92f4be23fd098350031cbe2f661f90c7377d691eec91808636d415b9741b029a

Analysis

max time kernel
201s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
27-12-2024 06:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

NitroxLauncher.exe
Size

3.5MB
MD5

e801cd1a9af46b219768d79f7d2a2b98
SHA1

a2e939298aec1770b0079284b5bc275ba9cee517
SHA256

9c34793ccd4cde1297ed243858b6411305201b95e86d1e99cf493a9a51b88e5c
SHA512

48dee9078223881716bd1360881233b6a99df3c1f6063fe69784e77243ce55e988fea1365184de69b4f1724cd59ac02d6e8deaf7fbf00eae82301122c09e71ee
SSDEEP

98304:fUqYeHg1UsnKLycqQYcDcwuavRfFujF0NpIl:LU18yArhvRfFujaNOl

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "44"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
1204	msedge.exe
1204	msedge.exe
3364	msedge.exe
3364	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4468	NitroxLauncher.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5100	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 2192	4468	NitroxLauncher.exe	77
PID 4468 wrote to memory of 2192	4468	NitroxLauncher.exe	77
PID 4468 wrote to memory of 1204	4468	NitroxLauncher.exe	79
PID 4468 wrote to memory of 1204	4468	NitroxLauncher.exe	79
PID 1204 wrote to memory of 1832	1204	msedge.exe	80
PID 1204 wrote to memory of 1832	1204	msedge.exe	80
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 3628	1204	msedge.exe	81
PID 1204 wrote to memory of 244	1204	msedge.exe	82
PID 1204 wrote to memory of 244	1204	msedge.exe	82
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83
PID 1204 wrote to memory of 2516	1204	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe
"C:\Users\Admin\AppData\Local\Temp\NitroxLauncher.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe
  "C:\Users\Admin\AppData\Local\Temp\NitroxServer-Subnautica.exe"
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://reddit.com/r/SubnauticaNitrox
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd30783cb8,0x7ffd30783cc8,0x7ffd30783cd8
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1720 /prefetch:2
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
    3⤵
    PID:2516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:1648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:1364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
    3⤵
    PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
    3⤵
    PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1324 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,16093380017618808665,14372863423722716455,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6068 /prefetch:8
    3⤵
    PID:1456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C0
1⤵
PID:2608

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a10855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
268KB

MD5
ae95d57bebe02710a00b9af6cf1b3efb

SHA1
50c4638c3728de159b6285a849927fbd89396ecb

SHA256
883d235243bd679f2d50cad7051897d2db798fb953b3be1ed829dafa3d12329f

SHA512
decd0aa7b948144343f830530c3880e414198b5c30af4e3c46989fa3d08aad20a7d78333174529cfdd97a84f59b8434d4aaf36f008b43f0cca05db540537c52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
274KB

MD5
2ca975a89885e985559a28f6eff175c5

SHA1
07a48c0cbbbad2c55604936b16d077c4f520c1ce

SHA256
9d8eedaca68badd40eb26ccebffe745e0be8d9ed597c5a85ee142a31db64f801

SHA512
0d6ab6fe2f70d0d9f04433852e8aff27dae8b8eed6433f7af35d2427d2f9ed4f948d89fd89107ad6396a6703f9ae5787bc4a03250e055da4b6d9f2609ba4c270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
1024KB

MD5
953385f4997dc21fe7d123bb7c1e034d

SHA1
ce116b8fd02bf539ef5db5fc83118efbb8c11bba

SHA256
a44327b8b7712458999165e70ee3f9d42a88141ab2454644394457b6b7a5c12b

SHA512
59772ad3bb76c675728958e31e2cbffab94f1cf1d7103798c696d29d7fef342ec9b54b80447a86cd785050624510f554dab9058600b771ed8c67c6ae2bb5c0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1024KB

MD5
c2cb629d2aa705305e4a21636bcfde96

SHA1
afd61b26ab480c4abdeccb481a74122d101900d1

SHA256
d5d5b8493a8875d1bf6285ae1f88863fa5a25abb532d1fe86d2c68bbaa044378

SHA512
7779bc92582126d380437d7b9aca08bc437f355db6fb0f9657ba224da5a3d94843bd13fb92e82fd475d884f7417afb2534d7fb9b40533812a42d01d3328a5c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
00d1be252fabb5e4256ea6adad6150ed

SHA1
554588aa9ab903652ac29fd1980c1455470ab07b

SHA256
ea999e3e6f16a8d648b7afc744ad5ceec99e56e3b7b7fa5623393eb3b000a444

SHA512
704faff06e4ae11c67ebccaf34ec3002692e9f33f8fad76b97dcacb54584fdd1de1d779bbaa9448169f56f42322bab568107e74575742bc3b29bc28b7efbea72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1784f1ea7270205f55146c30368be589

SHA1
f8237bd05d37b06ef1d7a4d5d90729643f3390b2

SHA256
31877c23570cab14651c4b5ec87d7707ed62ab63ae73d2d92c08bdc06cea2888

SHA512
fea30dfee590d88a14b38aa78a3fb0b3d0dd7d4a574e835e74645877ac719088c801ca50a7be09a1e5164d888883544dc2174bef424ed855557076225f3a001a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d7909e6618636e48ffa5791fd6da42cc

SHA1
5b12a14120179d7981e1997ea6210d0ca02b90af

SHA256
3eda6b3287c52db68d6572693c58036b416eb6ef4d1dd295d84fdadb33a527c8

SHA512
630fd57aad862c46b272566d445053d129e84472b25f48ef92518bebb3c6c8351512dd972ec2a09de4eaf9a247f06e2b6e6660bcb2529612780fb30683d4a5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
40c629baa2a3a57bc43a14e78e58b48b

SHA1
bd11c6d0b3a1b8d23cc29a31549a7cae25aa709c

SHA256
6f8b0acab050f67d9e8180ffa6dc8922cefd106ea6d530d03d518dba7fbccd16

SHA512
3594f4ebbe666ff4505699dd9e2369b98b13ac5bc3794700d74fcdd56741b1d13a0430e84ad6725dd0f7be8eb79a7e1528e9340204cf8846ce7ae60f4f14f0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b9cf98e386ab39ff3fb4a8d9ac79226b

SHA1
d3fc868ce80851d6769d5e4228efd12cac4da74b

SHA256
226a1b9de70a82e5f9265df7b1821082fd3409e7fd19b0d97b715131cac96cf5

SHA512
4aace2a31eb7f781098bafb0ef140a0c9fbf0ebc959cd522c30e4225daa04bd3eadc51d6df03fe010f0a9848b1234f53a57ab418c12d01e15f5666474dc05067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70ee51aece7474d84cb9ee64b4474d5f

SHA1
c196cfb4e9e4f59a382ee9265a66bf93237d22ce

SHA256
44abda8c0f096d550041f03c27873df6e473fa8e61cfaba1162df05f57f8aaed

SHA512
a5dce410f29c5dcf3a2cc7906942ee6848235e76f6b7ab24815dce3524028dc8d9d424c87f98350c15dfe98d467d4388196640fe853cb40ddbfdcd3bace5da9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
210f8e067d95c55e7877bb7f0817bef9

SHA1
361ae195b3b8f32694dcc59572aaf6f6b851a6ae

SHA256
8c7aa7cd527ec978d68142a63ddf6b1b3455d924ced5e75f6c60aef506dc51ca

SHA512
3fa355a3d26652aff436691ce61916a32dffca843b0de5047f0a3cd9ec0a42217f41db7efe86119452e3897a989c79bb462852a401686251c7cded850b1bb794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b4ca76bc76908ce28b2e585976fc278

SHA1
ef59fa98d0307d321513e1fa7dbf3cab2e81932c

SHA256
dc70f9066a65af2509b897b4435608e27f1a4ab01aa748e5e82eaaeed189812d

SHA512
9344cf4d70c82239e403d98698a1a053381c36a280b7f558d15763a46a49206797a5a5c50ed9b72d8c4402d18b6b324b1b7ff3b7c235c0ee068b4a4e630b943e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
54043bacacb3cd495f68872babfc33d5

SHA1
b3f5e35eb4661d5bb83844530e60aff2455eaf62

SHA256
5d2405f2634f3cd9dd84220d764080a5a0c27fbde9abdeb4d11abd48d6e566e2

SHA512
a460857e0effe82ade2459a03751da2a1f94d3d3827a061c2a5f319b2aff33afffcc52782c2c6b68f27ed6921b087a580d9d95eb522a27caea39ba9e6fbcf320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
623ce6253e621fd6949df6247762c51a

SHA1
3b3ab3b44036c6bea0f6dae3d073bcd26b77caa1

SHA256
28dc0839e3e440bdf4585d081b13863c55e2af0ad86e01eea1222fc1e2dd3085

SHA512
7c9c6f47816df302dcae121d4142098c9a49ed07341a83956eb6d62106b4db4d63a5131bd54fb5a6fd88507caf70b5ca83bb27dcd2a9d21840195978a3f35e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1023B

MD5
66a41fdc6ac63b0e32820f1f1afca033

SHA1
33c62c2a124a8ebc87953a3b714ec11005742df6

SHA256
21392f632a9d4e0278f6118647ffc7fe647fe2e9feaa0a5e512209de29646091

SHA512
257518eb8af8a38259f222dad83d5722cbc366e42f9973392878fa401327f2c3130d608f7016abd9c1935d66725626eeaa22bffbdcfaa801c8e63a3b6de217bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bfcef33eb9f7015608420dad55f6680

SHA1
399f320b8df5b26bbb18608614fa8ac7f79037f9

SHA256
faea472979ace970a36fd7f646baae4dc35573f24727a445c06da983314e1843

SHA512
6e85933bed33d3ecaa4e73c4a35fe6219093be94500610943f418f39112f61aa0b89c146b19f5987d644b7f9c9f7bb6ba5c8a5ad5119da577194a18d0aefe1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
867B

MD5
c047b0329670dc457041b57b13cae05a

SHA1
cdb6bbbd3f4394ce71f9f2d55a2d2b4a7ead3242

SHA256
dd6f6859365515adb909ecbb7540e73827b5256403ef8e78ee2aa59b233decd1

SHA512
f4244601f99ad4fd15b14996eab20d8399bc4c60e6ac19b913a988c770fabda84b49d1826918443ba66336983382eb0abfb8ab61a9533f976d4f8b46abe43505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1023B

MD5
d9468f8e80433f5244c18698d75c556c

SHA1
bb6f3f7e42b6dc0ca3ce7af959b3b30ce35503fd

SHA256
b0bc2618442371eb2c89821577ff1d6c2c62742223d744e759d13fcdcbd9d7e1

SHA512
ab902d52651840dbdf695eb123af6b5c058cf1becdf36d73be8e0447cc20af2b780c11c119ec5149a44e106c1d3ced2029cd110e9a9c6bce2c285e3fc2ff1c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
51d51150190d93a9e2d3f1caaccbbd17

SHA1
f3dfe22954974d20691472b39ae3d7955a55fcb6

SHA256
3313e52f59fe17a81b5814193440bc9cc991e36ff149d066f64f5d7249704220

SHA512
9da9f7487361246cabdbbf6e6ad778615b0d0f3a743a93f9a82b6394479eb1c17ce9ca680a93f602a84816a45f3817860bcf1ac7d2622148fa6686dc9742d3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
553a6dcc49d525350dc68f9eeb87a90a

SHA1
13c74541b186c6fdf117f7348ca70d6002057040

SHA256
0aa49b449b8f4941133ba73f0b5ebd8d15b3ed72b8c828420f60cf549885d3f4

SHA512
e719e2f56163bfb0321fdf1c6eb1b1fe663a691f1dd8d58c984ad0cd6d6cbb0b19a203a446606e01a8747f5a33338da938431b09f4346ffad5984a7eaa5c3370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
c0893f9d7fb1296a50e16a92df77f9b0

SHA1
ac28482e258a59166d5d8bcb8f273bcfe86f5e4e

SHA256
f91558bb31a6a49649d49988c8ed365afe5b88352f75a752ffb2d587c419f174

SHA512
353deec6eea1e106e0e2d6403c97e0994f6f7c3d09f0d2c646f784928138a3b57545fd173097f8542196a3af0d36737119de529247488778bafe8f25dbe4bf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
276bf1fd467613afde206c229dab68ad

SHA1
83d96d4c24ac1a16279a75fb6061aef27ad6bf60

SHA256
bcd4411e1102872d166277d9cdf2400a5799cfa7fdd96d249017f2c6e376634d

SHA512
632e2d1b6141613c339493e49061c02c387683742e55dc926aa9c99bf1df018ca8786af8f1b321753eba78fe9f19cc0c1c477b9bd83abf5f2a2c46631a541b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
a7f085862b5c552dce2216b30ad41993

SHA1
08051fc5a542b5719fca5586f07e6c330e119502

SHA256
0a3b3a22d947c238bf7c02902d79460789782aff8c1227628c0566df493b253e

SHA512
1d8095a76062dfc17946adbff8bfcf92d95c26a8d53a0785eb00dbcd884630d0135cd3e8ab9834133217a4da8c698d897dd73aa00bfd134500ee45031c8c42e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
3384373a1b08e25a9e7cc31fe6040299

SHA1
2f598663359ed65b65bf9e68fa4bf27a3bb1ff74

SHA256
895520e466487c19514f9ac1ea9c48bfb073054562d65512373ce177dcd8cf46

SHA512
db6e7ce3c8089d8ee7c7c56112c8dcb3917a93bca817f9dc1a73b4afc85900f6e001432a7d872529628773ab62f99c34d9c39ba9c0b2267f4b571a1c47906e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5864d0.TMP

Filesize
871B

MD5
760d3193c614899b241023925cb49ba1

SHA1
e11b4bff0564413791433cc93eb3f20bb94ad884

SHA256
d992542c5d9fed9c83339d1cb73669cc1920275d8ecbb253283ef2b94ba4040d

SHA512
cd1726bd2acb7152bc9b51d14a1a6c0d52420e09f42e09f5b1521df161dd9302590df53e9a609175db1ecd54e62fa7c4a94dcb2d48989e950e6b37e7e3912657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
233845c5d0b8d28a247cfa4ced69f629

SHA1
bb8feb7824b2e9818e71aa3b63c109346debee8b

SHA256
58f7bafc3ebf9c4529ee36e9fa806a7a5d7f988e6ea7735015036a6141fb0ded

SHA512
6af2a094ebb803b9d28fe927bbde0cbb86347880dd19a90d190d644c28296b10e820d3efbd2fabff1d6dfcdfc566ce222e69a7fdb0e24755c53248a5587300a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d5ce9228826c6f28c039800b1eee223

SHA1
be451ae0a48df897df7f995f97171a11c89107e7

SHA256
c79fad0edafb710ff6ac764e9aa7fc120be41bee24ea7d3e9cd6db3a3fbf9c6e

SHA512
11af9f6d6f74467fcd1a06904b1e6d69a4dcbec91e84bcf927cb11333103f3fbb27ee0c458a7affb2d38e8110a5198661340e8f7a0b0ed05d7041dc47a4c1b52

Download Submit
memory/2192-23-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/2192-21-0x0000029874AB0000-0x0000029874AE4000-memory.dmp

Filesize
208KB

Download
memory/2192-24-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/2192-20-0x0000029874620000-0x0000029874634000-memory.dmp

Filesize
80KB

Download
memory/2192-22-0x0000029876AE0000-0x0000029876B1E000-memory.dmp

Filesize
248KB

Download
memory/2192-772-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-13-0x00000268C5810000-0x00000268C5818000-memory.dmp

Filesize
32KB

Download
memory/4468-8-0x00000268C25C0000-0x00000268C25E2000-memory.dmp

Filesize
136KB

Download
memory/4468-12-0x00000268C58D0000-0x00000268C598A000-memory.dmp

Filesize
744KB

Download
memory/4468-11-0x00000268C2890000-0x00000268C28A6000-memory.dmp

Filesize
88KB

Download
memory/4468-1-0x00000268A7A10000-0x00000268A7D8A000-memory.dmp

Filesize
3.5MB

Download
memory/4468-14-0x00000268C50E0000-0x00000268C5118000-memory.dmp

Filesize
224KB

Download
memory/4468-10-0x00000268C2870000-0x00000268C288C000-memory.dmp

Filesize
112KB

Download
memory/4468-16-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-9-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-15-0x00000268C50B0000-0x00000268C50BE000-memory.dmp

Filesize
56KB

Download
memory/4468-7-0x00000268A9AA0000-0x00000268A9AAE000-memory.dmp

Filesize
56KB

Download
memory/4468-6-0x00000268A9A90000-0x00000268A9A98000-memory.dmp

Filesize
32KB

Download
memory/4468-5-0x00000268C2540000-0x00000268C2566000-memory.dmp

Filesize
152KB

Download
memory/4468-4-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-18-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-3-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-2-0x00000268C2500000-0x00000268C253E000-memory.dmp

Filesize
248KB

Download
memory/4468-0-0x00007FFD36B13000-0x00007FFD36B15000-memory.dmp

Filesize
8KB

Download
memory/4468-771-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download
memory/4468-19-0x00007FFD36B10000-0x00007FFD375D2000-memory.dmp

Filesize
10.8MB

Download