zloader | 38bc13ef112b2f17d4d1a80243fac6a521b5d58228984aae0752d79487fa3b66

Resubmissions

14-12-2024 07:51

241214-jqcj1sxnhr 10

11-12-2024 15:39

07-12-2024 20:12

04-12-2024 19:31

04-12-2024 11:47

04-12-2024 11:40

04-12-2024 11:35

Analysis

max time kernel
144s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2024 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Size

144KB
MD5

9e9bb42a965b89a9dce86c8b36b24799
SHA1

e2d1161ac7fa3420648ba59f7a5315ed0acb04c2
SHA256

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d
SHA512

e5ba20e364c96260c821bc61eab51906e2075aa0d3755ef25aabfc8f6f9545452930be42d978d96e3a68e2b92120df4940b276c9872ebf36fa50913523c51ce8
SSDEEP

3072:ep1qwbk6Wbh/UR++pz1OBrNtZtHpspurmxwPtnneZY:epoP6WV/C116rNbtHpsYrmSP1neZY

Score

10^/10

zloader botnet discovery persistence trojan

Malware Config

Signatures

Zloader family
zloader
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ufhuhi = "rundll32.exe C:\\Users\\Admin\\AppData\\Roaming\\Ofudb\\beufdody.dll,DllRegisterServer"	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1968 set thread context of 748	1968	regsvr32.exe	118

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 14 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1601840699"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31149027"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31149027"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000028e76085f1f7640a0643881d549bbfc00000000020000000000106600000001000020000000aab586e588438370ae0d9a7f5c2458025cf59687cd6f4a2e7de816ebd5840913000000000e80000000020000200000006863d2923909490f582bb67c29c0864c99f5b8cc9960c287b05db0eec02ae7c52000000081587fdbcad5f1f8bf0dda85832b7e8bde27ecf613de8650bf541c729a4caac740000000f0092a14bf588de7bae25976912a62db5e7088895741f81edc9ed8e83381b7c551e6398d8a6a75793b6ee2c4b15b6f0ec35de8d0a6a915df50171c902b627338	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "440696730"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1603246391"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40048462e34bdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31149027"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90b07362e34bdb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000028e76085f1f7640a0643881d549bbfc00000000020000000000106600000001000020000000f3362f86a9d4efec2de046d91f6a14f9badde26d86a772e82fff2c2a9d30181b000000000e8000000002000020000000936644b6af944a340737a0e869c5ee7f740ca72146f802d028f7214319adf1cb200000005855ef0f812a3ee04708bc1fb42ca5fd45b6cbc903a879192eb4159701d8e1c440000000cd452cd863cbe24c448ef72dce2be6bcc301c4a6d178b326b8b60b06bf454ff3a1d70e364b83762f7e0b6eb98e51972d5e9ff54b9b17e9658dfe656a85adc04b	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8AA25740-B7D6-11EF-A4B7-C67090DD1599} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1601840699"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31149027"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1603246391"	iexplore.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3508	POWERPNT.EXE
3540	vlc.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
2316	msedge.exe
2316	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
392	msedge.exe
392	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
1132	identity_helper.exe
1132	identity_helper.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
5744	msedge.exe
5744	msedge.exe
5492	msedge.exe
5492	msedge.exe
1788	identity_helper.exe
1788	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3540	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	748	msiexec.exe
Token: SeSecurityPrivilege	748	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
5240	iexplore.exe
5492	msedge.exe
5492	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
3540	vlc.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
708	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3508	POWERPNT.EXE
3508	POWERPNT.EXE
3540	vlc.exe
5240	iexplore.exe
5240	iexplore.exe
5292	IEXPLORE.EXE
5292	IEXPLORE.EXE
5292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 1968	4132	regsvr32.exe	85
PID 4132 wrote to memory of 1968	4132	regsvr32.exe	85
PID 4132 wrote to memory of 1968	4132	regsvr32.exe	85
PID 2316 wrote to memory of 4312	2316	msedge.exe	90
PID 2316 wrote to memory of 4312	2316	msedge.exe	90
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 4156	2316	msedge.exe	91
PID 2316 wrote to memory of 1108	2316	msedge.exe	92
PID 2316 wrote to memory of 1108	2316	msedge.exe	92
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93
PID 2316 wrote to memory of 2788	2316	msedge.exe	93

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
  2⤵
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:1968
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnblockBlock.mhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffa074446f8,0x7ffa07444708,0x7ffa07444718
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,12901395763823222881,8652360612912150050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3632

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /s "C:\Users\Admin\Downloads\WriteSend.pps" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3508

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\RegisterUnpublish.DVR-MS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa074446f8,0x7ffa07444708,0x7ffa07444718
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,3258292102080249015,9459530198017187417,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5240
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5240 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa074446f8,0x7ffa07444708,0x7ffa07444718
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2064 /prefetch:8
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1620 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4295178726823392446,3806182461544796365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa074446f8,0x7ffa07444708,0x7ffa07444718
  2⤵
  PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x514
1⤵
PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
39022d9b5501feec3329b2389f2fb91a

SHA1
3b220eac5c446f75037924e3c1a6d4457f42111f

SHA256
231bee884b9281f40a10af050264a0900778d28488332961195d6338b46b2ef3

SHA512
65824be26a4c75852b9b007e967cb323a883b0200b50cdf1977568165b2f636c6e0372df51e5aa2faeb48a2acdf1c0de79b8587e0c579b549c8db1d8dbd24af8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
cd39eb5e3ce32c2f8497c207d0db928f

SHA1
ad2aaffe3d94a4aac1743b0159036b5d3d6fc5d9

SHA256
f050574b7c9d64ef6412450521f6d512e545eb46e5c70297705e8f2671c36e99

SHA512
ebf42a912232003e4a8b49d7ef949bd6bde7e24d9f79a72bf56d114611aba4a150b6992f77044ef3d78d4b713082ec87fcea9d8ac5bdbc702362f8f4edff8907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
219b250f888610ee700128a2bcd34642

SHA1
ae62e55b80e110272b9e6e4ff59134ed1120fa82

SHA256
882e87d6d43329ff63d667b354d4d4a22c1370101e8d26a6680456af05615ffe

SHA512
accde5e8dd0c996e1570ae210c89832cebd93f2429b3a35ffd823c89ec6a8c417b81bbb7a103331b920547ca28810156ea9872de9be36c822127538a7c6ab4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\6b4a22cb-297d-4f76-8e65-3731f56de91b.dmp

Filesize
657KB

MD5
249072761271f300f5f55a3f9309646d

SHA1
00f6c200d313d5895e2625a61945c36483526476

SHA256
e86a13e837ca0da30a7437d9dc4936e1b402fba8157c3256f1f1ceea0a067b54

SHA512
623a7f8643638a3254950c08c4470dcad30ecf73d1b4c853fb5806050dad9dce222a90e7aab808bcc9561a7e3518b9d5eecc05304bd279f55ec53f9937dfb698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390c19203f97c52758d1dd26c828d666

SHA1
98b32ed9a10b61774d3172086a87890e7a4ce3e3

SHA256
a2e06dbacd8cd632b1d3f23ac50f2b5beea948c0861ad7aa7c0816f4811c4efa

SHA512
b88fc7b850a8b168f777954749bd739d0cfe129f397d56080c16e24a92a90877cc732b3fcf166bee46ee1ef822e198c237a37478e9bad14564a17b4fa6302f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74e31252bcf6ad202c5b9fe5df0659a6

SHA1
8c969a20c834098021364d1cc3293bbec4bfb261

SHA256
f4c9d4007bafc5eef25b00abd03db6e2a815dab96b9f2c1bfdf785c3db54e157

SHA512
b07a8d85a0a7025eba294f1f8862be7480e492e3bcbf49fd22a8dd4de0d2ee35c73471f4b575c34ba3ea82371d36fe8815d8432d3a1e0ebedb0fdf92f7b0b720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7415e971dbf365bfcbd54dddd32cf3d5

SHA1
70de7391a8ec62cdcd117725c4a0bf167ebd0d29

SHA256
b9e988a4e51d10a0b1516b714c9353b12080b79988e604f5984aad9612207ca9

SHA512
ef8992ea8a993804133fbff625477241f0c3b4680e67a1541275a9a98fa51b81892b1207bc524b1007dd52ed5907d9df3a9aca2a7d4adc5f06c0d8a421363e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aef651992c9f6a5e17642476532122c8

SHA1
d2653e0f3b1e5411bf28fcac5fd03bf4954c02eb

SHA256
193d4d5bb06106db72f6d972c5da646089858ed64ecfe4d48bd2ad581ecc38a6

SHA512
4866454180bf97600b3f372f9c8f506e5584a147d3229688af342d5809d303ef96d200b60e3bfa0adea758cda45608b040be686baf4133d5a96695cac1a7fe81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\947d2430-5000-4994-91a9-08bcddcb7269.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
7f5f3ac27ca74390639cca3c0e34270e

SHA1
ba57344266ee0af86152326808500fc8e82665ef

SHA256
df554d0c052ff73fd8a29e444f1749f39784ef9ff2926d265e50ab146d0f4700

SHA512
a915c283f2ba43562f9011365a85d6e9418d39ff99ab2cdb48ebb40ada4a2a87bd099e5a1082c8a74cf6f71acb14d0377fe35a2ab63640a3a41e1472324f6814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a7f065345f0af64bc8c17a748f95cb70

SHA1
5275db71b5705d6cbfa2e73b62dc0e348e3c7805

SHA256
65f90f47282bf949a370ffbb2d4f6a7d9f903177270ebdfafa16b39abf5cdefd

SHA512
1760ab84981133410ea7b9822b335f43a34da7eb7de3945424a8b77e88f6a67e5c8e9a242049ac445093af78eb304c57f5c9d441e2f63dbb2431453cb3d49135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
40709c2e2a85d749b2693750f452a5ca

SHA1
9d8b2b4e18aa602031609d8a330b83995d59cb41

SHA256
7a182f92eb8e81edcc0f62632d9739220197f26dbbfbff8d86b29e1c61285963

SHA512
cca1c11b407fd87ca1574e570bac9f528e92afb123be52622f8406e51c35fcffa7518fa50dde4c8c64cfb537f8c25044183cc773734a146d6f79c1035f2508e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6c2af063be1cbc567b484ff895bd4af7

SHA1
bf4476ee9d685c637c1aebebae56576e437c6003

SHA256
d5db25e79e956c6ff4206ff04c2e085ceeae63add4883a5f5ccc9d864cecf06f

SHA512
891ba5aea2a1a2a2fa6017bec8cea10f608253765d2f799bb30265b6a1b33afb9c89869b7851b3a3de12c22f9ff9efc63370314b9d69954afcb096d7ec9b25b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
52fb03875acbdbb576602dc05764d9d7

SHA1
1c7220c57cebb0100b837a1240ee147b65cf89b6

SHA256
62781a8ed99959be3242b2245c47a71a4f9cf36967156cadbdaa58d7ef777d13

SHA512
070fdcb136a96aa269da49f9b367d928d5a930b1c2d049e62f304eb42efbd1958c6c1f29cb299c3daf313dc040e24194abc1ea115f21fd09571c23b26e76fe70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
504B

MD5
378fc9a7639a32c29f20f1ae19ee9cc9

SHA1
a081b64f54c8ae7edb7ac4ce396d14241f4ac8e3

SHA256
e8e7d300ec8a3740e060e0ea6aa3f7857a2674f04ee376d4d821b8f8fb60f467

SHA512
f37bf7b5c738aa17ca0abbc87a59bc62d0dddad5586b72aea8e100066581a5518eb680838967786d27bcd36f44b6ba7d1329da09f4e51b1eb8b506bd2aa97795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
097f85b12ca416d2fef5330aa18034c4

SHA1
cb60439fd6295a88837740c00f2029ec535c58eb

SHA256
c1a284b82cf1ba2ec503c1107f2beb023380f43a77f0bd8fdc90e1dc213d7c85

SHA512
ebc294cdd18fd19a08accbc4d04749d641adb79f44502bbd65fb09f16467b3eae96c1c8d6bf472968f5fcc45559784597e6a7f5f39031f01d99f2c2522f895f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9e3efa08176d663065392f3efeb2608f

SHA1
d4254fdb8480081857d9f447c4f8c93f716840ef

SHA256
758ab8ff7eaa88a7494cfaaf86a650969324c6e4d081d6b05fae10d68ded362b

SHA512
605ee026ca77a05b2afa78a48079661294094bc717cc1d9b344bc8866561548efe9549ba3832a2ce38c855dfdcd381bede4528b1d53a8020b75cd05b733bfb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0cf9c4209640c41c14cb39a1ca89729e

SHA1
f61761f3be4d676d15dd08074f22888dc88331aa

SHA256
a985004b6ec5dd1b7c672aca4f977ad93ffeb76aade07780b2a1770613a0f5fa

SHA512
96ae7357b0dc7498def260cc3be9c7c3aea33dd625c691019eb4d4dc0f62ec13a1bcaaa9a559f0d0b481d8301ab79f539c4ddf20708fe4c0c7502bc8e54446ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9601fc5b06dac828ed6de314e74c1aff

SHA1
4267c5c30b69053c6173b43fc0fe67ebb9f00071

SHA256
0f43dc794f7212638ac5b1c168e7985edd678f8afb491689d809d031d1526fc3

SHA512
1778206ca611209d9d9168d54f32ed8c9b584c10e2969a10e9e3a4b91341d00871d36ffae06195d68c0a0484393430e3d5dc756f49bd516c2a0df277b5818bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7480370659c18f22f435b5fff174afe6

SHA1
cbc1462c30c18eca988e5b8b0e74c57156fbb2d9

SHA256
85b5b383717cf8ac6b977fab5943021ff4433fde1fa764e484b65a5b8e660c33

SHA512
7b6b3a3857f38f2339eb0b0bf1e94d242522e0c6eb6772121b0cbbd726e0a65b80f0f393ca2c3587a9967c508acb184653cc198d7e316c04f81bbbada22c27f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a0e4980b895b199a6a79acce8395d4ec

SHA1
baa83a5adaef429c4e91fad2ee9b8fb8e708147b

SHA256
d321154bcde360d8680e116208dc510547069c132e5cd9ae9e525c42f211785a

SHA512
a5cb0ebcbaa4c278e675a1c79e01212ad639afc8633c357fe1e028434917f4c8e98b97415f0bf43ff398b3feaea4046f65d7325f21081a0152b3fe1a1e125168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf65a7a54406a4d252c8516cf9f654e7

SHA1
b25e64264d10b189f205659bd33912d020b5747b

SHA256
9563979badc33a53a5490b05eab294463ebec9744fbdf87654c9b4e0e95ede86

SHA512
ef530c48b4c020b48761d1388514ec427b02ace5a3a0a1c3961f61879c6da0ba41c4c8e00fbbe3034e5e0df93f7af5ad07f0dc582fb9a67e893c36a2afbe2ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2afa3eee39f8f50a4a6241cbcd64f6f5

SHA1
c42d9836feee4909767bd8fd0b91c738dd242e47

SHA256
a7fd9a92d3d551093a2218399f00df09f8b99ffe354d21b21eb4d9d43b4c8d75

SHA512
df7728d9653290aeb21c810e16e788eb5aca5e76dcde15fa43acb939b77afe30176f8a24c2bc9f57ff8efdca64f490b31a80dac77f614b13eabee2df0a0ed022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44a6f816a998cc74fcecaea57c6fcc57

SHA1
a200af251a6e020096775cab1f222f71d51090cd

SHA256
8583d58a923e7f2d66280c8f915322fc2b478d7d7b6218d8e81371a315bef2c6

SHA512
33bd976cab553692ccb6571fe6aa25c160bd2e90e3406d4aa170e8fe1452afcb84fc513bd3414704f9d42e191cdb7f34a5b0d69ae0181fa0d3b372d05c8abb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
baaa69261eec5f495495dbb28a794cdf

SHA1
68e9b8f1dfcac63839d7fe81e8ff5e28b03b74ab

SHA256
ad79a2b6c084738885e918b2fabc40643a5eceef92aedc817b56dffcc53e859a

SHA512
187aaaff4cacc8af305597940a5462e993fec8e37b411dfcad4241dd20617f7c45413afdd81fe13dc4fbc9b5bc278887c0eda08918dcc9923dd3c688a119fdb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8e1967461f2e7b76d45768c0bbe723ba

SHA1
8e23dba6a19aecfd4da1736420643f0be21456cb

SHA256
33c55af9e23b8bcc64c5f3b58b07fc3d6c8846e4d819237b5a3d86a7ae734d26

SHA512
9e1a1f977060ef15ea2150d8ce62ae431ad517ada223ac4a8ba3747bfdf47966b27b7840faccb22b937053a03fcf65622334240ff89d21469cb4a0ea15a016be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e7265e6c156c3723eb4007d8c05d8fce

SHA1
9ed10422281bcb6b1000b2c846563edd86bd5485

SHA256
f764cf834843fdc0c9ecd6f234f3ffc423c3c11b4c210752fa72aab3bf54803b

SHA512
a3840c3a9c69d9a1925eedacc03f2fff578d7a9c8f38eede553f0b8f8b756e10897a3989fc3a8b9943e464294f6d7615b671a0faf5b83acae47e3274527b232d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f82183cd5539f4a7fda75ebed0271f8f

SHA1
8499b9f075a2968e9a6bed19736cb3e1c012deab

SHA256
a73883610575b600a44dfeaa81b7a3fe12ef64efe6cf0b18d32b6627cc31c4f9

SHA512
4727a591c9fe4bdfb202f56d685cb4aeb39e3dcc293292d9c4251e8d45429117017bf58bd085455d5e69f4cbb9e506ac09639a3d77e3b59ad8edd1123657767d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
75c3beb2c0f0eb760b03cf5a13f32902

SHA1
ae5f3872eb6dfc846f86e89a281f12293d4e13d3

SHA256
7d0d848d35c8598a49bf093fd57a12ed0dcafd09bfd5901433151b159cfe4206

SHA512
bc5959852d763122642a6e59640b6c58669d6d552ed45e4ce2d5b1f931a899987adf460a6826828bacf41e25d6ef5cc4772b35b4379075084ddea06c44057e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378405291780143

Filesize
1KB

MD5
29f217f12aa53091f8e50b63a195ae96

SHA1
eccb310d1b8ac61939b789dd8387803155074356

SHA256
4afbad3f017dccc17cbc1ab9357c4b09da2d83aa053032647bebd5c203cd3db2

SHA512
99a3cc6fac144fe350cd60a3ec88ab19500d9fa8bb51691e3386cb4e707f38a7bc7b874042203ad0003f803601b6245e87d97788022753cf3fab046af8bb7f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378405292146143

Filesize
1KB

MD5
51da7007c268562d2182ebd9afe4b37b

SHA1
bc0eb0216a202d6c96bd7544bd3449525f147e4d

SHA256
a7c13c007541f9848fed88f5da1133d5ab44e67387ba04bb06362eb69e1c769c

SHA512
173cb50fc10e5102397dd8bc6b8463f6ad88c0c233dcc86bf0f0202df2457df14d29365c50e55590d0c06812847b285924342e9d35f2ab509a544e468f75a826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts-journal

Filesize
8KB

MD5
dbff5b93dd8d2b2cd178ef1ff50c2843

SHA1
fcebf02dfadbdf4d4f5b529b14a45f9ab7ce900b

SHA256
c31903037e2ee940f5f5461f4418982b7ec2af2179946bc0652689686bc2260f

SHA512
6d192e744904215bc7cf93491570319e8e3d78da0273b2683373b3bc8ecf8a10b7102f0c2d63bf2f25864548908ce697b4ac4a1207aac3a2d701c512271425fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
344B

MD5
9ba4663649ab0ac264d6bebc0bcd44a8

SHA1
d5480f4a540af2de12165c80fbce698e88d1c2a8

SHA256
379a1a207d748a8fcfacfa507e5cb8d638fe16de41d79927d8986f36b01d8884

SHA512
1a67b3749cf372fb3cf540d22ee88132e0e1b640a710e4c3bd487cb39281509ae10dd890730c3ede36d7dfef3d52f12dd7a02e2d26cfbe472873aa51d7ce1be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
75f5856ad9eda93968eb6c92aef89413

SHA1
066a6c99d271cfd41e029fd96fbda446daae08c7

SHA256
5891e3f502785f3da10b4e38d7abd53bb5dcb07d535ceef3652b79e468da86c3

SHA512
3e8741d7e67c2c01c2774ea35fc05c82684abda0f752388d0205027c0816ed74ebbe8b929a5165c0bb2df08cd16d759e1497584007e57dd067e818157d830e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b2ab11198767712a91dc1c9f1036b2b0

SHA1
eb554cdf1489fec9dd0cf7562ccb7862ffb967f2

SHA256
9aabce40f32adfc4627c5bdaf808444a364a4a19153a4ae1daeecfea5bb3c1b1

SHA512
09ab7b5703cde9d46cc12c4c111e9ba7b6330d2212bf335f288ea2a75171b11f031caa9bcbe95bf8ccf532d82ddd8cac015879c8366b3eaeecbb6d41d25b4d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2c8e2fd6da1e3ff02c0d877b05c31109

SHA1
b0f1e69bb2ab9b35a7162374093e5749152ee802

SHA256
f1230d72dd9ff9d529299ccc66f4ebf8a04810bb2d686361d6361082bd7fa065

SHA512
36f1f7cc6d428aa6b1435ba1bc4b67af50ba5e1f7b8c3aa541372eae9133cb07d51b8ce6241a384f4646d131b9cff58be332b45e4135a334821f1021e632d0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f46daab915051f491ee02eaaf8ca503

SHA1
53fd860dee32dc06d5ee87ac6eaa4fc4f3d2f90d

SHA256
e71ea7f69b202b04ce64015300a585747f5541e133eb57d4f5b543579923ee25

SHA512
e1be011c2f389ea45ba09e2596c8bb2e908eff5371d6ed7e2f87b9f10fad53b2f4719c8ca5cedf6d84f292aeb1aea63464d1fb35683473640fcd3d937f126b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
102a705a11a6d73f08cd12f2ccd192a6

SHA1
be398c873b12567e00690800b88f32e06f70e731

SHA256
403fe2a2c6d3032891c783bd16d430696c5fea03f183a645762379e419509387

SHA512
72a056d976f50626930207a397d0b72648866ff63696211319ea8a0f5d4dccb4d6948446627aca1859fe7f029db92edabdb514455f8cc26fdf3d16928c6b48e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
c6f3b0dce51c630b5c510befbff6e76b

SHA1
ecca66cc0f497ad22cebafb71f24ca214404e665

SHA256
d2f59b2a1f64e964b021a82c9f743cef28dfe19a678f18c5cf89b850e1bd549b

SHA512
a17975c7b063b321656da01d20a3abc1e940d1b1ae5f50a62a9a7defb8d019441a046f3d5805a165948ff1d8c9c3c17fd59ceaa2ec8bbb6de76ce47e5f36dbb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9e02552124890dc7e040ce55841d75a4

SHA1
f4179e9e3c00378fa4ad61c94527602c70aa0ad9

SHA256
7b6e4ce73ddd8b5e7a7c4a94374ac2815d0048a5296879d7659a92ee0b425c77

SHA512
3e10237b1bff73f3bb031f108b8de18f1b3c3396d63dfee8eb2401ce650392b9417143a9ef5234831d8386fc12e232b583dd45eada3f2828b3a0a818123dd5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
73164f40c6ddf8be24b3dd3eb5db66f5

SHA1
365fb637fc6a84d832d84a98be5a7beef4124608

SHA256
8cdf6903809eef729889809d5791dfb8eaa766d7ca5e57b159d98078d4c9a4bd

SHA512
a664e257906bfa239f6dfc8dde1ffea839634ed029c74967c2fbb67f5c4cd94087ebee07ef5aa141af39b6783aae878a7a0af90c9e747e85041a16418a360b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
589f3af6dd837a376701fd2a70391514

SHA1
363c107afc04d6c84ab25a8f42883f54f1d7f4bb

SHA256
bea449c66d76ea79452dc2b15d80e5ffc18e625430a7a44a37009ca581db33bf

SHA512
49a14fc5b3151574c728f3ef0fb3d9d3e5b22a3ec96884c4ac1b070a9f66cc5f95f0113d367c9a972719c44bc17d3a86c24b2e9a1d9ec6293853872d0cd520ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
a72b4558625781f441377f0020a3ecf9

SHA1
fde4ab600d4bcf76df8cb926f0cdf5ce1854269d

SHA256
3f7d702dac1bc1a3ffb54dd84605d33bed92baa7be8d109e7f85ee5049402907

SHA512
c2aa8de160905c374f026a301197236d0c06f6b06f321caf3186b3245a063f5160b2a7cba276136b7d80950e78bee5205bed3292d11fc4cdb54bb94df706fa6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
23d484f270e3434740174b57022723c6

SHA1
e534c96c47d510fddf7678a1367396a39fbaa81b

SHA256
6a0c0243bc07453c0a39644f4ec2bfaeb6fac36d0cabfdc91cee2521fecf908b

SHA512
cbd2167eb69bc5ba51eb51874a38872cfa0cebbb6219dc67a227a188e67e368f039106b8463ab7974515758b01b8897ac83e7e64d6e44805594983694fd651aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
705ffa676ecbe8f4528f60a3efb984a7

SHA1
f243f8f4d1aeedf868032075dfebe64d3002046e

SHA256
69e4cd6b692ec67660d80cef12737427dbb7c22dc24709f0bb607e6946827e4f

SHA512
63e8d3a997b7ba6c4486692579d49699e242585b5f6672f98d226c1e72a9387523fe89a2f16bc13058b951e3e493e4b672a7cf059c60baed68526f2e4b182007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dd24824d887fd049ea4d7e5930ca2e90

SHA1
00e4c133725a0cf1803f9a0faff231ff8288233c

SHA256
d74c5650c6ca08f961e68729815eceb1068da37e7ec2fbb6e75790b9b48dcc1e

SHA512
f423c0b14040c50778ee5f9703734ba74fae9fb547e983dba2b3641918487236a5d58776f6cb0d49444274382c417c16f1db7076573c8a238eb7cbaa69592511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4459bf26eebf0293b75c624cdf1c6b23

SHA1
2a0cf63d7d2a2a729b1b84e221955a5ab46f2e47

SHA256
2ddd13a6fc974d25f11c33a905c39ba8b6d266f7c58a93a41e5ada5975c821c7

SHA512
f9246c653ea54d90833734d359ebba743e97a7978639a8c48f64f2b026affed9281e65a44d12af2224e0493df1e3ca3dfd8fd101bd4c5170471b5dd6dbaf8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42d0be6b9ec2d06e25d5e40eff4e44c4

SHA1
a454bce593b19975730c7f980cb1e999deb0cd3e

SHA256
334e643dff84ac18e1bf5b7c9a9ab0e1abe9d4a402d749a0e2d345de78217d7a

SHA512
0c9714101d9a431c2fe01cf2a33d00f07521833a8917137455f78f646cca5f74bed02d1a1ea7936ce75ea9b2875d98fd685c3bc1040c0cb98e2b9279d358140a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2158e0959c15a217fa406998c6c18f2e

SHA1
7854f646ac0295300c742a746baca0aa29f73eff

SHA256
1d2f4931f0f37074d63d48de2ebac576652ff1f02fe6e8a76030117d40b599e8

SHA512
7a993a634b8f3bf6579aed6c30d979aad9c08a992ece67d9440106a2fd43d30484db68d73ce8851c5303ec4e62f9cef9f298f1c7611ab1f22f2eee27391036c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7bd67f1873d80c3b8fe9961a881bccf7

SHA1
f5b8ad64e50394fc8fe55ec54358d907aa42d479

SHA256
d6f6198eba4a262f3491ea7ecfde49c0c56ffd2dbcff3717019dd677c9a7ebc2

SHA512
068f81a33ea9e18a777d6f2448453bc82fcddbcfa485252e8be6b0a1d7b72be1907217ec80784ee1f275ae2386066fc4eafbfc8d1deb872a44edae5c01562544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
71ebbd47517024dd10e674b4b060b296

SHA1
baaf99abf74805c17e973293b54f95ca8e7998eb

SHA256
ef422a07b93ce2d9749afa2b6b0445e2dd780e3646e99abadcb6eea80085f959

SHA512
2d28951b9c126fb63f77e162bcc797f3cd483c6021d35f9ce8b69271086b5ef12e31b0b7308068618cb9296af3575ade2bbce993f15d4ef44a4c30dfa220fa1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver7A56.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
605b0a2c64824eb1c249a0e9016c9c4c

SHA1
580dfd82b743608ae13d9aa377d2e6871120b5a9

SHA256
43150dbb1fc3075c4c44104f4b662e80b5665a16ff5edfdfc1f3b19402ba3b0c

SHA512
b56fa8938ed0881386f590d607ba371d9651e4bd29bba53f1b117bd5977462b05294827391f0b5125ea748a129351a93ae37f19b066532baafac81d23d596816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P2UT3MS5\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
memory/748-164-0x0000000000A00000-0x0000000000A25000-memory.dmp

Filesize
148KB

Download
memory/3508-140-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-108-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-109-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-107-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-110-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-111-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-112-0x00007FF9EC280000-0x00007FF9EC290000-memory.dmp

Filesize
64KB

Download
memory/3508-113-0x00007FF9EC280000-0x00007FF9EC290000-memory.dmp

Filesize
64KB

Download
memory/3508-142-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-141-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3508-139-0x00007FF9EE690000-0x00007FF9EE6A0000-memory.dmp

Filesize
64KB

Download
memory/3540-161-0x00007FFA10E40000-0x00007FFA10E74000-memory.dmp

Filesize
208KB

Download
memory/3540-160-0x00007FF7EB9E0000-0x00007FF7EBAD8000-memory.dmp

Filesize
992KB

Download
memory/3540-162-0x00007FFA0F770000-0x00007FFA0FA26000-memory.dmp

Filesize
2.7MB

Download
memory/3540-163-0x00007FFA0CE80000-0x00007FFA0DF30000-memory.dmp

Filesize
16.7MB

Download