387200ee36e920f881b9534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b4a9dc62a6bdc6bb0e90a423593a58d8

SHA1
3ca6110834fadf01558b9b911404d13b66f37a8e

SHA256
94afc279903211e3f6d0e965ac64ad2b310cab02d46347edd6e22ed82b040d12

SHA512
f48eec86c410772935013d58543de40d5e76468879305a4f170cde6c67b4927b0d8a5bbc9fc64693d1fbc983e0057e2581f842ff6f6043470c775ca14fed0fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2fe076eb41b00a590eb20ca411d52b32

SHA1
04da0cd84a591c15f5163df37a80dee9007db110

SHA256
622fd5754911337ecee83059635b43107a1052dc7c7b5aa55724ec607f4e2978

SHA512
f78b1b8cdb5910a19ffefee2a2223a2e7fdf33fda317f9afb3fbd481620ffeee0e2926429d82e68f24bc38fa40a5a20b4fce970694a29ebbd477e0d35683dde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
274bb2424dc1d54246785d26488a982b

SHA1
f3a2666dad2b5bd74018d06dcc865763c7f70c35

SHA256
0420d75a5a7e774c99455fb4a3119dcb7997d74c6b2ddb25ffa581b39d6257a6

SHA512
10974c1fdf8409c67f3e6a6e21fe446f04b74dc65279791fb94bd0276dc619a04345c3a27309c5ad4cebb1b9cb2f5d8fc70213940d25c4cffb6bc6085cceef1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp334C.tmp.png

Filesize
1.5MB

MD5
24cbd383fccf8ee8764c297d94b5078c

SHA1
dc61f5653b098250133b9a281b4630abf226bdb2

SHA256
247b94297f36837a905c4f628ffeb219dece7bd442446e4a2a44c9a88ed4f546

SHA512
be6c9ec813de9cfd0557d9a959759cbba4c2f659cec2498f2a2ec370319018dd522554b677b75ebecf035a7be1e0d559d68c0de50f5a36d28cf4df42644feebe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
69ee056a58993d8f6215e52f21a1044d

SHA1
d8466e0d2f6174083437dc4b25b119ba19d4cbfc

SHA256
dc6bae0d9a643d925cac3b427245e1338b59b7ae5d6ad6976615a6c7d56d96d0

SHA512
792c87fbcdd0b5b036a6f898413cb6de1d9cf1b16205808ff969f31bdffb7b8bcbbbfc5324858978b102beaa2e938cfaac7480493661814f39e0f03f05031d7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7eaad11b3e7ebd25350bf8036c32c85b

SHA1
d5c417f382922d2626432e52e12534fa97f707dc

SHA256
3117b47fd621ecd4bfee170aa3c673387e5ba0753cb038eb06fc9b4ef5239456

SHA512
38059788fe629b60ab7db65c20f1bc70f6b6caa6c43382399a19b61ff11c32a98af01f5b980bc6a982185c2e25bbf65eb59a788adce1b9fde0690bcb4def18f2

Download Submit
memory/4900-372-0x000000000B1C0000-0x000000000B222000-memory.dmp

Filesize
392KB

Download
memory/4900-14-0x00000000066A0000-0x000000000673C000-memory.dmp

Filesize
624KB

Download
memory/4900-356-0x0000000007CA0000-0x0000000007D04000-memory.dmp

Filesize
400KB

Download
memory/4900-369-0x0000000007640000-0x00000000076A4000-memory.dmp

Filesize
400KB

Download
memory/4900-370-0x000000000A6A0000-0x000000000A732000-memory.dmp

Filesize
584KB

Download
memory/4900-0-0x00000000744DE000-0x00000000744DF000-memory.dmp

Filesize
4KB

Download
memory/4900-371-0x000000000A910000-0x000000000A974000-memory.dmp

Filesize
400KB

Download
memory/4900-373-0x000000000A8D0000-0x000000000A8DA000-memory.dmp

Filesize
40KB

Download
memory/4900-19-0x0000000006B90000-0x0000000006BF4000-memory.dmp

Filesize
400KB

Download
memory/4900-18-0x0000000006420000-0x0000000006480000-memory.dmp

Filesize
384KB

Download
memory/4900-17-0x0000000006B80000-0x0000000006B8A000-memory.dmp

Filesize
40KB

Download
memory/4900-16-0x0000000006790000-0x00000000067D0000-memory.dmp

Filesize
256KB

Download
memory/4900-15-0x0000000006780000-0x0000000006788000-memory.dmp

Filesize
32KB

Download
memory/4900-355-0x00000000061E0000-0x0000000006244000-memory.dmp

Filesize
400KB

Download
memory/4900-13-0x0000000006C90000-0x0000000006D22000-memory.dmp

Filesize
584KB

Download
memory/4900-12-0x0000000006960000-0x000000000697E000-memory.dmp

Filesize
120KB

Download
memory/4900-11-0x00000000067E0000-0x0000000006848000-memory.dmp

Filesize
416KB

Download
memory/4900-10-0x0000000006860000-0x00000000068D6000-memory.dmp

Filesize
472KB

Download
memory/4900-9-0x00000000744D0000-0x0000000074C81000-memory.dmp

Filesize
7.7MB

Download
memory/4900-8-0x00000000744DE000-0x00000000744DF000-memory.dmp

Filesize
4KB

Download
memory/4900-7-0x00000000056F0000-0x0000000005756000-memory.dmp

Filesize
408KB

Download
memory/4900-6-0x0000000005C30000-0x00000000061D6000-memory.dmp

Filesize
5.6MB

Download
memory/4900-5-0x00000000055E0000-0x000000000567C000-memory.dmp

Filesize
624KB

Download
memory/4900-374-0x000000000B750000-0x000000000B7B4000-memory.dmp

Filesize
400KB

Download
memory/4900-2-0x00000000744D0000-0x0000000074C81000-memory.dmp

Filesize
7.7MB

Download
memory/4900-1-0x0000000000420000-0x0000000000432000-memory.dmp

Filesize
72KB

Download