7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Analysis

max time kernel
131s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2024 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/nsExec.dll
Size

17KB
MD5

2095af18c696968208315d4328a2b7fe
SHA1

b1b0e70c03724b2941e92c5098cc1fc0f2b51568
SHA256

3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
SHA512

60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5
SSDEEP

384:PbGgezxEqoyGgmkNFNyQH38E9VF6IYinAM+oZhc3iMy8:T31yGLkbMEpYinAMxZAy8

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4008	764	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
2968	msedge.exe
2968	msedge.exe
4416	identity_helper.exe
4416	identity_helper.exe
5296	msedge.exe
5296	msedge.exe
6052	msedge.exe
6052	msedge.exe
6088	identity_helper.exe
6088	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	2428	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2428	AUDIODG.EXE
Token: SeManageVolumePrivilege	4708	svchost.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 764	2268	rundll32.exe	83
PID 2268 wrote to memory of 764	2268	rundll32.exe	83
PID 2268 wrote to memory of 764	2268	rundll32.exe	83
PID 2968 wrote to memory of 3092	2968	msedge.exe	105
PID 2968 wrote to memory of 3092	2968	msedge.exe	105
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 1608	2968	msedge.exe	106
PID 2968 wrote to memory of 5036	2968	msedge.exe	107
PID 2968 wrote to memory of 5036	2968	msedge.exe	107
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108
PID 2968 wrote to memory of 5040	2968	msedge.exe	108

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:764
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 612
    3⤵
    - Program crash
    PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 764 -ip 764
1⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb896f46f8,0x7ffb896f4708,0x7ffb896f4718
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6184 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,6345679204200026922,14365899671914360847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4924

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x38c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb896f46f8,0x7ffb896f4708,0x7ffb896f4718
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,2799777147936153889,667680439633026709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5864

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
c19c436de16fb2a2710ea7ff7a8cef43

SHA1
2a3ddd3d3c68c2b2c81dee419419a1cf22a9a098

SHA256
a48728907062ec7ef28d8b1dcf9e29075896e61c9a0996fc854aefae51ec9a3d

SHA512
a31b928be299223622b20a252dc1f4f00f3bed979e848ff3eea690236e8584890925c07a3d8d017719f1f271a1ad5a7ad8d2284f991f811f53fa7c17b297b3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f26e56c49f397859e372b17f70a386

SHA1
73a15c3fac71f444d5511da147d8b3a511869238

SHA256
1d78983939aee1f1744816d1dff61b4981df49686116329d569b8a215c322057

SHA512
6bdb020f2e7a2fa3f1d9fb4a1b02b77b1497d63eb5334c140ef4933c536b71ab78db637135ba103677a3d53946791398dfa261561641e3a56fb419f7c8cfde66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
744f97229b32e80620d853346d83bb92

SHA1
6b30b09595a71bf09d0592fd807060c0f5826fdf

SHA256
680013a5168def4d0f617cd15e76fadb2d7a90b8115ec8f19bf2fc1c6ca679d0

SHA512
00fc9115124f41baf0429bf01a1149ae89f6209ac7ee0610c825bb3abd3b4a14dfb5217802958f9ddfceb22d3b6167d481d51949102504289785a81953abd5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3b541b2a7fb8c05943442fed7297e512

SHA1
9fdbcf6af71ab20c6b04df685b010acd8917b5c8

SHA256
15d43840f5ffcdbe8ca5aecd9a16a5a79012b420421cf3a8a472cc9ddb5b9f18

SHA512
f9493396aa38ef5b0e7e72b109e863dd9c1c644c3c8baef526147584328fa351bc48da86937f893fd23660ca3712f279446f484a18435ea13f3d997db31de59c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
520KB

MD5
9f7f1c2ca27a78c3448922251d9112e2

SHA1
1034693197e2480aafc65cc55280c09f0aac26e1

SHA256
913fe273dc5fac10276798d04c1a763932818e3be1a0ca84d759eeff31518bcc

SHA512
bf7012742f621d5bc0ee5e6bde84f430fe0d18ecfab80ed46400c5102032bae1e2b7ce8a0af41a57b732dadfc29cea55d2ace3a2eb23944d0c2cafbd5fcd5e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
3.0MB

MD5
139edb08f70dcbb8b33512d555d0c507

SHA1
da5d89304b3fc19637c36d461623e946c3f251b9

SHA256
ef045573d45028fd38f721a193f5cc3c6716514f751448216b1236e43ddb78e1

SHA512
c50a2df5aeab768680bae9cac178f908849e6d111a7ff77b32e0bf604d6c392c0b8dc096086b9c279bbadbbe8c4cc55f69f425d16647793d0ddc84b6c9f901c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
c4826de4f61b145497a96d202c4b8b81

SHA1
b94832526c54090809a8693a3bb1292915ac76b3

SHA256
ec615a72b4cc9dcd0652b565f5518cb2a8bd25f618a1d221f05e72e4d7d41e14

SHA512
ce897b23141ed7c58507cab07a9ff6a7890e07d10d9ab273f673be60c3bb6d281566ff17bafeab556fca77d4af502af26eb179706c975c6b55ed73dd0a75ecc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

Filesize
1024KB

MD5
16d5f71215f76c09e6db9e5bdd3eca18

SHA1
7a94d602753342e737e8afe97032432bf842c322

SHA256
8e7dbfc75efa7d1388d179834eaca5a88e1b289f4c918bf1c0f7ac08501eaefe

SHA512
43a95f92ce61fb5647ba809aa9766a39749d9071492153fee653ec77c9af73405c728ac837775902a9e753d779fd28ac80b331f88493a1c193520681e17071a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

Filesize
1024KB

MD5
eb36f3a8ce2680dc009224356402e614

SHA1
2addbc054a4b9ea86e1b4a8fbf94307efa0971ca

SHA256
5d617e1d26fff82e523dd6c4849a04d3409e4c808c7650841ad266ff4158a10b

SHA512
683ba072010ec1c7fb3f06568fd95e88d8e50f88585340ce4fe31fcfdf08951be804001ea8ebca52c403c00399d514a033ae4ec8b259a930b5a7166548a03a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
975KB

MD5
6b7a72cec1582f17d537585d1f17311a

SHA1
44d165bc4ec091f40462a7b22e08d7de8428009a

SHA256
b57c31e6ceb6690d688f4c0f19ab76488649c7ac15c053b4735f488a9fd5fead

SHA512
ab648276f306cf8a17ce54f96eeac8924698c020ccd6af88e9ccbcb04ef350d9b5381bc89834d30cb08d745469e0f986984f509f53a28906c78794e9b9777226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3d327ecabd8e94a11250133949d9475b

SHA1
39e143a01e321612270d21e6ec5f8c06d653842c

SHA256
39df9702f815ad3a72057f6d9e91622af6e5b376f827e6d3ba25e55e20a1c1d1

SHA512
8e9b054d71954927f7068d05eac320ca357ad78715ea05370a48433138b0aef1b20603b6705f7508032f5ddde6ac805ee879212b2ce76a65b82e52865477226b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3c792d73f3b47832585c234894139b09

SHA1
d51fd62f2aebb148b633d95ab81ca1d6ad03d6df

SHA256
db6beba5885a5e0a1cb2420ab7d4cb3f2a6f060ce901a707f6e470b1fcad4726

SHA512
19f1e61e651639dd809ae34125ecbd94dcb7e0580be3d9e6e2b3355fc457e6ec13d9f65beadee87892d2af4037c0414b38a7e55d1600d8ccd5f34aed9b520b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
d006494bc2fc72ccbae3388a021457d1

SHA1
8b0a0f25c4739b42a4006a6d7318abe0bfec3652

SHA256
7517c20a1c0564598a2f459b322f58dfa72ec260b393e653382179b9e1fec0fb

SHA512
598584e09b7659846c99956487fd1d339c81dca308904591111b6ffe15d7317b596b8bed9508d79fff21e1daffc5ad9ed2f8269a1e972f9b6ad7dd29995e1444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
88945fd6f3bd778190a4ed84af8bf51d

SHA1
2218d47027f748bea1fa64153c0d2fa2198da083

SHA256
ceb0bbfab264af8d5867b543889ddf3df1b892a8ffbaab70479852c3bbea17f2

SHA512
ce2c821a4a0a3f3d2e2ab52fc74a16923d7675623b6700d6a8873334c8810fa7a789eb5a3b83c429599ee475d49bff57e0244a6f485bd79ef97205276451ed8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
00d51422969a932b6e97de95ec65eccc

SHA1
fda6f40235195c9e878d081ff808949a872a59fc

SHA256
df71563ff0e5ef12cc95241f0ffce01c04be08ac06124565666938daa7dfee14

SHA512
61e63099193912e8c852524bf603cc6b0d3adb004fe956ade53a747e103f28673990984fce8437f649e390681f381e638b9d46791d2dfcd69ab6e1e8b1b409d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
128KB

MD5
ee468176f4ae177c33fbcf5a5bb93355

SHA1
67ec9ce24f2c21dcb0552531d7b048534e703d4e

SHA256
cef24f88954c6b0ccf8b20903936a3fa5fdda17c196aacae5eb394b4c330d573

SHA512
e3dadb9888512a94a70e438ebefaad0bb7fc74601fb485e17c08abf01833c1a545ab4b61f4c969b3cca015bb9ea2f8ca5a8936815b26468fb23743d5393db30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
7KB

MD5
d2562048851bcd9a075921ade9f097ad

SHA1
ad8764717986d997d7f5210c8a36a172e413316f

SHA256
c63b3b048121ca68dfc3fa911cf47863c8b67fc73266933c6e4effdd4f68964e

SHA512
323526e6315c51f0c118f896aca39208757cd928cf0254d89ada4316cbb33769df262d9464cd866d5ac49c538749a56aeda0dc1b6fe32e37d6050704279150f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
901B

MD5
b040f6bf1a2349508b7d8ad231875933

SHA1
2ac5fb1c8fcf5c90b081656d34166ea4cf513338

SHA256
3bf82d8024391e6a9ab5a23cbf377266d8e5fd58af2aabf80e7fd465950b0d30

SHA512
1869f3fd51f82923240ac81cb81eb8fc660e47b1006f5d1da4699f00942fc08ca92bbe89b6a0b824b5f95a2d049efffb34c199b1456e3009c69be3235294343c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
61ba2909aa495a5f93ba2786499344b7

SHA1
bbc241846982826a087d44f774f90bdd831336d2

SHA256
e39315867d3c1ed01d57bae8c09f247b7adc901c6600aa6c3efe231dbcd6d455

SHA512
e1d2d81608b134270ba1d9498f7a0e93f0f25fa0ac8dc6fd67baffb294f4d557c8b75d4176f329a1d6227f62bbd7451d6fde68f70a0765607edefc72592e0d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8aecbcfaf6d7033f80c0d815334b7e88

SHA1
5f1a23a12a106f8f859ab65249fee254bd2be30e

SHA256
4a836ea865d76fce9f37da627facaebd56095c81137e4a567d92e8b60bd975ba

SHA512
0b44f766ddac227cfa09683d585637305f30a66aeeb11f86c9ae000942d5bec3e9326e10de1722c65c22c58fe9fd9d27964805a1d0407fe43e542de1213d6683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
cbf34d9810e6d82fcfabfff6533e9628

SHA1
88d0c9dfaf7c9b09f246a0869a67b9fdb0211493

SHA256
7d67f063e77f624b18bc66f1f0a59790a1d0aae2e7d73c3dcff1e8032793bfc0

SHA512
59983b9713c998094e47322a1812bb41328fb33f53f5ed691c7f9e45c03537c3268c82edaefcdabf3bf7486d656b9a1d8209a7b71cefffd769c30e0c9426de8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0cc89a0fed4a9070eedf0242045e853

SHA1
0eac9618013bd0760bbd934c905ebeaff7e8d7b0

SHA256
a86e6ceba13b3a5c65cfe89e1ce111ea951e76b4f5a6d73b51ded06b437d29a2

SHA512
0cab55d786e525903d54ce5ade9f7919e9ed90efa005b0ca2549aa43831719d94ac32c52f11fd54f87a5d48d9be667f1aab58b41ebcb8a97711cb08fcb6b26bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cfe9466c9c8a7e28ca2e52b0d190ea1a

SHA1
aefcf7eff89400bbee4f3ae3b7b9058138d8132a

SHA256
f1bfdf5b199d972bac1122e44fe56be5f0c634b4dbdf8a4fd402d8867fd9d7a8

SHA512
4839d93d79ec20c3f26ced995ebb63209f229632bb7db8c10ecc89d4d807cb879445dc37e6589605325b9f7d7a36d0843b068223da6f0eb421688bb87b6a8aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
638f610dc395c774b90bb4f9eae30a55

SHA1
11747d48b619b72eea0fc233b7b212381d0284bf

SHA256
0ad6f5b3bc60c03cb1c537823e019e25494e52936dd6a2f64a9e154c512b81b7

SHA512
7c0758e36e96bd414c5a7968140fade82e21d9faf4f6bac55387b00a69f429b51144f48ac8992c808292aface09fe7d7642771fc0a48f4173444125c7b735d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7f68232b3c1b3e159a298d2f1d2194a3

SHA1
5f4bfda2a3bec4e3c9cf4e6d77f8d6f3d21df9ba

SHA256
6ee18c4e34f823cc6d911b8927ab4ab41b589613b6152d8833223edc0f0a3d9e

SHA512
3101bfa02c7c625e77b16092da21e24b7e9df220c12615220d89d04cd86702f91e162af5ae2b9a56595d2de7c3ea00489cbc9f9c7a080d4074f7b2da562cca36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b454d3318738049045490386cfde9510

SHA1
4a802d09e02f877fa351d3c180c4d11acc74df00

SHA256
c80c2fad5b486ce3e0116d9d90621ff59d400733e9b066b9e656222c3cd37c3a

SHA512
39cacd50b22dac633f5b5fd2608638ad15c69615042f8b58f928e0e32966f74c5cb82435434839eda627d09b80309a6cc6ca82b9a320bb8c4290cdba549524f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ccc75dec4b31374bba5f51362f48c364

SHA1
a2c00c24574d898a0d5ad51362b7ef1d79adef8d

SHA256
24bec3d2cb5c0715a12310bac411ce75e9296e8f9d47ed0c2b48b570da3cdf9c

SHA512
a519c848ea92014643b7ad0c9509da6c798203d326bd87eee0b3081dd2d60b04b832f7a4606e01c7807fc29cb9cf03a38b84578e4f57dac2139f3e151b5d82dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
94922a60f48d8d1d27dd14640735654c

SHA1
d87639e77fab8a10bda15e7b9e74897b67f06abc

SHA256
4f793ffaee7c3143ea1eb79dadcf6b30197146e9826979241ce2123b6bf97992

SHA512
ae25d483170e2386de23801e544076fda104ff3e3bb23152c9a9f118ede1aa644660d189341c6ca9145a7dc7c3171d31596db7819bec0ae9d8afa547995e18a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e38df324535b2a0708ef1761849d616b

SHA1
c0167454fd895fd097344148475ef670d352cc7a

SHA256
b78c2702725f3673f50fbf556642632d2d8f1dbae24c3d2cfb4ade93b6d64e80

SHA512
7bf8a3b082a07073f58109d6359cdaf7219f4f244fd576e8d2d876f124e3bc76ed9f9320dcec4c41828552bb657e503c3e132fef92c5e414c60eb82c9537f03a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
684B

MD5
7e776c1b33849332a34b3a99753c8a16

SHA1
36e95aeaa86257c2f98bd0c044ed360428b0504c

SHA256
6d348795e7388add0c43b3932f9e1518898b71eabb96e5631e373ef9680e68a0

SHA512
46672b05091346578cfe2a721a5cf305ba2ca3c89fa4e3a2778ad6d671dce553778a4276b9344137b33fd2cbd5e480fc0c2148882f1ffc8d078900041fc9a046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
cf80fdc262bb04b0e2009fcb371a4675

SHA1
c00b4515d35a965923d5045e9cc052c779515ff4

SHA256
43cd605eda5b27a6fdd5b4592d452ae246f8bbefb656b56efb2033386d281c88

SHA512
23aa50b94a4ff5a556deb13d758d36bc58a6f4ba7af5f30c74c738acdb36b37e647f18b23d249c70027648f06225bd6c20bd48ed7e88add2b956dccb8ea13220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1670b7df6c6f3f27973f54b3cfccc344

SHA1
18a6ff17b99ba67cd7fb9cb7e28fea2a75a146ab

SHA256
f37c7ae6f8cc2229af724d6def7bbe665f11c2ed6699d891ed241e4f53bf4f3a

SHA512
78c52a8e34dd60e47d80421d7c1c1e8ee6af8dc845d12b91e6562967e78e899720f09ec27490387e69c2cbf0beb6a2c5ab166ade31907a8e268af14e151d1cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a53c7114bda473ca7d7ebfd548ed51d9

SHA1
872bb2003d355c86b5e172978371bfc95d428519

SHA256
fbc8dee9a42e6932fd3d3142775ea62a606c1546647bafa13b51637ecd701a19

SHA512
3a588dc6008bc322719cb5558a188fafca21c25b2ed69aeed826b7e9fc3850767210fd435199ecd7685eada7a00a7366404b322d7f7614e4be75b1e6519456ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe586f3f.TMP

Filesize
48B

MD5
6e339051ceed042fcd33f4bb3ac3299f

SHA1
f22feca6bb0f7693a5ab2379d737d8cdc62a555c

SHA256
89ba328cbf0691fef56abc1cda4bcac77fc9a09ee82609980ded8e48188c40dd

SHA512
da1a6cad203a03c9b7ecf75828ea76d77bb52aa67bfbb50f84b104215e97567231be50be7063d8150d2f890fecb1ba38c715fec0b7da1424bf7ea4263f6b5d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
93KB

MD5
63c22eeb1b4920baea053e9d5e5a4313

SHA1
46eb080e36cf9ef7756dd8b133121a8fc099375c

SHA256
38d4056053c4aebb5282819c7f480b6429273eef613e665d4ef1936b503e913a

SHA512
f1fd4b389b39432c0242c1d962977b22cc70f8bd28f4fca45350830f0c81ef37ab695ad7a29d3bbf26227768cbacc0f1a66a9f148bd79b8ddd505b9dfd301c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
863B

MD5
957785695fef604286116aeee2862754

SHA1
e067d4eb399456f90c89ee618a4aaf39411140d7

SHA256
114f68062145ba5ebb66ca22001ba54b14fa4e99ebaa797ed2a3caed0628da04

SHA512
cd54bedb859219d084bca2d9e8d369e1ce95408ad1f11b7ca2c47d0189fa650b0131e32a86fffc2f4685126b238d6ad1eece1711cdd11ff73cec150478eb4391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
e52f572df2566fc2d988fe18635533f6

SHA1
6769a2317a5ffc946242bbb38d15a7d284975ea3

SHA256
a4f501b1a8feca04e7aec569ffea70ceefc5c9bfa0bf76c48e8b0d790cee5490

SHA512
ebd4579c5bd571e857aee827931e2835d3ab59618c52f246f30c2d99f5198a36fa0034d816c0fd1d6995af10bb4180490d46364e1f945f513260d09af97dc089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378087504659539

Filesize
23KB

MD5
53fb0541a4c9147672505c974e2ab75e

SHA1
796df67a13ff67635ef872c8cf27fd25092f8535

SHA256
036b014332af3ad59f13e2b0fb4d95b689ba01315e3044bb431cd0115b786056

SHA512
f96886cfef8d09d1b95f5dd26c5cfae639c1b846bc27b113d3bdf9c83396d935408d8fb52167eb63e0bec152bfffde5b9c3b940b0de927e0649bd45847128255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
4d91e37b6f654820b879bee5a8d4fb2e

SHA1
c4c627ea016c3c65c394a564f7c2bb81e5133bc5

SHA256
21e82a27f4e0f5b8e3368b9da580e5de1bf5e0a2ef577e2f758e58e28f7fad14

SHA512
49a0e0fceeab00c52f092daa2de81c4393c5ac7686893ff5635738533c5b4e0f4c978da72c38155166f065ed24b83df87a9196a7ef4ddd794c9ed31ca7036971

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f99ce2129c21ea10981e17890d9643f4

SHA1
0d238cf92a7536a1835f34e8e89f345fcc867552

SHA256
005eb185fbc0f87fbf3fe8280743791507fdb16635fb99e25fa6962867d34138

SHA512
3e81cc520461be87050782a0fe1a9a8437e492beb2dac03b2c28ab8b9a4fc19f4a8a8293564485dc851cacd31543ba4d6001cb14ce5e9ea175fed44aa719d0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0bee96e2ab4f96703f1c494db2d8e0e5

SHA1
8830e81a1e5f09e4ac23d76e0dcee290f052414a

SHA256
2b20124119463a645b59b34c2b1abaf8041433e51f3a856cc9b7395637a86b0b

SHA512
b21c88f2080353cd54b867f2f01793fc0121056b1552597c0b5a3c50b27c6ba79a0dae313e7dafc1ef235c53c86d42af964ed4c9ae3c7650b45407073402e64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
30406d9a16217c4f502f0f8070e3a0d6

SHA1
2f65bfebacac0736662d5cec2c1c51fa3ef21fed

SHA256
914980017bbb1564f4977b37df3429deabc9b0098e39c601d232ecbd1eca5184

SHA512
678f92ae7fc972463643f964d357843598cfa43db7cc434e5f1e8036b7f111ec4aae0b6cf1ff91a27f766e17491c3c6d154a4395d33a3a0e3e8f3f322b75c243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af5f236558e68a1e9dd4c5096cae4ce5

SHA1
e5b966c096588562740499c89863c8ebcdb7aba9

SHA256
c4ad9e005fab399adca36634d03a004627cb8c6151f41ef7b9d1d7a3508300e7

SHA512
58d95351d02b4656735ab3935f909897cd54fc62c603cb006112a55cd579f5e1116f76aa9436938e6343401a03f821e7340abda7202b798b46af316f36f3d3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dbddeeff0908bd25f05b8743ab7af062

SHA1
db885e2d72e8d26c9c2441737fae6005975815b5

SHA256
dcda36f000bbc4d309916942141160e9968bd752eb8bd9d07334e1ec0b28cd03

SHA512
31d48ae0f37e3476ca1a19bfda73263cd96403005a9b1cb1929b29c947176f51aba7b1930a310a3aba7f607357fc200042ea08eb11e7ff54abb23ae0bf682214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e586b6658821eaa9cab1ff3ae605834f

SHA1
4f58d1c946a1b26c7a8bf1707be1fc8a4ea41a47

SHA256
f340fc675caf6acb768583ed10f3c093ad4c62a3e2153512481ad2628543d291

SHA512
d3bd343c4edecc128ef6174a222f7b1a7f7618a02308e9ea17d17a400d406994d576f1baf44f09f0c9513baf909a0956eec6faca4037187c97f75900d6fb363d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586f8e.TMP

Filesize
1KB

MD5
6da581d0c513e045a2b3bd6acaee2cdc

SHA1
ae08ba8aa56e4733aed31ab87e5ac0139d60d052

SHA256
1ae8a8a80294eaedbfbf9d51abd0f89c09bd7ec5dba1f06060611346c6eadb0f

SHA512
9f1d975db68cbf922cfc4540c4b5c0175d193f0ec2978d3dc6e7f5e0fad3d6099388ef34095d99b675268b768f16408e2ba1042b0b92d07a5dbeeb15d1e00b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d8111ccda3c2aa4960d19777cdf0f60b

SHA1
86bd59cd153b7a32798a3fe1fb1816dd1437b75a

SHA256
5299c263955332750777c80bd5df82b41fc993020b1807c73f5f5d8c9fb82a32

SHA512
c9c23ca6b1b043f46cef4668b22fdf37c85bd8d235138321fbd0b46e03cea079828860bdebd95398443e05555721091924b7c668092ae3f2589500454d18f145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
19ffc74422e96c02d4f15bcce46bbbf2

SHA1
e4077379fc0714d00888cc172cdb8f7501b395bf

SHA256
e699ac3b269284fc208d80a1ce7838da55ed6113e2d0871a331e2b6ebc0f7236

SHA512
1d4004616892b4a03db6ee590185c23e8c2b73a3d445813122978604f1e88b33349c9728c30b19d34266cc07cc77687e42ee401bc49a65c8d51384a5acb4c8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5143d22-7654-4e63-9279-8ca124560469.tmp

Filesize
5KB

MD5
b2574189650a549e79e440bcc2d1134c

SHA1
8c706dbebc59cee2322019b5e830ad0ef746a87e

SHA256
ef2669b228ddbc3ca9da54a2d4c0a346ccbf6178012090216ce76c34b573bcbe

SHA512
a5e0e5a0ea53bd83170752d610f5bb3d0060ae64671e4a2fef2cd08a9b801575bcd694f12ac25ed32aa5afb9d3184a28b77dc3842a25888fe4b2bc49e9297fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
6e80ed9d3149d5b309f6270f3a70fcaa

SHA1
99aa5e2d7833a3ecf3d93b05ce718c5dba8486ef

SHA256
d750b43ee73b06ae228dc1fce44fbd62e494a55dd1cec2fb178a11cafedcf6db

SHA512
3125a78ab0d2a50982f2b3a7f6b5baf64970c72759d33d97b7d87ef9e9a4cae90f33b2e525741d5bca735c83584cd5efc3615640e17e6d5753bcc1122a91ba85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
156B

MD5
f2a301b53069b4b8fd5cdea44e86e942

SHA1
489e727b5bbf38ca4a37086abba73844a12b5d99

SHA256
24c58c4a3f381e159edd18eafe03d6c575e89795252fd9fa92fe51c8fd9a3b8f

SHA512
3a9c49df79c59ab5efa38434090b4a1bf49eb717700b36ad53d326b567c55e86ffab7c69c92f198ab58761ebe7d559315b0f358931886b7a106082ea47ef976a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
e4278b8dd5c2ce3337925bee1e3f6bd1

SHA1
4beaa83e889252c16ec792a9a67ac1a90856349f

SHA256
ada29da7d02b417e84355c8a811401594a8a4e9a0d64340f2cb50830d188a0e1

SHA512
341efef62c02f5b8fb288ab81f34b927362b9d3713bbecec8026fc96710df5a2f80da7e6ca45cc56d588431684329450df34744000e83a82ac4b560452f97391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
66db5c0e0220f9f9538d36dcf8475b8b

SHA1
2beee8e9a1f79c0e6a65aad9b57bb78b803bf5a1

SHA256
51d233cfb360a83b75712b1404badce1e0ef1785acfdc490acc7a5263de27607

SHA512
29871a148c1a5c7158e77992c57117380fa8d4f670e6aebd290e1b486f2d637c3aa7ed4fd078bbff1a678bd94adf24075b9974c78cc11df6d58c74593ee2536b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8d117f523918efcf5b5efbb57c89867e

SHA1
a74cbbb5b1edae292bea236b5458c58a5e6a9368

SHA256
edabc0fc5591e385c8161823a5e518b516ca32283bd37c01700ecefeeedae545

SHA512
2f5717199a0f8d42ad53b56bfa9f204db5743028de6b2c1795a5d66f0562638d70f7613035ea883d620054adc19f899389ff8d556086678fb580bf14b650bd77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
923e536d1860591ede882b47600a5e2c

SHA1
fbf2583db3ac5b1f16d3e599444f628efb2e72ed

SHA256
ef1af008a30812dce91512e38a9654e4044940fd8e953091aa5ef735bc123921

SHA512
c2652747d8b8bf05bc820c35b78e14222ec46326613bfb15db14b453b13b841ae51aeff7e5a04bcacaaa6a8ed8c6eb119c8a2cdf977d2174d5009bd6e85c95ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ccbdc58d6abadcbd0fcb989c2cf76a28

SHA1
6178fbc41e065a14af59f923bc0337ac5f9a5e3a

SHA256
c25324239fae2fba2961507f9fc1029f12fb5d983f106d403f0c323b5022390a

SHA512
71779e97e92b1c4628b1898f22426a8b89775955f57ac587fd8d9200d315ba24c1839195e035d99929ad6d59012e484e14b40964e636f251095a2dded675a13b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fc4887b0688ff8d4104c3766a6a79ac7

SHA1
c540a55589bdaca2c788fc1c5076fa8a845cf8f8

SHA256
e8b02aeb5fc5c6cc6abf5e8eddbdbb87d95eb0431127e88f0ece9f59614bc614

SHA512
a57cdc1f63de11673a328f7e219da8a98638cc41d8cb374c8a4097b9fd3d0576375d613447268fca53e8341fd4506249d7e1cf8c1733cf454902bbca3c0c4181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33437aa7be4b84b084e0e744ab79f546

SHA1
dfcd80ba6daf56cefe1a918cc253106095bc1132

SHA256
fc4c90855ad9a1c00feaa4d6f8f6cce19c3cc44ced0446ee178fdbefb94d4bf3

SHA512
8c4ed82a5f644ab959707a4bfa11528927c7d8f2143e0e58e2437663df90790fb9edf09286aa60164c0dbb50d78160ae47c446a3da744dabb73944b8e2cf468b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
24868e91e35bd1ee256b86bf24493204

SHA1
a1285cf016365854414f4dba81396e45796f1938

SHA256
1ccd1e704c5055aad6f8a7f8440adda162f9d21ec56bf24eb2ec7c78832998bc

SHA512
1e27a29888220a99b06eeabc072b5ee4e89d45bf90994c762e5a74f4213c8f54cf840c364987caaec7a7d6a3995fa67503db922c0809992e21324210e7a75ec6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ec3f5f81f6e114bb3dbbd0d7ecd67793

SHA1
4471d634af148f96fcb27076404cda9d37443cac

SHA256
041d1de0fab38eca1d64dc80dca7105c72b93e1129998073abf3fb14a9e35ad4

SHA512
0acd6c44a5a968361bee51df648b6d8200f0f81ae307f9a42416a7b368240fbf822f25dc0295d47d067e3f9c72cc6dd17b85adfba99bb3a717ee7830fafcc5a6

Download Submit
memory/4708-1307-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1310-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1311-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1312-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1313-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1314-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1315-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1316-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1317-0x000002A573BC0000-0x000002A573BC1000-memory.dmp

Filesize
4KB

Download
memory/4708-1318-0x000002A573BB0000-0x000002A573BB1000-memory.dmp

Filesize
4KB

Download
memory/4708-1320-0x000002A573BC0000-0x000002A573BC1000-memory.dmp

Filesize
4KB

Download
memory/4708-1326-0x000002A573AF0000-0x000002A573AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-1323-0x000002A573BB0000-0x000002A573BB1000-memory.dmp

Filesize
4KB

Download
memory/4708-1309-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1338-0x000002A573CF0000-0x000002A573CF1000-memory.dmp

Filesize
4KB

Download
memory/4708-1340-0x000002A573D00000-0x000002A573D01000-memory.dmp

Filesize
4KB

Download
memory/4708-1342-0x000002A573E10000-0x000002A573E11000-memory.dmp

Filesize
4KB

Download
memory/4708-1341-0x000002A573D00000-0x000002A573D01000-memory.dmp

Filesize
4KB

Download
memory/4708-1308-0x000002A573FA0000-0x000002A573FA1000-memory.dmp

Filesize
4KB

Download
memory/4708-1306-0x000002A573F70000-0x000002A573F71000-memory.dmp

Filesize
4KB

Download
memory/4708-1290-0x000002A56B980000-0x000002A56B990000-memory.dmp

Filesize
64KB

Download
memory/4708-1274-0x000002A56B880000-0x000002A56B890000-memory.dmp

Filesize
64KB

Download