a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54

Resubmissions

16-12-2024 20:02

241216-yskezaznap 10

16-12-2024 20:00

16-12-2024 19:57

16-12-2024 19:52

16-12-2024 19:49

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16-12-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

258KB
MD5

37698ffffe211da5c8b3f97ec1f36bae
SHA1

83f5b50f58b8c0a1451e8ba9f119b526abae76df
SHA256

a9614c6564109168c11a853f00a2073803c8a26af2effa33b861d80f78121e54
SHA512

368e0ee6d90d1f1746c23a520520a658964a7d289f846f2ed94772f28bb7331af763dc99fc7a8395c4a19314b35fbe9c5aa9e765cf7092e59cbd8f48f8ee3134
SSDEEP

6144:giaRHpOL/saqkPV9FemLtcIDSsmwj9OvZJT3CqbMrhryf65NRPaCieMjAkvCJv1/:laRHpOL/saqkPV9FemLtcIDSsmwj9OvY

Score

8^/10

bootkit defense_evasion discovery persistence upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2024	ClassicShell.exe
776	ArcticBomb.exe
3192	ArcticBomb.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
58	raw.githubusercontent.com
63	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	ClassicShell.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000800000000f4d3-831.dat	upx
behavioral1/memory/776-853-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/776-855-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/3192-865-0x0000000000400000-0x0000000000454000-memory.dmp	upx

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ClassicShell.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ArcticBomb.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ClassicShell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArcticBomb.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 32884.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ClassicShell.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 71173.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 500621.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ArcticBomb.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
4696	msedge.exe
4696	msedge.exe
4120	msedge.exe
4120	msedge.exe
1536	identity_helper.exe
1536	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
3364	msedge.exe
3364	msedge.exe
536	identity_helper.exe
536	identity_helper.exe
2052	msedge.exe
2052	msedge.exe
5108	msedge.exe
5108	msedge.exe
1952	msedge.exe
1952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	668	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	668	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2392	1988	msedge.exe	81
PID 1988 wrote to memory of 2392	1988	msedge.exe	81
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4104	1988	msedge.exe	82
PID 1988 wrote to memory of 4696	1988	msedge.exe	83
PID 1988 wrote to memory of 4696	1988	msedge.exe	83
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84
PID 1988 wrote to memory of 3892	1988	msedge.exe	84

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9fc3f3cb8,0x7ff9fc3f3cc8,0x7ff9fc3f3cd8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,15441408877028519243,15852006641484992689,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:3652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004B8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9fc3f3cb8,0x7ff9fc3f3cc8,0x7ff9fc3f3cd8
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Users\Admin\Downloads\ClassicShell.exe
  "C:\Users\Admin\Downloads\ClassicShell.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6876 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6880 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,4043052045753981530,15410327819635201829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1952
- C:\Users\Admin\Downloads\ArcticBomb.exe
  "C:\Users\Admin\Downloads\ArcticBomb.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:776
- C:\Users\Admin\Downloads\ArcticBomb.exe
  "C:\Users\Admin\Downloads\ArcticBomb.exe"
  2⤵
  - Executes dropped EXE
  PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
07fd01d492742b60a16fde0481a61103

SHA1
567de586760a629cbd60ea09e20721d49a7ee28c

SHA256
c4725bd3586ff4c9cf7ae4bd9078cdb58b5634059e79acea727a75b26ccac5a9

SHA512
a76a511549abc493acf2d8475eba6160f7670fbe539e9f901be0b5bcf165e4f9ff7c6604bbc8c8184d33522a5c88fd4b8a99b9ad976be61c4bb55a539cdc043f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24945104fc04a4953f05407e71df7533

SHA1
f20efff1d294ec306fa5b367ffc2b96c69c9fb1b

SHA256
13f3f502278dc178379e2720017ccd5d13d7fc11d253907795bcea7c30b160ac

SHA512
f24e37d054858b3a9a80f8981c6c841e0c3cbe7aef9eddfacc24c5ddf8d2d084bc1cb1c5dc99cbb79cdcad22dde4ecb4c602f0defa7202f732eb602886fe6b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32cc315e-43ec-47a1-98b3-dc4d15fb6829.tmp

Filesize
5KB

MD5
61fbf17d0276fe270a97c06941ccb595

SHA1
126588258018e771785ed31809cceb5a27bbd2cf

SHA256
eb2fb8506366ee7503fcddf31d5a3650a17acbd0ec7e38d597057887879182e7

SHA512
f11409d75b3bc003e656d4bb9980cc5b6c2fcb95ce07706aba6cd5672de0faa4cfacf380a28b757325dd00835c2f0a26226dbea49e16835629c58795112555bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d591218deb386ee4cc8553fecdba4cdd

SHA1
7df78480c76900ee61f43df9d0c7466bbf0fa8c7

SHA256
413d97d73fc7fe5ec8668e482a78458e73de82c662e0eb80ae2a8c6d8666ae1f

SHA512
17de7312d2017034322264a63bace12732a1fb52159523df773190aa7ce3ff58122a02893e44e8971dfe70644d29d19b0c0cf0f81ce34e48d2f732c185fc66fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
78895674b40c0c0daaa18005b8d445b8

SHA1
d3d005f61fcdcec7096f0fcba6ba56d602bfefd1

SHA256
1ec043aa214bc8c0051b67e5fb2e09b93784141e9e219b36de231dc57f631050

SHA512
2f73799adf8cfb18fdb97bbbdd0dcc49b6583e6a8e404a34c379d84239fb35396124874d7ae6004c5954d28ff9c18c70a0a268c639b29ddc5aef3b24ec911125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
468ee5702ad7e5ab1661df0d12ee3c53

SHA1
4e026e19a9f2b6c51eefb62c6aa75d1019a1989b

SHA256
164970a5a9e74b1cdd07e6f8746cf34a4ae13eea7370aa900285265ea0b0f7ab

SHA512
48f19ddb34a97621a261a086e624d371672c5dc329675533c5d81eea7b86ce859ca799f5bbea84a80d7aa479f392b9d51112d38809e893b47fa6b4846c21867d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
d8014f932303e86853e751f7030e7ad7

SHA1
e8ed1b503275a521428d006b488e7dab40a3e3bd

SHA256
d5a0f2f5cf1a02cfcf3ab4ff44598fb446723283864072080b402231b1a26925

SHA512
49e01adc431408cd318bfd7c3bb764a559b285e5455fa2f3af62b82c3b0b399bf3a60cf4b8ab09dc1111217c68d72d7097494d954c7d7f01732d585e439e197d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2bb9ca13a9d53cb7d5a0e9379a120c2d

SHA1
d6b3404bf11dc8781d74468ce93a74fadce69a02

SHA256
5142a66386e2808729a1f7a7182a15a9338c6dfaa5df8e4ca1c6318408d4bdd3

SHA512
087e302e13d1273bf9b51e0c93ff031ce59b2c391cb044943a4b7f94663f6b6a62357e6a2a5045680356c595c548ab76f30a8d1b094edca2046564e38569474e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d50bd4ff1b2734a803b0246ea3da6a56

SHA1
5dff4e409cc4137f9bdffb81ddeef64ef2667ebc

SHA256
7e0b5323fea40852e4d9ee7af9ac87e0529bfd01bf9fa190929e85f783254ebb

SHA512
127ee2665e404375523d5b317b457c5f5b9f51e19afe300bec5a1b904c3d053065f7efe63e3e56e5dd4549fe2a97aca18b317f1d3cfc34df8cfdb8d0635ffb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
815b305f3837b001a4505560c8e46572

SHA1
b688673b77123cdc2573554abc36d64dc87c8077

SHA256
b3845d1a305a536df804648bc40c8de4dc6e998a1098af813cf4cadb64e83689

SHA512
b9c5d2edaacff0706e18d4b6969fdc8ea03d5ce121f2019119ca3c37986afd0e7182e5cd83f6ba46ac48d9cb9a7ed1e69969dcb3f871e586fea09aa76e1ec025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
20KB

MD5
9d61cbe1072c777d7316a11afb966879

SHA1
dff37854ce34efd5051485e1bea72c05e2b844b7

SHA256
816fc740eb99e72b2b53d6388bfed959b0db8c7ac38a77b37229d0b550691c77

SHA512
c803538173dcd1e1e9488a39066a5323efc0ba01c14e03cb720d800aa778938d969fddede001b9aeec39cfb15261df237e10aa3b6c9d85ac7e1eee8f6109fd5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
3cf268a7889784dd524a536f627e1146

SHA1
02a76aee415b3f20c0980c75920c80dc874530aa

SHA256
f5d027b0c5eab8b5d851c94c0b5388c83c78048364f9dbdf5a7c72beba6c3cff

SHA512
3702bd0e9adfbaa6c5b4e9341481fe6cbe13c4faf22e313f6afaf8adf09e6bf519c5740a521cbed75a525421cff9e45d6886ededba808b03c0899683112976f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
ee1f1d97361742c726a6f172bdef63b3

SHA1
8fb08945d200357461035c6872d7cb612bbcbaa7

SHA256
492c8ea7abbbf65c27e481b7197667551ef334d83d869da9445b5c3cef76786a

SHA512
bbb7b04d02b896d53e893f0168bb86830734ad8d5d45381078eb23047da6975094af884470fe2c179735fec98a50b94d691efc30d3e3d38bddb9351cb89dbc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
4115e3a119dc21478695734da450854a

SHA1
9cd3906242b8381949d9d48489528735668726df

SHA256
99d08811d4a863be27b4f3ffbf0d5d225920a66a357fcbfc0fc9645ba6a44ed3

SHA512
204dfab65a42d8435bfe97326fc0a406a53cbea847877cd9aa75467da81fb6bda6011ab99f5d559633725aa2e19ed7bf2dec4427a4b0d7b92bddf6121102bfd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
209B

MD5
6b05ef3c8a6a2e8562935dfbef915238

SHA1
2a186af57068b9462763b6ba695cef641170b199

SHA256
26e78041c012ea9624585f1051c09cebb1f133144aa3c0df891bb9a21293f7bb

SHA512
015b326a9010b50669eff53c8a898640db9b437b54ff2400ea395211465bd9d21009c9f82c66b338e8e349dfe76b53c6701d41986e04a0522705c7faf40945ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f31b1dd35425ac4e910641e1949cccd9

SHA1
3ba9f00d98524d4d1a7768d470663a26067c7fae

SHA256
ce74bb9ac473e714c9139ed854ec6f2e2d1b5282c03adb01d74d8bb07ee081be

SHA512
cf18f11a58f07edd688dd85f6155d4a47095782cbd3163642fd9f049dfcf339df67bd536edaa932a1425f407cc5f5f9d22ebc82c479f16fe4bcf56cef37d5cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c84b7f16655b7ded603854ea6e22b86a

SHA1
bd35badfa9fc9984949a864f0e0943dccf739cb9

SHA256
204af6e682774b2e227385ce9d7b442009b29ee23c11dad39687c0239fb6aca9

SHA512
09dd14db398a29610013ffea49d9c6a2c3d0ac20bc676684fc44c8034667465f5ae118ea60859f99d46b449ea1e534402f02fd8e42db7683149cb28c6c0972ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
632B

MD5
68647ba3406743415f9018fe5449a77d

SHA1
9a22162c035c6058e6f899e1c1ca964be98b6728

SHA256
ce8cf428073851c95deb7542698ee1cb035fa45ed35507e95c642240ec535ee3

SHA512
4fab11d89c9668be8246cfe1b9388064c1fb1c70ae3734a9c59c0132914225a08d09982142ecf574c4cab8e070d1ecee3a4a3693b7657c2b5b9cb80d3dfe82cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
585322066611a2fe7f88da14e221c2d6

SHA1
dc6d722b0d697c438c07ba5c6f5dee670cabcdee

SHA256
599a85b35bbe219d141d312529458f8fde4a2b451a8df6c146a6fc6351c0de22

SHA512
1eb791bd28f474202f33b5680cf1e2e586a92b52a668efb78bfb7ec2021b80d8889c5f30ee7883ba3fb6d20fc7a1183cc534f6e57da5867970baeb27d97ae227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ca2b89133b87c6ab872bf855016f15ec

SHA1
da540fa0456757b3ddad0145753ec0177652edc8

SHA256
50517e23f8feb32bf474fc336046e6846be09aa16786abf412d0e4dd4dc01560

SHA512
b184dde4a6e52d26e6b961c49a4957ee2d2fa0e4a0ff9127abd08f9d0ac97f80841e7c4da6e9379be17c99640899cf52b88cb6056c8944cbbcebef07219a2dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c4ea74e8dcfa72b115cade91c7c3415

SHA1
fa49433b5cd295b3439f8e2f93ccba57a55d4e52

SHA256
d54b90e0bc69d0ac8d2a8ebffaff6aa7c2a426358c01efa6001b8951eddd1363

SHA512
20ab8870b9a623396575c307fa7d285edefce88ef7b5edc15713aed5aa0ec7a35077039e8ff38cd3e226c875fe8771685f381a4954b85354d5bfb501f3dae47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0dac1586e921d1f7654f6eca384eed69

SHA1
0e49551d33de3f7edad220cb2f579965581ee34d

SHA256
e6246b79750d9688ba64de0364f700eee1adcfcbf89135f7634dae1556ebc0ca

SHA512
0516d3e061c80668bf34a1cae17e136a28426ccfaa97b90157532002cde0e7e34dc074219bea47af7e993234ad0bd656a854e711364f9f0a09c0211dcf323e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b733423645558e80f7ca5a86a783274

SHA1
a3c3f8852ba61615229eef8292bdfd6dfd44a79d

SHA256
9a5af5f51a881a1b0397917858369ceb46a57c5b5d000f18cb8f57e501d37390

SHA512
43ff246cd11af98afc116e6bb8782b365c7e322f8af07ee4853cd708ed8810d621c511fde80d792a121d28db22812ecbea8f300c73afebb3730ed4097d98d914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fee57ae2a057cbb12ec77b476f8c1d48

SHA1
181852ae01365e0f5bc6167e761b4fd91bf0f840

SHA256
a7cc56b1d2d505affb7b71b3eafc8cbfbe19f61bf1496e7185f6d1f06909f900

SHA512
d62be692e7c4dfaae05a5e9e2937da343ec63f129cc94d8ffcdc6bf96f6c4b73b15826156edd9ddd549b494344a368603c87930ea26508a0aafce4dbf591ba5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e14413df458ca1dc5c3e10ba3e118cd4

SHA1
e9fce99be2bb4e92ad39bc35ce3909c91d8d0be2

SHA256
ef6e5001611b60538bf84451d9c38b8290a46a794801dfb362057d344b093a5a

SHA512
1d57c2b9fe93ffffd26347542c8b31887715093212144f6167014cd9c80e5a594935a5ef45a0ad433b3355ee2038500c328440138b80000c64f6031e0a46596a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
776ad72708c61319af979565ac1d464a

SHA1
76720317922f6aba88130fb956d200afc29ba7e8

SHA256
6cd69f22dbca0e42a18545044dea26a9f3281a9bfe006e6b995d4866e87c98d8

SHA512
d639056cc2b1d283b709ca1b764d2d8f6c740ca400c2d7abd2da349814b166f49d63b16e83a2060d8b0f6e1a9de3c765abe5d901ffae41c2a966f3f13ee2d8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
fe0b3b4ddb45c9470593a82602b49608

SHA1
9f13069f3a7a33f18aa3aefcd74c6f45bd151bf2

SHA256
36a63ab7122b16aa98af992bb782721e72956663cc4147745cf894c7539da04f

SHA512
9f916c899d62137b41fd042d2a18d5e9092f4328a3599acfe1d2b3a2608b40168097a4131ebb403d9c2e14dc7fb182718ef70ef297e457fe965c6cb314b183cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
5d6b8b0ff014a44bec6157c0db6fe78f

SHA1
d108b49dc51a5c7eabadcd19425779fe88d7b66d

SHA256
f318b50aaaed92a456b8578c93c2cca8ceda2b47d41a59b0612cb6cd61ff137f

SHA512
79202066dc952146c3fc71c8d69586838b5a4900993f55cd3f8b9d96baf57b58747d36d0594305113fdf907dad7c78852296f49ac50bf5af7cbbb4c35b29e6e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a6f46429a9e87c205206a2e35081bcd5

SHA1
cd70db10e610ad678ff3136a2019542c27316516

SHA256
33f0f38843204f3a5f5f93c913c384b21f0fa6d32c41fa4f70dc44f67e0efb77

SHA512
d8a3d4bad1af55e25886d91df280583650a1e79aab1dfbbacf104e7f6babeaad44d534aeb3e22d78c59acf54c106ceeb7a0a3528f3bb31aeddd25d5cf543ead7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13378852378056745

Filesize
13KB

MD5
395188e9e5644945ac28a2ce656f50d4

SHA1
d33cc9fa070cfad76a99d20f9d714069681a5c51

SHA256
381c8069ffc665853d95d046c5721d3219f95c24ad43d74dc4207a2b7ae45e22

SHA512
577210b17ce2ce9bac4015c57d4ffb5ae87eae9f29de21bba6a801f2c5c460f826c3819d47c5668c695028f07633be06abcf35a0a124ffe719e60ce0c6c6cdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378852378162745

Filesize
8KB

MD5
0f6bf359257a7959fd4e15b3a3210bf5

SHA1
d03c91391bf0770dc18b5bc391fa1f352f8ecfc8

SHA256
3519f02b28dc57e7a1c6f185f9f4b75abadc664adc4efeb8e2a2343b20d206dd

SHA512
2cc7aaddf59e97a864c5230c0c41218aa871d93f682f7f25883d4ca3b23679eebda2796df2be120e22cb0a0c784e8385e10a95b102a37df4822db099e2956924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
77bae825d5041c539660ed6332679ab9

SHA1
3057dd1ba157ca46f06f90090864e0e21a7c2918

SHA256
211c3312ce3fb3411ac9592ea160b550b526c9ba5c94e7aa481b752cdb531acc

SHA512
008d2a9ed5348ca4b0eebf54e4579c358d63d830705f23217ef4cfa1c85f1792b50affcf322a8adec89f845edb4ab09f193a9cc84693a3ac72ca21727ecfeda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
adef22f1a32b28a378513b8e837527ff

SHA1
29f16e34b57c2478a3a4cfe5d567963b0b564a24

SHA256
d9e368d8e2dfa3ed021f9ff4168cef53cb4f19642c579d914e7eb398b19e9bd5

SHA512
8e5b4747f0b315fcbd7f189ae61f30809ba820e6eba055fb1d8a4fc9d53318ab9ba2f6abc945785eca9ccdb9dd4e09a98b101e72c9bb4a95a148789c37cfd5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5a8ad8beec71fe7bdacf44b3574d80aa

SHA1
96d793f34cc00039365c2b20680182b427a91490

SHA256
446b0ffbc054bb562d204bab1a09a8f19ecb88c4428b20c37a5a4b0d867e0f54

SHA512
10d415cba13c7a9e4e6394905d02c12b7244ef702cec477f105d428a3d361a7eeddab76b4f4db7f21797c03425533e123031daf8d91c0ab249a79bef4e3ea254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc786b170e9dd0b010a8d824d747d28e

SHA1
c6609186a4cbe5f54bd36efdafe3813d00be1fcc

SHA256
8d5f62da0f436c5daecd08a144838f10d3edfe412cc5c6d4acb14f2cdfae67cf

SHA512
eb1ff215b602d0c207c6622850ab79d8096281fa46f380596874b3fa615dae15ca6bd7a2fff4199e132d22a0047c4262f9aecdf096fdd1553005623b2d663493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ca52264e600d2724bfa7a962b5fda548

SHA1
91c324e3668a3b864e4ee9d3a4a1d8130aec8d41

SHA256
99ad8ef030241d32ce60ea8988c1c7d93fd49d08115805aaeccbf5729e15f68e

SHA512
a325be2c24251e76d9c84c63bea79f2f813251e3e56ece2795d66a1de2d83212f73adb323fe4ddaabcf950e8358a7dcada7d9ab7b965c1c69b196be945e91cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
df59c7f681e92a9cd48ec5b2afc0aa28

SHA1
fed96946658c89028c4adf2ff31a0f71cf44be6f

SHA256
90ac61423c45a745eeae78ff379b562feff9de53e1b961a3b6eaded041ea5f7d

SHA512
885cc6d0b6c0277bb1e3b818faad3503e55ae69bf33f0e6cecdb35fa24936914b7b3734dc9b8dce18567ec99c5cf38c577897012139aab35e1711104cf8de6f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
62fd833c1a149a2a9e29bf63f1431fdb

SHA1
38f0326b1322d40e9c5e9fc6dbb38d2494cd3c5a

SHA256
27d8ce09f3a3bc702f890a393f4b89b15cdf21eccbbf58b6d13b444674fdaad6

SHA512
872fc04a78fad1999cc86d03812b984a80f8ae8783f6d75928ad17bdb22228a367eac29e1e8dd593a160102c0d089b274512c2fd194748903d5ab88592a93079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
27aff9ae6200db06c8de8ebe8dd6f9e6

SHA1
ad7d54e987dccc73aee488f05fbefbb0544b96b0

SHA256
01c0118ff326308052ceaa37df701af566facf38927b6533c964eef0109c150e

SHA512
fb9b1299ebc89fb1fa06c92abca906be753ebf2e8171ba126bcd7d7417005a8af8bb523d3409472ff0208d21bfd867eb501619b8ee7fddcb6cb4e0a3dd8acdce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c84a6fd252ad7a6b924e512fdcfcffa7

SHA1
93e7adfe83dce8ff101bf933e554df2a239194df

SHA256
6f0aa98cf2793be1de3320ed4ba0aa91fedebe4af69f0dc2958c2716b78c474a

SHA512
5333427c8ccd67fcfa67deaa43c7a8bd7413d7b1ae6e27eb1cbd7bef85334c2b268ac89a06529ea99b62477ee21cff55d8d760960d4b852bd770944a69d5b02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
06b881a882926d531cbec96d0525b572

SHA1
d41d43cecd48b3e38d61cfebdf20b6b199a9f338

SHA256
94f234e6f0af3e6d28c4ea902012a8c286a7b8c5390092300bb0c20d6f65db27

SHA512
bd3095c340033c98064002c46a77ee28234fbba639b7b2d30a38ab9a3ad74aa866abe462a40716b348445b924bd1b2e3ed063cd349a0aade49baaba15f50914f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea56346d-0d09-4f08-90a8-b46880063377.tmp

Filesize
1KB

MD5
24ac4acadfd59634b3e246f159d18e58

SHA1
bc7f3192238263906d284b05b3a8ffdf27a4dda6

SHA256
4d1b5cbbe50b6c17774e2df7cdffe259bff96dcdc8a2830e3b2f0bf1139ef965

SHA512
a1a7bd7c1f679c7fe30751ab9abe0e0df0dd4e644d3f24628e00dce2c8f07d987d2e63dfa181e0b0b394f4a61d3cf2a323416d2744df36b0bb435a0405db8603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
0450421f7204aee1f6bf1522036de474

SHA1
955eeba1a245c5da8cd2cdb9bc17f9f4a08ef72b

SHA256
ba12ae053b79169c69ff2b88d2cddc1725c17723faa30b6fbcbfbbe363525cbd

SHA512
c130d66f5b75a60e65b1bc79c0a63e5b453aedd7249c2a718412a10accff6689e3fff51317ca05f131029dffd5f3e30d6cd8198799acecab9401d9bd35d86103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a4b29b6d04c9411984607a9a278d3289

SHA1
e42c475162f8f29d14bec42a7c831d2c3925c0e4

SHA256
8bfafa3fd17d7a536c6e7a9207cc4593e47e5becc8580f25b97067a13814c13c

SHA512
992c9d5a470ac508a57c8a07f6eb1af0c2ac1b302a0614c1602c3e6f57cdbca6b65959af0710e3e110e2120cc63e7ec35ae2f357d59a0682f26fb0f934e7a23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
2c9368b208c0f912962a6aa1326fa950

SHA1
4c9bb37773a226d13c31070906436f86e3b553d4

SHA256
03e7e13f9eb70b4927d7770e0cb2e928534bc5759d10e96994f89880c9f2ff70

SHA512
ccb176def3fb16209385f0c0d56360bee5ff5a70ad2a79f57b3d6d0075a2e9b322f5ecc19e0a252b357cb7115c154f8fa3b76440c9ede3b60204d04772ba3d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
030e4f72a5b5ff1d2938efe28c257dec

SHA1
66b7ea3ca8e060c3758265c7854f3f263c9892d1

SHA256
c59bfbdf32872f00eba121df668eb158c79c3d1328ec2a80e9b8129389d88afe

SHA512
2e50814440d96a4ce763847136ba620b397e5ccb56cc6c9e3c9c36daa12224f919048079276f4a4eea79960f74c689eba6a5587abe0cf7f31504945628a51688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
db90ad3c55ee3c2e0e39e8c31bb737a9

SHA1
535c0911dab1c36baca319e8eefe52edda434840

SHA256
a8da49f0bddb8b909a56aeeb764ba1a809d1d9d805b8ebe69d54b4609cdfbffc

SHA512
25d976d9057d0e5a0370f46ff4b69cbac7d37ed038686db6a36a18a60c40a3c41657417a32e551185cb3ba4ba37cacbb167533eecd73d668f2a8a7b0be655c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e8789d7a9b82e43d9e0fb2f087d14163

SHA1
70f099dbd37da7d958c077a46b8b7294625d10ca

SHA256
453ee95f62de99708128f133d91f8fa66b648ad30390daba33d8ebd59fa055cc

SHA512
11f4c8cf7a134caff4d80f404d535d62284c3f6ed2a2ef8279540f57a9a93061dc4e8baf1c5f798ccdad581a282661b6d6644a4b260578b0db83fc4be7468525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
82d62e44e2a4a44aca9a03587e8bb935

SHA1
ba02959a5b8b242b93209b8735fd3fea6884a096

SHA256
acaf3fff2030d61e4b4917cfd972eb2dfd44b70ecdecb4caf3d2ad60faebb9d7

SHA512
c5e4e43e38e9c217b450b96570bfab0184c8bd3545bbbacd8c54e3a16df44331b68b8e195b2081d48ef09960ca200143a7ae94f0c377dacc4f1cd5da13fbfe88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a3c4fa88742495c53bccff68978564b2

SHA1
c637d6a6690b2f90a36cc20b935e9e898cec870e

SHA256
d21be15fa65d08eca12469d9fd0c8bf60e631a238ef3ab6961bf279eb5d99ccf

SHA512
fd1e38f4570b107daef687a4257fa732a1abaf707200eded6d99ab501db85ba64d3da28b0e95fd2e1fbdcd038ee5e5a67132e5a0d77f73713bd08c32f3acba87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6426f1d823c7b27c5af01f0b4abbf0e8

SHA1
638af86b8f064e1bf46d387f77696ecfab4f480c

SHA256
3ab8135a0f586d843ac11cbd29ca85846aec6e19465ce65510340ec1ca804e4d

SHA512
ea2e4a9b73a683c4f20ffbc22251d4b955b3d8dfc02ddb4a6f3a62933c134d6e2955183c40754d9008b0b68eb8ecbd3f0896af24458504f4e6484a087d0b2eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2b14712212388c99bc7acfea4bbc2b59

SHA1
ea317b9044da591e72b40451d8c7ce38ca820702

SHA256
4efa94d756729c48da7a9903c175c354b29540f9086fc004742af88c7d83771d

SHA512
0658312a1aafcbc9e73d1bc7e2709d1ff8fa45839987ff3146b178f007527a02d88d6647900a2904c70746468e455f187377c00b155f8d3f9e4f060c73d14ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5d61990f0e2b626c54bcb5d1957c9af

SHA1
c76f33c5e637a37a8c780e80f9180ef6dfd03dc8

SHA256
4edf32ef66ab096d6e18607f970f4af9f6784337e1d9ca8daa9a9c8e1eee21bd

SHA512
7fd13c69024f4a33471666442a1dc0f03950dc55b0681a24b316c8525e28e508e39b4b05a7a3b7d1d87686492fa465896523dc0b2555f3b97ab14c3a5448663c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab7e20c17a054f6e90340b50191fed67

SHA1
5a90c9e3b0571c8a1e100927963eed38dae779bd

SHA256
3c8ab4ff031aee290a9b7d152c3fa8fcfc5aa0ad5eabba91689ef8859d086f6b

SHA512
19ba81d3faef2579d6a4914e41f972ff111f4a8052339aeb1abd31060c7c3a352e1823113a10f1c4863154ec373c8c41d77f1269b00c68c13299cb58b45b1484

Download Submit
C:\Users\Admin\Downloads\3b69ebe0-b1b8-42d0-bda8-805ba86001aa.tmp

Filesize
6.8MB

MD5
c67dff7c65792e6ea24aa748f34b9232

SHA1
438b6fa7d5a2c7ca49837f403bcbb73c14d46a3e

SHA256
a848bf24651421fbcd15c7e44f80bb87cbacd2599eb86508829537693359e032

SHA512
5e1b0b024f36288c1d2dd4bc5cf4e6b7d469e1e7e29dcef748d17a92b9396c94440eb27348cd2561d17593d8c705d4d9b51ae7b49b50c6dee85f73dec7100879

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 71173.crdownload

Filesize
125KB

MD5
ea534626d73f9eb0e134de9885054892

SHA1
ab03e674b407aecf29c907b39717dec004843b13

SHA256
322eb96fc33119d8ed21b45f1cd57670f74fb42fd8888275ca4879dce1c1511c

SHA512
c8cda90323fd94387a566641ec48cb086540a400726032f3261151afe8a981730688a4dcd0983d9585355e22833a035ef627dbd1f643c4399f9ddce118a3a851

Download Submit
memory/776-853-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/776-855-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2024-766-0x0000000000400000-0x0000000000AD8000-memory.dmp

Filesize
6.8MB

Download
memory/3192-865-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download