lumma | hxxps://github[.]com/returnrqt/fishstrap/releases/tag/2[.]8[.]1[.]5

Analysis

max time kernel
712s
max time network
710s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-01-2025 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/returnrqt/fishstrap/releases/tag/2.8.1.5

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://letterdrive.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
20	camo.githubusercontent.com

Suspicious use of SetThreadContext 20 IoCs

description	pid	Process	procid_target
PID 2440 set thread context of 3604	2440	Wave.exe	102
PID 2440 set thread context of 1952	2440	Wave.exe	103
PID 1784 set thread context of 4916	1784	Wave.exe	111
PID 1784 set thread context of 3656	1784	Wave.exe	112
PID 1232 set thread context of 1236	1232	Wave.exe	118
PID 1232 set thread context of 496	1232	Wave.exe	119
PID 4024 set thread context of 4672	4024	Wave.exe	126
PID 4024 set thread context of 3140	4024	Wave.exe	127
PID 4796 set thread context of 4852	4796	Wave.exe	132
PID 4796 set thread context of 2536	4796	Wave.exe	133
PID 2108 set thread context of 5508	2108	Wave.exe	177
PID 2108 set thread context of 5840	2108	Wave.exe	178
PID 4456 set thread context of 3628	4456	Wave.exe	184
PID 4456 set thread context of 2084	4456	Wave.exe	185
PID 992 set thread context of 5340	992	Wave.exe	190
PID 992 set thread context of 5280	992	Wave.exe	192
PID 2988 set thread context of 3852	2988	Wave.exe	197
PID 2988 set thread context of 5404	2988	Wave.exe	198
PID 4476 set thread context of 3196	4476	Wave.exe	204
PID 4476 set thread context of 1944	4476	Wave.exe	205

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 10 IoCs

pid	pid_target	Process	procid_target
3216	2440	WerFault.exe	97
4928	1784	WerFault.exe	108
4692	1232	WerFault.exe	116
3976	4024	WerFault.exe	124
3668	4796	WerFault.exe	130
5132	2108	WerFault.exe	175
5232	4456	WerFault.exe	182
5560	992	WerFault.exe	188
5464	2988	WerFault.exe	195
3840	4476	WerFault.exe	201

System Location Discovery: System Language Discovery 1 TTPs 31 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lua.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Wave.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\偅넵Ḁ谀耠	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\md_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\偅넵Ḁ谀耠\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\md_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Wave.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Carbon-Executor-Download.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Codex-Roblox-Download.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Software.zip:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
3772	NOTEPAD.EXE
1608	NOTEPAD.EXE
5464	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3868	msedge.exe
3868	msedge.exe
4032	msedge.exe
4032	msedge.exe
492	identity_helper.exe
492	identity_helper.exe
3180	msedge.exe
3180	msedge.exe
724	msedge.exe
724	msedge.exe
2584	msedge.exe
2584	msedge.exe
3388	msedge.exe
3388	msedge.exe
3744	msedge.exe
3744	msedge.exe
3736	identity_helper.exe
3736	identity_helper.exe
2848	msedge.exe
2848	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
4112	msedge.exe
4112	msedge.exe
6084	msedge.exe
6084	msedge.exe
2568	msedge.exe
2568	msedge.exe
4328	msedge.exe
4328	msedge.exe
2084	identity_helper.exe
2084	identity_helper.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
2844	msedge.exe
2844	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3512	OpenWith.exe
2616	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1016	firefox.exe
Token: SeDebugPrivilege	1016	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe
6084	msedge.exe

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
4372	MiniSearchHost.exe
3656	OpenWith.exe
3512	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
2616	OpenWith.exe
1016	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4032 wrote to memory of 3740	4032	msedge.exe	79
PID 4032 wrote to memory of 3740	4032	msedge.exe	79
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 1560	4032	msedge.exe	80
PID 4032 wrote to memory of 3868	4032	msedge.exe	81
PID 4032 wrote to memory of 3868	4032	msedge.exe	81
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82
PID 4032 wrote to memory of 1384	4032	msedge.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/returnrqt/fishstrap/releases/tag/2.8.1.5
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc19bb3cb8,0x7ffc19bb3cc8,0x7ffc19bb3cd8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,13587122348167073692,13510611951949801742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
  2⤵
  PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4216

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2440
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  PID:2276
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3604
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 844
  2⤵
  - Program crash
  PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2440 -ip 2440
1⤵
PID:2456

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1784
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  PID:3348
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4916
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 820
  2⤵
  - Program crash
  PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1784 -ip 1784
1⤵
PID:888

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4372

C:\Users\Admin\Downloads\Wave\Wave.exe
"C:\Users\Admin\Downloads\Wave\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1232
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1236
- C:\Users\Admin\Downloads\Wave\Wave.exe
  "C:\Users\Admin\Downloads\Wave\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:496
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 152
  2⤵
  - Program crash
  PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1232 -ip 1232
1⤵
PID:1212

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4024
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4672
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 828
  2⤵
  - Program crash
  PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4024 -ip 4024
1⤵
PID:5096

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4796
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4852
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 160
  2⤵
  - Program crash
  PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4796 -ip 4796
1⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc19bb3cb8,0x7ffc19bb3cc8,0x7ffc19bb3cd8
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,16314815963635600092,11905009584914133859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2472

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Carbon-Executor-Download\Carbon-Executor-Download\READM.txt
1⤵
PID:2904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2616
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_Codex-Roblox-Download.zip\Codex-Roblox-Download\README.md"
  2⤵
  PID:428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Temp1_Codex-Roblox-Download.zip\Codex-Roblox-Download\README.md
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1848 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd443d96-9e46-4b59-aeb1-ec681cfe686f} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" gpu
      4⤵
      PID:4024
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7159f6b3-f50e-42f5-90d8-afa465f81fe9} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" socket
      4⤵
      Checks processor information in registry
      PID:776
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 2652 -prefMapHandle 2724 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d309bc8-86f3-4095-a1ef-1d8dfe518b57} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" tab
      4⤵
      PID:2752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3432 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9af4e80-e63d-4028-90c1-e5fb7ebe8806} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" tab
      4⤵
      PID:2232
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4724 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4716 -prefMapHandle 4712 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {622cc0d7-d86d-4581-8839-8f93ddbbbea4} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" utility
      4⤵
      Checks processor information in registry
      PID:3736
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 4520 -prefMapHandle 5348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {944d164b-94ab-4412-b816-7599b4bc48b7} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" tab
      4⤵
      PID:3708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5392 -prefMapHandle 5356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {095a33c9-7aef-47ce-962d-356535a0fb7b} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" tab
      4⤵
      PID:2400
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 5 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ba15d7-da12-4d30-b4a3-ff03d6e86c26} 1016 "\\.\pipe\gecko-crash-server-pipe.1016" tab
      4⤵
      PID:1484

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2108
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5508
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 784
  2⤵
  - Program crash
  PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2108 -ip 2108
1⤵
PID:6100

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4456
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3628
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2084
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 164
  2⤵
  - Program crash
  PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4456 -ip 4456
1⤵
PID:5216

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:992
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5340
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  PID:5308
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5280
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 784
  2⤵
  - Program crash
  PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 992 -ip 992
1⤵
PID:5676

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2988
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3852
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 148
  2⤵
  - Program crash
  PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2988 -ip 2988
1⤵
PID:5452

C:\Users\Admin\Desktop\Wave.exe
"C:\Users\Admin\Desktop\Wave.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4476
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  PID:5884
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3196
- C:\Users\Admin\Desktop\Wave.exe
  "C:\Users\Admin\Desktop\Wave.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 800
  2⤵
  - Program crash
  PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4476 -ip 4476
1⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc19bb3cb8,0x7ffc19bb3cc8,0x7ffc19bb3cd8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,16628845277130869264,3320178270386470672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4152

C:\Users\Admin\Downloads\Software\lua.exe
"C:\Users\Admin\Downloads\Software\lua.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2504

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software\Launcher.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3772

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software\icon.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1608

C:\Users\Admin\Downloads\Software\lua.exe
"C:\Users\Admin\Downloads\Software\lua.exe"
1⤵
PID:4304

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software\icon.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7711c717-ac4a-4f80-8b42-1e057a9b6a54.tmp

Filesize
10KB

MD5
32d4d5654a78b87927ca87cb697ee6f6

SHA1
3a95c652804e7956d3bcf4cf2b2c504c802d4ea8

SHA256
890631a4f4b597bead9ff0440c279b43d28be62fab3d0da910522745ba8b35d2

SHA512
0c1ec1204e9a69dff3572ba35a7e5cdf3e03f82ce87ce6b54b2e67115840972bbfa862479910e5da5ba842b02ed7615433890f7dfb16fe699eb0f4a1ba7fe8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5782eef5aa06a9c50c3201eb6df3e64c

SHA1
99acb23f6298ffeaf79aa25e6a122e0bfd674081

SHA256
285fd35c9cc308a827eb983dcbc3ff74cb009838f499cbf09edc8b6aa4501966

SHA512
b8e5c446a3e508e4013efbca1549571260562af6d80f70f83d7210c507024eaf3cc6c06e974517824d2bbdfe6e24951a52bb9ae46b3592243c80cd45d3298c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9bf61777e09c1d009e81dfd16a7873a

SHA1
d97beaa86eb7dea94c51b0e31db3fa574b664602

SHA256
0e1a5d6520f10bc879871f849d04d290639109b6c46da0bf6bc679d2e444e726

SHA512
b0c59ce6cfa0a2041c9607b968e7bb0ae94a24ee34a92a4778b268f42454f76c92839ba7cb13d36560b0111962b5eaf19b95732d7011bcb9eb7dd9a28e527086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2bacef941a59fd9cc2cfc0213b422f87

SHA1
ae80e327a07c7639a0855e5e31dc7ae59e252902

SHA256
844c33fe1cc6dbc0d66499c0faf09145079c0dffa1a88e5be6df977a723c71c4

SHA512
7acf8095dc50d630a1afd5c5e0d4f87cbd87f58298b054f2d9b1dd21514c292c6523e73d23b79f77795a8b370afaa7a070a5073365ad8f648720eccf2c3afbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
8655d9204d95d1a3f8d37397a444a60e

SHA1
6adf18b3405bc280326d67df89b8e1b83f5a6abc

SHA256
94b27356c376aba81e50037ee22761029d6d143e7066c40571d37569bc049e59

SHA512
bc675f90ada0a3849a7584841f759cf1b154b37a6f274c50512010fc968640dc0aa7e7ca378771f03413c064f800b8ac6975701dba4f5d246d23182928e0efb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f5ad08dae1756f1a070ad8c0285fe27d

SHA1
1e57bf1c690b56b2635e8fc6d1b93cbe9f78dd41

SHA256
c31033da30063cc7ede1d2bceb0fa45e496d171095547e489c99a5dae8e62263

SHA512
d8d19df4ab95695fa0d1f08ac0e41df3bc2263361be5753bd829ef4418074c7fc25bb3db2fb9d9bce67c21005ec7e1d9369b2c924d0594087dee33a85a39c12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
6f60dd95b21680429b122e48c1558272

SHA1
1e317b91c599924937a4ad1a6d4f323c698ec315

SHA256
f52d47740322639ab9abf0b6199dfde2aaa2cd9d27ceb0dc84664de04c5f72af

SHA512
d6a63ab0205c17965fa7a8075fecfbc1f48b43ef99d2587b4821c2ae72bd999be9701fb04ea4f27e7d646cf374d67c0b82a617076863fe3c91cf146373cb752c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
69d69970f9cb9758337d57f96699dc1f

SHA1
08e848549605f75b888187e6d72b06a7370524ae

SHA256
a06377d81a9738a8183a22aa44b399ad314e533c27a5d795894367c772f01e39

SHA512
5889bb51241a704d767574716093f0f0afc44397f5f29083c93250a36084fb9770670f4db1aed429e67467439c4488f2313fd79b128e67d658700ddf9f69768b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
35KB

MD5
fdc19ca7f00639fe8538a204d0c75bf4

SHA1
2d09d5fa5dd59a2cc659f892bac43bd7b8538308

SHA256
cffb9bd23dbe0341fb2e157e6e34bb88b47ae5fc26f8a27a78048bdef71e6fc3

SHA512
ca8a2871353dec5c1dcb9c0905d25d57d6f453212ed2698c29332ac05ef246a763d65851871e9929813e6f8b0f22f7446e4bfa56adc2ecbd65476bcfb780f2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
18KB

MD5
7d54dd3fa3c51a1609e97e814ed449a0

SHA1
860bdd97dcd771d4ce96662a85c9328f95b17639

SHA256
7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247

SHA512
17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19316cbd92854052_0

Filesize
12KB

MD5
358a78721bf3d3c14b99cc2cd5f55efd

SHA1
c68df84ab90a1dc4c76b6cf45d7e3829c948107b

SHA256
fee1395d0d6fc94c93db7bf2ebda3432b6787ae2a29a15bbaf4cce6f18a1b2cb

SHA512
d8d1922d76b5f70c296df95bdc35ea7a240c18cab842cff56c6d45a055421d53849fbbac37577b0fd97135873b6e9d48e6c608aac575247c1c1de4c75b4c7df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\312a31eae77aa9ec_0

Filesize
2KB

MD5
7d290c5b3fe256e67c13ffddc8b89a58

SHA1
5053abc8dd37997f6c32929db9f33e7dc5e146a3

SHA256
a5fb39e13ab50f3e6323028aab94cd6c42dbb606042dcee62c8436e91939f79f

SHA512
ab73f9f3b047dfb982a2543eebe63177e3da9b7b7f1d91a5cb1795ff68ce9823fbdc2fdb06c7de19427be9b4deae1940d7244e6c12cb23460140fc8b115a6cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5123cd40cd30b29e_0

Filesize
1KB

MD5
27e497310f28dc0babdc551998f6e32e

SHA1
40f8f4e2b84a33d2eb4d544501783b637b646474

SHA256
e185056bd70af0e78d118e39f07a7fafe84fb7bb8859844281d4d8197b6b52d6

SHA512
5e514ec3379231a3d5ce7902af9136d15d09335978b840cc13d7b2508d8e84197953c39022cec883372a651455112fe1ea4caaf42944e78b2cb673653d2dba20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\769c061e8cd16503_0

Filesize
1KB

MD5
053f8c87c4585bde09b20dec79b98512

SHA1
5c3b68f24963f82e5960bc422cb2d9ebe4317112

SHA256
eddb194c762ff7e79c500b0457903a43c111ae7e74dce1d8ec63c8ed0558fa4a

SHA512
1bd08f2d6c466c2b4bcc36487dc820538cd7f870acfc2670511ff3af3659c1c8e3bdb3e532d8a19750b49d3eda7a317518a6e83c47b2f3f01911d80c274ecab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7453820c35f296f_0

Filesize
5KB

MD5
70d18daeb7223eb36c0c7d2c0c7a811b

SHA1
f431025b2c7464ec3e580b7e4449765dc45e9e04

SHA256
66df8f74bde66403c22a1c0a68475d3d2ce1d0909a75f59aafc76e9234d60690

SHA512
321d224653a7713bd0648ef66d8745c122cf3fdea79a11f9402b8b139cfee70c47d6668359073631cdb1a03e60f786d4fe77e436c172f6e4027d2dfa42bd12e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e603bf1802f018fe_0

Filesize
1KB

MD5
572a4b543e41ae0e28d50ce2b1afa9e6

SHA1
f8eb20dfd202ef139828e37b4892d97e081bc515

SHA256
268a75c960ff31b97dcbe0c54ec0a9ce0c95fff786ed7a6e16cdc0b1664728ad

SHA512
571e64243b014369cc5a4725e77da2f756d753ed3301482a98a4132866b95f7f6a0d5614a5658bd12c2f95e16fa6e906b325792af2905e60d7dad387d7a3a6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
d8ae999c31a073052fdf357d2677596c

SHA1
a76b94cc9db069fcffb132840ad8431cb703c7c0

SHA256
73b17845ca75ef71400054534fc968e1514c4721618e5386ee7230659e584685

SHA512
00941619351d4343afdbd903309fd4472406592f40e4614ab2946b3e10b3f948e0afd33df4b98ac31237574a862f389cfa93abb4e515f0f7b0edd0f15c01edfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
075493a5df3e63005bfe3c6364b13560

SHA1
58928c71c1f965cc9bf50c458b354cba363e9b56

SHA256
65f6b93ac6dff03582156d4f0a2a9994d5f0c04e1437f6beed521e378b7e1092

SHA512
dc293024923dfbe3e0542774f136ac7e991c63c84204480aac39855e6c30ce5bf1f54b5a062c52dc3288765b2ff4c5b5e9c2f8ea19bc0ccc1d1b1a6d8e5e3bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
19a24d151251010af19ac1c1ca254e77

SHA1
e1849015bce331bb33ccac82a125f788921eef11

SHA256
3b3b530a54da3d9b782ebd5e01cd8b7780c974080ce9a9d3dd7b809772be21fd

SHA512
67c4a48dacd51528b218445588f660175c1d45f7c2f7cbc8b8411140df2b9464dbb543627d227fa38833a93a9041390158e7191608474bf855e9b5d19a38a5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f96afba00f7075be648c4335b75fb7e9

SHA1
5ee01b0431bd75cd3b37d6d09e3f812e5babe884

SHA256
24218aaf423cdd06be322db6debe7bdd14eadcae9f24399710ebf2cedabecac4

SHA512
e16f7bcdd816257d9a39de8bf81a0eb2d8d0aa13b63982bc240acb267ef0ef73a80a013be4fa4384c819279d4e7ecfa451c31b3b1422cb4f324c43cbba25757a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9eef1b8fe9fcc5c3544a78e8cba811a8

SHA1
cff68d341bfff112e8226426852c9dd3d38b320d

SHA256
749fa2559868f0914204879b02ecd63752fdb95cb7089ede4b92a027ddf6976f

SHA512
f796e30ffd05f0aac77d1cf264b75a0471237dcc0969c97da477032293383329ac7a7fb8eca3dac4b1cb5782e1196580800c101c80f79e2e45ce40401b73c44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
032ec0674c0ffd89c47c7afaf408752b

SHA1
91aa1d2a69e14f2ccb40edaf22f36ec7e09d66ef

SHA256
e85490c2b616cc4bc2b25699bb8a9b6a6049c4efb06b313c0df5e82bd59ea66b

SHA512
69e29273b3236f49fd173eeada0fd12dd2e0048daa2732c1777900cad36ab1f648830534f7e219de4c63a1bd5abea3a49ec4cbcce5e7aec1ef31f53a6ffba4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8dedf11dc13b4e16a3a7720387239148

SHA1
a86131944fc010a313a0625d5842be2491a0fb74

SHA256
71bd27d70331115e5ab20000b84e5fa05113d6216644f774a7e79b1db78ac6bb

SHA512
86b16a8350181cd69abf356c77a2a7448cea97e916dc8ece97d73ed117f84e7a15e831d35f4ae30060b34d55f6f40e5850c1058c70549fbcbde831f2c57889b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1937938f1bda2b04b515f95c96e8d3ea

SHA1
5c862dee594d0a2717a55fd964a80d797fdc8c27

SHA256
bce0d7becfbee230cb75740659cf8e140f49115bff13f0cb9ae74949cf5139ca

SHA512
4dcbffd3f65c94578501097f379013c538c3db165bcffa7bf4b92d7889b49b3fa1a64ddf15c9f98bc70dad270cc18ac7d9bd42e225d77a3da22e447b26bad468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b0d9cd36f391c7ae7b62439c30abe529

SHA1
82264e8aa34895de13be092d2dd2130cd3886a53

SHA256
4cb6cd8047ca048e4fcbab7964e6f7b9149239b6be990bff6478b3acbede5fcb

SHA512
748300322ac5de9a587950cfaf00adb1757e468ae29c909ddaf5ebb2d0d9d7baac49fb03bd9b41b5a951ecb1d62677f81d95c72c032cb67f36919fa858ab55ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cdb0c34525534cb0dcc48d4fb105672b

SHA1
3b21ace8bf0d1d20264d6675866f331977274866

SHA256
bf348460b3624cc81315c49d399dab1adf97d8f7a85413f22ce14262964000f5

SHA512
3a22109eedf2b7ee4e6f5230016cd71173dd8f571f89f1b394fd3ef2d09b110825a1c8fd77cbee18387bdc8686e99a9f5b5ec0907f66233f8be24d7a1082d9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
873a4ca144cb64fb778d06cafb8b8741

SHA1
15b1b33e326ff6dfc58185162423a8e198b42942

SHA256
fddd04a3d67e3b44b98a949bae63cfa10c140ba48009d4b2d410f3662a78b6a5

SHA512
785aae90d2711529601c892fe84a1bce895e07da1f1f37f0b97c68a5c580ddd13a2b8adfbd10645d672fa1dbaebfbf014ba0cdb0a9460fa5e98cbf9b0128e116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
644a82da22273fa460def103911e3f6b

SHA1
1fec3901a3e46ac7319125b75ee6913ff51e247a

SHA256
167bee3f90e1d6aee2d620639ed69e0de973e539ad24e7120d23a124eb7d8bba

SHA512
9a61a39f8aa0f240421416a5c5eea9bfeea42236279b7dcabdd828dbc7486f2d7ef4ef626f00bc5b865f396a765da4b44e5466db5a2eb65b132067636a209563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
b77a5a388280710a04fa03c4771b22b9

SHA1
5c381298109fbdf0dc18d909f732948082c80add

SHA256
f48e4bb76dcde919c828e042978c175c546360eda513db0e2d769de9ec23129d

SHA512
252494a01ded0d8f8ade76b0c7d9d01cab97a08f4ec997e571d24eee640e1ce1609cbecfd049b30d43079c99c464d170f8d506c86bc3e4113869fb4e78656023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ab11e25b9686b2167a069a14042989d2

SHA1
d4e9161d32050bcbd8650c4a0f24a672d57a9752

SHA256
a52960a97f794db61b863b7049773d77674adc81b6e22b1479bdab82031f0577

SHA512
2c5d4c807a0f81b9bed891afcab5bdd82e29f3a2b5e0830ba8d65a9899aed60974245177138a343cf8c924cd942850418c94b052f990d67a79674a5fca65ae6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f460e7c9fac26cad4df3e63dda9e83da

SHA1
3ec515483613d56a094c29f1d34e1c4babf1922a

SHA256
94505f796c7d86de43b55b92c90f39fe194711d68739f7ffca0b915e22e9c802

SHA512
966a630ba393deb667edab4b13f021383f9e38cb403e43e4ab1a9f6e816b6b17dca7c76cb4c582820ff2057014952c2a75a6240f0c011f5ac3b50fc904be050a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
23779ccc5fe9e329072e2bfdcae9402a

SHA1
ba130dff5414709b35b70ecd9f17eb1d1c6d875e

SHA256
3f60e69c41873b6453bc37b1a4c4a844f6f478be5226b6d278efa4fa26ecd4be

SHA512
10f603720c3d10639fa4999a5d690172f3adb03604b92c54834493bf980b33d00fb7f64d21d6afed0fc7e9b137d3af24b7e01233f0ee84d3a714c0dcdf62fdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
a26adb0505d99bdd10adacf930de81a6

SHA1
cecce659e85b42355faf9b2802f73820d8c76ce8

SHA256
158c362ec145ff26872615ad1653b95b9318e673dc6c8b1df852df108e830072

SHA512
16a809bf46335abc6b810c2be630309752d67a077817edd84c0f5d96361948062dfbaf769c061a90793e1cd44b0f3c951d343a5e70f96153587feda16aa68c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
7a021c1186360e209faba646bc40c73a

SHA1
c1505ab660088a8b3f78db5974117612c52347a3

SHA256
02fd307efa9baf8dcb3f4b62d807925f02a18f0447a8350199f82eaee29e1952

SHA512
eeb062e829e162762b58198b53b98dd683acf9e79f473cceddf2df193cde25d53e5c608d456eb576b3c4d9d58392f9bee5b46fc0d612b1eb75f52f61cb8ad43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
9KB

MD5
3f474e95f99613d1ae233e23cbce7eee

SHA1
197c71a4a1ce8d922861b9740d0a4acf3bd5104c

SHA256
1880471c52da4fb50a043035fae927e205ff4123f4a50a8945902d62e3a300e3

SHA512
782d45c672e0553733c9cabddb1398a5df701425839d1a1192772c6a1d37665b4a630e240778095aab3f67112908b226b851d96716b3acf145fe7c5db7afc794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
90bcf7cc409302742f006e3346e6df22

SHA1
45ec0e5c44e039668ebb6348178d5f20a72e47ae

SHA256
ab89f5681396c901920330c3b99a2bba01aa413e55bfd139d8763c8fdeb36483

SHA512
558c527abccb4fb1e569717c15c2f4494c22fc5df30c030974f4bad091f5ebff2e32c570308e330638bab1c7770195e35f1329184d46add702994fced744a3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
5022b10efc3c6d669ded7960cc594a19

SHA1
a79ad985b345f09f5f4f265ba1867800ab4d3be1

SHA256
a6c395932ed70d3a45247d91c6593b48d6d389a52aa806ad484aef62b63c8e53

SHA512
a496101a7c30b7205f91698eec23c53b52d80a24a2208f3184733b905fd34066163df9688e00856278fc536fd955bcb0d2c62f3561f28718e378a08754c53c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
8fe4aec1858a437c1612168fcf0be2a4

SHA1
4dfbf4e2a7e99c2ccda4309a097efe3c5b89f04c

SHA256
45abe4f1ac468854f6192acaa2ea5255a82f1cd3ec58b9443c3cfab5a2fa1df3

SHA512
3963c406617564c6a70b690ef9d8469b7492e68e2568b22f5cec86c91df1b69e58184057c200fe22542b446430582760ac142aee02bd81988c2865449a7dfee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
566B

MD5
99229caa9a0c2f659fb1a84ac60b7641

SHA1
ce0fbc586678d802ddbb6e6bd2f4cefae6d814f8

SHA256
bfdde7cabec561d00fa19a7c49c02e1b2896f7f11398237cdb2a52170c945d74

SHA512
ca9935ebcf13e408b074f5a40ed53acdcc9d2d1f416b3d51bdaab5d5a5c9aa38eee01ebdeb74ca8d94eda4c4256daaee29889379f5881f99b181657cf1f54767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
db1cff6bf9922a00eb898328960e81f4

SHA1
bd0c2449c2b2152dc22b54f8814ccdc09781f8a6

SHA256
f6aa734c6d1e28d0c360b8acf8e4e1c071483f9e9759102f0bac85478fdb0b99

SHA512
9079d8a037ea736478fa5eb42d44576649d48a11c280049c30bf836ffa01b3e2b9d509a6107e29c2ba3efae38803364110ff6fa033911a0df44e1f7125392225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8483085aee07f8a6730311a3dcaaa2d2

SHA1
b9fffaaa2f6507c4fcb79e7786d699136470d194

SHA256
ece5b7fbe3589acffb0ba2955bbc9d00012bd4de0a1217b9f356915c6a715ab7

SHA512
49191e4732639da86f95c99b9098b71d96a8d9788578507898c19eedfc6d7a84e97a6528c8b20a22d3b341fe3dcd7cc5cd376b4b3db8973b3c42602b43170677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4557183fceb024ce05d608203387a88

SHA1
896e11a8f9fa4057b62b69bc787e5ebd1c80bb26

SHA256
7ec50925a51914aa9ec776779c39e8ad6f17e0d253f0c824b906a60c27c91b7e

SHA512
1fe3283282ec64a9389e299e4497505dd88f221e035178f7722c680572c3b5beccd6cb638303258f771582cfebbc4cc51425a5114d8977ea7ba445a2ed8ecc2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df802c56c9e9dbed0104bb47e35086ce

SHA1
3ab02e97a8be3ebfdbd45993c7f794ac5eec92fe

SHA256
fa5a95ee481799245d3844c63f6f0583d40c0b1b4eba1439b997f90c6a4441c8

SHA512
7e13a3127d4633125d376bd5586e75005fc2fe44d1af7c6302d1817a4488b46fe93ad64c3224884001bed2bbd4ebd58a58b90ba7823ed99206f0d0051d7142b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3974f9eca590237bd3394b7f18806da

SHA1
ee855b85d13488910886c02efcace8b4386a70d2

SHA256
d2bccecbb3990ad427753ccd0636288499b1ab27dfdf78201e3650428b8bc830

SHA512
e84a6085661f8f9392a34e3cdedde18515615a613a195c051b409b7734d3b54e81150ae8b40d02e219af69d9d30b88fc9b079e2186cbae144cbf0809556f5015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf5d4fbbf4981c97bd9a0e58279ee275

SHA1
2fdc34b21ae419157f83f23a25a5a0172b089fc4

SHA256
cd8b253cd470fdc8da8dc9cca2893a4553d8bae072fda420916848ddceb129cc

SHA512
383d86cc3b45c337676cf8bd116817211f8961be321d7a583ac156c13818de3df830ff89e8a30c250392801845e04444c85b14e1871b169b748efe039281d708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c727a29c6a7756e85401022083a3cea5

SHA1
5fd5ae9529f75bb5c20866e280b19f4214bdea27

SHA256
0aca0a3e80d4f079c2f8ca58abc0bf1219e643fb9a3258c2d40c099b8dcb6088

SHA512
98012bc2fd7b35f79c406ff7dc70fee0b4412c378ef2ae983cbcbc2fdcabad60924fc8627c7ec9319b4ea4d0a97819fc73e50fedfbe70a0faeb4c9722d990d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32e046f6852a291fe621d9df174582bc

SHA1
086f881867d05649fb6658e86c174527c6c31e89

SHA256
95a1cc74c3977b370e1774cdb3ccd3a1e72c702dd31a89c97e1fbd31de7d65ff

SHA512
e45c769f45ea84a69b6ed2f6bf8fe5666a798bca40b82f6cb3d29845e3465892f7f17f26b03c1402827992dab1e3ee7fa7c5f637fa9676ca5f0119ddb1141305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abbc511c11f956c80af784a27b2c38cd

SHA1
accf1c05c5c05f4fa4bb68a17c19d26f7740b180

SHA256
9f0be7b1781680b2cf3b6e03af4218cf8573f3d72e603b6ef4a0cc3b2ac65fa8

SHA512
e6f3cdde8dbc8554762ac7c2b8f9d73abec9ff1911cdabcec6c9b8f2dc62104f297a8b5cad8a35eb023caf6f917e38909b856e04aceb9436155cd96433736e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fc17e7dd8080e8e22ea276240a05109

SHA1
4404d5c7bd802df05354887a3b3dd18d0b6d501e

SHA256
290549ab318f04729760cea4f49e1f1e763e06f5607842b3df64cf39d7b5fa4f

SHA512
8fefda0c221be63b0bd14b0bfec24815fcb6750ad70007d89924eb6c41290b9e0244ae2a576108c1b7ee01707c47a5bcb162099d1b16af1c0894d8c535fc3410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b80b5403f236965fdfdc868861f418d6

SHA1
c4d7067db6ac4125a9d699d909f3fb94e29d198d

SHA256
70ce1b43c4eeb41e2034de9e1d32f0ec69cb85f8267d5670f6968d0a29cbae0a

SHA512
bcf3c4982c0d5a5f1af7813e5d9aeeaa49e3627dd3b6aa53eeb8a9797926b3344785f375f178d963ffc907aefb5112f5f2f67e5fd9d5721e9e3e040e14974d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fd98e2240c73943f31207e48dc7ccdb

SHA1
8016ae1afa73dc892cd9472a86cf57ca66be159c

SHA256
4f69abe9dcff788c511f27bbc8f1b4d96cf6d5a3301512adff54b1b3983c11d2

SHA512
c39254842eca6658ba56574226f422e6084f891505f687e38fe2cb6fd85a2e4c5b02ad416520afd922c89c65c6c8cc6404d418a1fc20ea77faaba7fada5917c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d72ed2dc13853b540c25bc607b969fd1

SHA1
e344466357aef10c91fa59bfd2cac70b7b91e056

SHA256
7219e2215e663c4b416ebf2737ffc8c9e082e0b25acc9eb00ded6f3cda7833a9

SHA512
f3451903a937e0f0d3036425abc53192ad45fc275dddad30f7398c63bfb05d12a53a4177424598e44be202a4ec11ef8c7322d3583f38bb7335e3d96c94f292e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4b80b6af49c3be15ae3323e847a195c

SHA1
a22bf1e818f081233f15c3e32a327f0acbd1f6ad

SHA256
95aabcc25ac4b579415a5e6c766fd5fc6fff0bde27e29ea47824a37c422cfe8a

SHA512
b7b07c8c227a38b8438f715960b7ea2a01f54efe38c5bdc2260cb15838d927e37075f2ab28b631fe4598869a308532731f4e1bf4f014de4a8069ca0bea53f875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f74e0c6b0af91bac1ea5a494f9d8568f

SHA1
6074eb532183a9c7e9c2277a779cc83c9f21a88f

SHA256
6784d391d671630cd3c07322dd538cf4ffbd0fb3deefe36d93c14b2a8d99af74

SHA512
1296117b34f2505e3f2a6a81701430f3b4a2baa0ccf2aede9ca080e3b1ce579ae1112b036244ba67c8e557ed62b3e366c38981ca3fc62acf9e5cda8c1aa8984e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ba61e41f8088474b3bb3505b32c5abd

SHA1
e1354b13a0f9f4c93a34ac0444039dbc69b8fd04

SHA256
16c03641e06e3e9f54413f5f886281b75fea5d69b1beb483a52a5bdb49bf22db

SHA512
4fc7e76acca1ab186cea6590466a9ea0c118c36d683c6df4932a4b67e052933890b4d4a79c32389caba69eca7f6793badbf637ec236ebb3eca569294df0de45f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
797B

MD5
0d17896dab14943e1b062d52248d267f

SHA1
0269b49bb95080636492d8c86540d199098204f7

SHA256
fd8468aba8a63ba27e35d804b297c90734c1f50b84b90ac63cfe9982a7a70ba9

SHA512
901541629674c3a418fd13edd9d659eb20fd77e8f312b071f744cc9560d9496f1965fb587b64b43d650705c5915d0f8cb2ec1f2718d53adb6ee90d275734ac91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
5dc4af16eeb9b8f746e45732740dc8d4

SHA1
afe673f5a430a5201f16f9fc95229f90adc2e51d

SHA256
b5995f2a0b6d4f88c08cca2c20037bed8fc4e4196f2f20ae2ec14840ffe6ae9b

SHA512
650acf72308178b2052d02b86a49d2da19b1a25fb1698a1f71558b8fa837bf6cd6f3505054dae651e496fe25eedcd3959e87e8a654cc3155cb9e69e1ae7a3a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13380763737079003

Filesize
21KB

MD5
dd98e3819848f9ba02d221f17819b99f

SHA1
c03cb06811d267a5d1996f64472011c305ac6f5c

SHA256
b1ba0ff8df83d8130f8b4edde60c343518d877a87c9a3d12f4f07ba4c4a33583

SHA512
1024b890be6320780df71719b325dc0fb7a725c616f82ba57cec9c80ebf78bb926b1b9b9b679fcfa2ce6af6526d8f9f200e26e720fcbbb4611c811e569c6c0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380763737250003

Filesize
8KB

MD5
272a20a2efe5cc41dddb87f004ea0be4

SHA1
d772361934863c52c28a4a27439700e82f92be91

SHA256
dd1d3c41f5a6faadadf15d8df45a5c9e95e304c337a9a57cc4f4b7195f9a232e

SHA512
9f08bf4e61303e219af45a6b139e551ae48e3ff14dce044b5cc4708e31874a95fa9e4b3f4a91229fdcc38f5a6d1951b8201c5277b3cf76545275d5168861d485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a9d0b08ee45de72eaeca5ab263f44183

SHA1
0ab87a74c0c9f87d94a7a7b214f06d5bef45bbe3

SHA256
95e50b69f319282ef27742018d134eac40803b9c38f22480d02dcae98023ed35

SHA512
f54f79b4dc61a1768499da803a688dba7a1d61b226023f1a2515ddea4a4ea5864dc0a70e8f475aa3ddbe1db4133dfa0370d01a924681eef80314b486686cb598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
09cc21162aab1073fde25e6ee6820e9c

SHA1
df420331403e2ea1530f49183fe5ef98f1395e00

SHA256
4fc383d532c3ab0dfdea2eb3570c3698c6597469a9b63a4ae22ec3a486be7de0

SHA512
d24c78dc712d66afc566705782a42b1f4d644d173142d2bb857ddb517e026e3498fe1e344efccb017328e53a4602441b5e0c734c9fcb78872741c9325af049d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ce07f56f2d13bc3a05d8b7ee07effe71

SHA1
937a99a0588c05e7e785eb1f050fddc303b752e1

SHA256
def688c9d626d054c454f9ab81c3ad9065b446083935db1fef09485256130637

SHA512
47fe77c441d5f80eb1de8eec62a42faed3e09b6c68386fa1ca83da78861883fb116ed9f5db04f2f776e5a8c6e3efa4df3008ae7a2d852c906a89da67ab9299bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9465b0a4d9dbb3a55a6b6d74036a90e7

SHA1
f9da52d31879cf8cca7f8f10ff3ee062ada007f9

SHA256
807fbc7cae8a6f604564d2be5a526f9fe37c0614e2bd24441ddc309ac8f6f7fc

SHA512
b1aea2bed85ea0b769648c2b7401536d95a0d661156c66caf9515bac442d9ba4089370feb7b4bdf021dd38c5a3964dcf1d7df64aac291f883869c9b45b1e2dff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f92a7e2b53fdc0515c19ea85c99dd67

SHA1
49cab68948c6b94d937102a34d067ee480d959a7

SHA256
31fcd718c7259b384b187917ef1ef9ce78dd3dd0c131e8533f05d3bc002d2afd

SHA512
adb3f1bd1105a6088ba7c002106559b664f78fc37eae4cd3c422d223c9e081cadbb328d644b99793b6a3e4921a9d993f6b131d65bd23e4fb0719a38784982464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0693152f90d3e8a0387a597324c0e824

SHA1
e081c40fa7901fdf42394e4e9465d085f1ad9435

SHA256
2b2f346efc52aa9d0f38efa35f16ae0e3261b0c2815287b1e5e4174f46745caa

SHA512
d15df5127a96283629b3529218fa8aa4d64db1893b30f2235a5afa11d86739417c0800edd7ee5c729440a9992b417cadaec65c78cbd9a03465666b0f0688fcf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
78321309728fbec3dfd542f3c194a6a7

SHA1
e7d6ffe8ef621cd23a4942326caaa2cf4fa9b852

SHA256
59580a5b61ed807f57dad7504f3de9f23527e847ee56dc4cbace47753c2e6fee

SHA512
0c7efcf832f94e9d80c28d93f8e56ee0b75ff9b29ff680f70b3aefdc093b0a6a4d43dd388e636472b874fdf9f5b15a8d5de1781a24d7a91721aecd27f0171b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e4f289c700f94fe5de6c14d6ea8f92d4

SHA1
71faefd40f34646dd8ff763e03afa95409a2b62f

SHA256
f69fee81a58c9b2e9e528f9946dd15fee7347add77f78ce4e077ec4a1a16a8d6

SHA512
26a27d25dd43f9a5d2ee888f9fb0ccb3560efe799a412493d57f8c868eb73312b74f86562d768f859666556cdcc8d3d44da4629eadc65376e016ad59360f8114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11828b62390acb1d38d445d79be5617e

SHA1
0c3a5c96f65a3b5230a01125e9ed585b029fff10

SHA256
36855db025a1af3caeeedba65f918038bb967679d797e8227206bee68efb0cfd

SHA512
fdd6eafd56ccac89e9b51448b8db159df9fcdadeafe95de8976a4dd8538eca51ec69cd4686d960e819fa8a542e9927258612259597e37d1c05a81e59dcdb779c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
187a942e20f488a37f59b5f20b700725

SHA1
29c363df7cd3297476bd8e9791972a63ae11945b

SHA256
df6b67b297708b781968de90f455b1a9bba7180149b03ae382fcda6073e377ea

SHA512
885523d2d08803b2f2e39bbd9ec45c561753bb51e57522cd18feed4f36dbcffcc84c6a640fd552fa10a0920f0a776a5df1c81a4a1bdd7e94737e9f7dfeaac3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
645401db77f60454a8d75519b9efc58a

SHA1
e0aba03cd172290ebf04955c3403eb326314cd5b

SHA256
9b6cb4ce2c0f62d49fceb8352488bfdf50b6d16d94a7ff76597fe2289a639755

SHA512
9e2637a56bcb15b904c3e4f0b83a8c70e755ce30d7b9298b573b748ece5fd6337e116203de1ae080e4d49e514aaf1c4c205ce347a42f437de4e9e0a006adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f08e2941a74d8b59e23a5a23e6e7f052

SHA1
18a232514aaf4bcd25a13b6d4deac4213339a827

SHA256
ebff56d8b2cccc581b0b91da7115fa19b2626c61b82691940b89e5c7282a8603

SHA512
9eb16274323f78dbab46677a51e6d6f0589429ad23bb99c8f571aa59f9bf6d0391c655ec20f22c03bdddceb02824060e7da142e277aea8a1a645145a0a8ae3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
036b27c3332382e060d7bf86de1b7210

SHA1
bf9fdaa42e79c7cc2f2614a1861524716fb9c091

SHA256
8a69723accb0b2fad53a4459f7d49246c434d3e1073215923bd89901b77cdb63

SHA512
8a83d31864758f864ffb2ac66f74a6d2d280a1f375bb3195ce5423e3a4b03f2be7ea7fea753ef3b45fba4279e9d1e8536ab264c96d01c23f77212463abe67bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
290d791fb8005a95d16efa484c5d1643

SHA1
ce909ec2eb954ab60b3b5f8e60170976cc7d1b90

SHA256
516b2da1dca954d724c84de1a5a44b32b66bf0ce860007e57652be72b0521917

SHA512
e52a15bcc2f99436c9a6fd8fa7014b959d070b4f3a07ad685b33cd004bef8775cac55a5d234a8ec061cd4ced661a0f0b57b7bcf6af7e2a3f4c83dcd2068c5290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7585c5e6132cbcf2a90817762765d9f

SHA1
0b95bca048a8021a69a709769b5a25b518190fcf

SHA256
ff6fa1805ed6dc4787987bd41af8de814408dc81d3e9de4e7a3f424c0a0ddb28

SHA512
ab6844f33a4e7d76df06c7aed7ad9a0e69748844fab71a692d5515c824d5cc3791abdc3d83ec27547c75ab471664a7ea7608c1867d37c5c46c67456bf3dec9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd0b669c2cf6fc218a0af8d2a3ed3e63

SHA1
b431c95478ab083f3253304028f835f36ef8fda8

SHA256
1423932c50c6545f24a8b7548d11763a47c52602f79a46e4850235a7da00fb00

SHA512
fd75dcf5f874aa0f997b133438acf845f0baa081dc063f84aeb91f71165bbe92ff15ec11138935b265aed28b2e06ee92c82baffff853b359d8869bd7414397c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2ee30961f1a527bbb1c32dc5ae5b4d9

SHA1
2a3d6c57aa6141c55e7399cb9603852769c5003a

SHA256
1594a42a9e7530d41e6cfb60bac4f2621831420f16d40025b4670edf3d681b0b

SHA512
549cf02e00e54efaf449db14e8673b80487c648e059b959bfcc8c7d989732f57099feaa0fea09d5eaec8b69a25b5f7477108bf0bc86a361150201ee2d0649095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b82a96f51cb04c6c46f5091ca17242e7

SHA1
2c843a7a30a9982f5a8a350f51e443f68a4e5330

SHA256
e5dfde79a0686724cba75bb306d209336cba4c4287276e2d7e9f5f7c6f5f3574

SHA512
5443b5ee7811afd24f2ddfce7b7d627323f6fdb4de7f6e8907d44e964ee7ebaf19527ee9d5ccbc0a5e6e12b599072432b9d161a3e85b84b7b5b8e21cb32e44f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e48fe46f77ec57a1fb05c5e9e846de8

SHA1
7dd8340a628be1b8b1b07995186204e7d2c18c57

SHA256
56db4f242b0fe8b77106bf6c346a16d0c4b2a823a24def8c2e4e308dcae72c27

SHA512
d44e9c44cd53f5b98ba0ea9e6c0ba768420567587021f18a6bce5e067e00af52ba6033ea3f5d28a76da3ac06918e53110f45b759fcfac16c19d35486a6ed041d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff5b30ab31b3174ac9a47636745939c1

SHA1
482d36effe0bc5530a8449fd5a260cc2d7285e3b

SHA256
b952088fe68bca1cc6b5ed80ada2b7067b94d980677095f3da02556b2a3f1c46

SHA512
c95d04e57b3abbe9e2aeabe899b56c0f38c7ad59e32da72415898c1a49eac24866d8dd1af3bcf78f5fc6bd23a74baaac4a22ed2b158b55645195f4226932b56c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2d590eb7c476303640bf21611b65ff7

SHA1
b5552610969f48cd66f123b4f53630b8e8587f2a

SHA256
302382c1e165cfe36188e58cf085f6d56b12ba1c93c48cca7ce840e0344603cb

SHA512
517ca29a7f01715dc04e82f11f52324e2c0c0cf53123854c357b5252e6e544e003b3493d36b9adbda00f36bac6b68754ca081f56f49ef1f9b346e611d671984b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e7a0712aee5e644c71fd53cc999ed9c3

SHA1
d4e270cd71c8016d7b96fc23411feb15eb79516a

SHA256
3893129d41c4e6033446147dae5df4768f13da22293816c35517ab6a5eb6bc8a

SHA512
9bbf80800656f96edd5653b14755c5c56355fbd93bc56d7e154c31ef8e19ffc2dc6d13f0282ac759bdaa3205b03cccbabffc2baa526eafc4cdbfa3b30a4eed76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f705bc216fc83e0ab2d10f74e326e4a

SHA1
db10f8780e273a0e9e1ef828e029956d313b66c9

SHA256
0d808e815d10bdcd43ec7f237be4d4f346e906594ead6096f63214a1e8b7f6ef

SHA512
0f007716f7375c57d5b529c403b2124b28084b29eeff7e3a362e195f242325ded790ca588a05492199993c3a611d2afe0d6ac8eea4be64b946da3afb864de2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c45de293a088cb1fa315dd2c7709e2e0

SHA1
25a45899bd6e8f3ac5a6224fa30e8743221e8e55

SHA256
c16978604fcb34f012abc7fc8a2d87c61f0f3553e5200ef0680fb4cb3a99a19a

SHA512
7273d5191abe5e941826b94b511328763df1eae7406aa0ddd42263f9fa459622a63a3b8a2d82224ee9be62359f5004271729595f06637d87c1f1d1584b7d9ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
90eb4d23a16627cf3b1381b819a11c41

SHA1
b3ac2b42953d4d3c81c3c4e6b81984f973d2cea6

SHA256
b955ac2fc9c2225e6ed42b5fa72a649f60a0b09c0226666b730d4161b0e0bc07

SHA512
24fa50e2d83fdb99c2559994de95bd7994409260887657e80877e94662e72401c7ce548477aaea34656e4a06ec8174a239fd7988fbcbb18e5d3d1706579d2f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a67431dfa9c2c26d19b46b0fd4ad1fd1

SHA1
104b644dcabf576541355c97db06a873c1b69d37

SHA256
810d3d62ebd0046dbaec782f1a97098ad967a03afda67875142cc23d9a3bb972

SHA512
b41525facc2ec4e1753fef0094b9928e0c9248470c7e4bc0318616cc748b200801477cfe256aec1a0fb78b8388741485404f1f1e33c342fcf277b48a625fca80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37943f3c79b1eee7d130761e5c807f2e

SHA1
98b8e5e3b7029dcdb768c883e2d74ff0aaada927

SHA256
593fd46be50bc8fdb43ee3120e37f06a26cbe00bddfe473396028a8821e982e8

SHA512
e212863151a801e3c8a37fad98ec00464121b1888dc13e014eff7f83b48dc03b39b7e436e91ad6f6b6ef8d8b94ee7b7a500925a9aa3ceae6d950f2accd7006f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d1d5f23a3553904a3f1b648ce19fd9a

SHA1
19798643662b5de65c057cc7d1a5af6ec58c38a1

SHA256
784a6c12d0a040138429de0cf00b5ed295a69c99e221aec8081b3cbdcc823a47

SHA512
eb72b8ff58e2e5da179d3d590e4ffe614fed4b22039994286eef1cc97a573f5dd5e998d062eca7344edbf5de3a5252e9d3268656ca2e47aaf37f7ead7a505486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07dbc14879fc5ac24ac6937a373eb44c

SHA1
052826c0fcae91c176677a7a40e84ac7f12efa00

SHA256
988cc5bbf9ff2c001696f76e9c08f40cfaa6ef746555203a0a5ab7f6f976f75b

SHA512
90d98f0a78edf5eaa6f7503a1933dc0b0d5ae118d699c4d4c5833dff9771cd4c4ed5fd5783441d127fc75386a80fc05074befc324f3bbc6a59597e65d2baf5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c66da88387cf5568bd0a137b87cd92a

SHA1
5ffc979a709707596b713bd4debda4b79119d11b

SHA256
dacdd8fe5e4d87bb902c4fc7ddd50c3bcc840d8426c78721f6e2256ad8e562d2

SHA512
b6ca4d5930b05ec0af20cae1c8a6b26bf2ada3cc4b120d7f0a914440543970fc66ee859e807ad9b6ad0e338e3737e7ca6ac261efbe549de98640d8c481aa43a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bdbd7c05af051b4403dcea58071ac848

SHA1
17fb6ebd8868c2e08100cc13a594e1c5f1aec528

SHA256
c526600ca4813795f8bdc3d43c3c435799002d7aa6993f5f704fc6e8baa1f641

SHA512
f95693308c933cd6d938cd75880a698c1ab5a133b6bb1367585604c6b04a5562aa08e27f3e4a7eb74c3925065ffe27c3d953969c7fb029ea2bc41331bb864012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1560a3416e9aa4e0c33bcf72cef4648f

SHA1
e23bf60ac62b9a9b165785d995ec0b3d5c7babef

SHA256
3c58400e20b2195a32e44617104215f4667c0259d94c229e1b5eee108fe10fe4

SHA512
d01f5056d29810f13c6e30c3450c8f5ea9610473dfb55a333aae48688b70ea4dea89ab0cb3de5fee664d3e1c01101e20f3c5fcaec050e36938300e7eb9444b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d767b7fd31e9ddc282d3207c8672bff

SHA1
c0b0b2b8ccce675000b10dc5c52532a61a324c63

SHA256
6f2a999d9cce50a59231e30329ed5ff087c69655a4aef11bfbc5df32cd234426

SHA512
f4a74fc820fc36b40afda940342a0311d105c2b9b155bc58090e72b54ba262001f59258f320af4818b7b3d5dadba62c102fbec15dd43d0f80e19fbfe926da789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c42b.TMP

Filesize
874B

MD5
fd9827c386b9502445ab14e795cf4d4b

SHA1
4e2b00a32cc88f8b06b7bca88b0a06c16d957a19

SHA256
c0b9da318af046fdbfc385f6d5ad4884ae52476385f38bf45c49d57b3b2e382b

SHA512
42f6e2fa7be4edbd6e0ede37e0b8bc70cfabb023f843595c638100d231c5d118df8ece31162c9a3f4408e6f176e50d3f41d6595d09b93bf43172cea7ff3e2d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e7b4a43afd7e8570943de32a91f38ea8

SHA1
c88f515a3e6f23ae91080f19685440feecbcf196

SHA256
4b2a57837843e588a87a6d962ff14e436124c5b5df170d4b9eee2fd03cf6d150

SHA512
61b0e572b9d1206251d579a007a359a7b407825a9827046cd421c5fbfed72910b40b26f5a2667fd98711fa15805e9c8fabfdf3b6e4495a71f2eea68e13c1491b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e173d43b-77a5-4455-9975-765c1097cfba.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
fe1b4e1a819013f8d3daf9f384354595

SHA1
c57c1e91b53a56b4427ba6503cd289f5a2e7524a

SHA256
57d30bb2d07723c82092557c8aa0ea2eb232620cca4e25f3f67f45dce07707b6

SHA512
d34eda3833cf60eefdb5fb015c520a9cf2a88048bc7f41abd8d7f94911204a02d2c07580737925e6d82fcd393bbc7f07b064bfbc09a1b335196e7ad2400dca14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
d950d2cdb3aae7985b291d3afae0098f

SHA1
c1607cc0e54bce2232e31874315b8c00481e5e63

SHA256
8a55421d9ec35cb1c4aea5ba02d4319dc842193d5a6b7a74b1ad8c88838f7cf0

SHA512
56e7ab33e8e3ce6cf639cbfda48898eeb303aa36db6d4bedf030ab1911b0185b06f0b791226d89b67cbae42b12f55074f55f7fdc9ccba16d845f24b2eaf3cd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
e9f520fcc4279f4edc25d19edfa4dad3

SHA1
b8ef7364b005c6ee15e486b56d215df6952d8a76

SHA256
14e3efdb1d22b89f861ebd1b6b3b033c20c0c455b4ab7734eb02cb4788fd417f

SHA512
17cdbcf6ce23ac325382c612b7eef9d30cbcedfb87e08c1f0785d531ace702cb298ccc420cb3becfdd2c22257a8606b287aa86b071ff54adbdf3aeea536a4fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
a79b0aa502b15fa052f082d4a519bc72

SHA1
f9642158d5ba0079cadfb659a589a1a5f0edfcf2

SHA256
fd7ceb5a5aaa810d9315d29449319690d091d62398e867e22a8fbf2e857ecb5f

SHA512
82099dae5dcded05c6c4c05f1d53a907a32dd00083d15eef5340474023f7c328ac32a5f159afac053f47fb8ae94807402e2a26163f48963ea6266ddb0f9ab4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
31e56fd5206798e5b6821dc1e28fa3f3

SHA1
7ef41d40572f474f41b007baa26c9cceec746d49

SHA256
5261bd15ddb3ce5676be7f0bb9b6c1a5a77d319ef0097361457d7c7b58bcf588

SHA512
423467fdba3e2d71deeeaab1ea654d70c9ff06ac617438903416373e40e23202f9e3ecd7468e9b2a2ed1e4087c0bbd88db7fee175f8f09d49cd6ac2bc0578f6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8f5281d64ea6f4e032cfe7acc9271522

SHA1
439ab2af1cbd2d1df9d5a47cca1ec682be04d7ab

SHA256
b6e8fa1a2f7594b5d128c6ebfe74fe83d1b1ba26bffc67a2da6d5d45177bc510

SHA512
edddf78fed48998d03aaddc3c74f5d799cd82ebac8015b6ccb54c32f6898d964ceb961e43fb3e18fbad009f29ffd8747ba8261dab4c58ad808be6c73aa679203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6099339805814f9242135d3d3768b835

SHA1
9fb8ca85d25212fbfd397d63c10c01aaa99afbc4

SHA256
5540739e6663859efaea3b3b1385ba6b9ea43773d1f148252cb96dcaf2c292e1

SHA512
05b500e0f0464b49f9d51dc395d2809fb1c5528de9c420121b1e44b259a418ed800e6c02da537dcb255f922608bb24a3476fe6c53dfc87eb80c89e1ca2eabc62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
953f809802b6c79226c045cc10270331

SHA1
42952ebbaf637b82e708005b7d82fac834a62a6b

SHA256
4e06fadb1fc8ee9f8e6079aadd9b5c00c12ffd352ec3266f69a58e321a8989c4

SHA512
d223253cb3e92e89dc19178d9b29640b177ebe060a6d1fabfbb66cc7384053019536add42836a141b3f5f9bfac87c08346261530f30b98cfce0d96738383b3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58e69c219ae62f389bec229a4c5410f8

SHA1
c78e535ac88b0b419a73e679eba061e572f316bb

SHA256
91274237c7322d29c3996cc80cf4e8071f4916fb5dcbf9c9dc7c62fe33480b28

SHA512
6cde084d86b1b3563159aafe7777b99c151f0119a812e42fb7724c89a727ad35745ecc3050838993a09caf7cb20383813845bd427f0a57da5008fbaa0fd88f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50a7788f799cee2618dc05403b1a9b01

SHA1
24fff68fec62b1a3cf27f8545750d789ea7449a1

SHA256
b2c9ae28f54a380b0634ebea31b6bfc344c04a196ad26ac9a1c6e5c2899fd997

SHA512
eea3a640d653e5d1c56979fbb55474a794ced80b81150b6c770a778c07c789412d32eab8268a95ea95a80b0b6eb8956784da81438382835578620e1c341d78b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74a9f573225344391e5cdf52e7eb30fc

SHA1
ed2b27a2f3c20102aa489829f7daad030e40156d

SHA256
5de019275003bb4dd04f200a17977d29829a2df57ff0de182f9bd02793e45a4d

SHA512
d283bbd5a37665b953726ed5b8901ec44bc7ff5dc5e390c78ba9e28bc1c9848ec8152f92a7a954a30b0d558a4a1ed5d99912a21cd817b84898ba698b764eb84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8261868dd605222f8ed56b7fa4a26f83

SHA1
a496c59eacb0ccb0230f6cc393fcc3c331dfc7ce

SHA256
881b1c9fa28db3baa323bd57fdf6fdc94b9006ddf0926a22241dab641a4442ae

SHA512
17f1ab0b19237e8a04d68b32b550e94a386e7e1f6269039554cb650eabb8e5a5700708eeeceafe246dd26e10a2a3ebbcd29a87dd5d065d7ce48c6c8ce912afda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cb5309d668716bba1dc381ff7329a797

SHA1
8412a03e6ee067ebca16e3e09cb03194e092f1a5

SHA256
52b991b35da5fecbeff67f0d1e960827f7f8554268e08ee193de214668b1321e

SHA512
e0c62310a0220db3303d97312dbe86f73170c4b88bdffdedaa3b5a81e95d4a2d7be3f9bbe891b5a960e3c95b9f1bcd555375741d1cccdbb67a651e0988018ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e592c456342126394746fc58ccc985ac

SHA1
014f80d35fbba9e50a0f134392610f2178148acd

SHA256
3897c5efc7f083cedbec8614504e571c14a404f59c96e3f2eaefbc693be7bc95

SHA512
745af971c85b9c0e45096cff6806ce353e71067f084ffe219dbc3c43ef367c40f06c9e4492d3beaa56501b194644d162343a3e483897b425c6aee9022684cf1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b71f1ca96ef8f5a0b0f519e30d18742a

SHA1
626765474baaf8d4dda7ba4abc7392d4b5f64601

SHA256
9f99080ac89eef140a2557a7cf9e341959280cd439dc4bce66cfe7ab7a813c43

SHA512
4af9f5363638269ae814fa0880f86f7ab93e93263d716ea1f7c0d0f1ed43458e1a75baf497b206cfdf33cfed45ec209250165791719bc9ceb1e7eacad1ac2b84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
73d9f1aa8a74e4efbff84419ba2cb528

SHA1
86d9ef9fd3af7f41c0888ff11926af4d0087dd2c

SHA256
cf519d42c4cd8b3879abea6148b5e32b6c73a4f6d518b08d1aa0b1eba6c1cb0f

SHA512
11d920428057f2a13f5c1301ef140120262d5fcc0e1c8c6cdcf5deec766b3f7a4efb2f69cd63d2bb1588a0fbd792f89339d16b2fc2ceb2d237e4dbf239fc970e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eed640164203d0d0a2a1e7919a6fdbdf

SHA1
9af74121e090cf2970beee82d22ef4ebb886c0ae

SHA256
4ca7fe712b4322fdb497733e015f4ae4496d3998772a6c37305da3cbba3eb7ae

SHA512
1bf6de193ae00189525ea9a685bbe3dc7722eceb6ccfb83c70adc766b6301b4978abf73b2f8f41b865f1521925308e4f96285dca569e9c2b2c61e79db1100e3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9a6047ff1f7b7cffdd329d726847d04c

SHA1
52e84e6d18d8d8e280275756ab9247ed38838096

SHA256
259831d32ec43aa6b197b2f24f456b6c12dfe400ab7b4b1d949852138e2e0403

SHA512
58a1e9081670687c1d3de58dd8b247f50e3bb424fc745ca9901e6c2b88b9e179b71932d89b794f93e9599b9c40906a69fbc877ce2bd2063ad3d9134dfda8ed55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6a5575654789c77d84bee5be7810f651

SHA1
504547340cbc7282d094d5a98d0bc48be7588414

SHA256
830c31fd8bfa2bfe56eb9019ec111df3040f96533ff4a5579c49830476c53f49

SHA512
7cbe7cb572b5efc0589a3c8d67b7849ba1790ba2047db166d7c9ca5986f29ee49f768d23669ffc121004bafd3905cd7fb8c12adf5b7f9d2eacfc290a7478be04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b71942d14a08c73c53b79de90b47cdab

SHA1
d2f04a61fbe9cefd8087d42ec5721f488949fcf1

SHA256
727e04659ba53ac9a1c56b103dcc8ab43947bc9fd129db60fe19571c229ac9d6

SHA512
fdfa39a810f3820bf49a0a31c22bff763918ab05179808388547e1f4f2fb4d1a775cbf75f4c9e05fcf13a38f8da1ef70424663ae9b2a811c7f219fda9ebb01c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b0bf3158d596d37293d6bd353325d59c

SHA1
0e4117ae9b49a3cb8441e0ed46b038c1d7a49f01

SHA256
294c5868338191dfd754503607f390f871380513b748194ecccc9c21c703b32e

SHA512
e10209fdea24760625d32da13c16438a79f11c3cb4f0094f7a1cb065b304de167e8739bd43eefd0a50793b3be1b6d18b59c12ab8506f07efb6d188acb488cc6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\48fa80aa-c7d9-48db-b5e8-1e1406b993c7

Filesize
982B

MD5
3157dbd25651f0201e1e3f70120cf42b

SHA1
f862a625fac955e4392cf5c484e27bfa196cedbd

SHA256
6847d9f56bbd1fd554c2d0d72ff979f7e873d36a245c52be79ddfc80c515702a

SHA512
4617a5d197a1adedc957473a91dc394c7efc39dae14bbe3720050529f502260de24f95a34a9a60385f704724c15c33b54c4d8bf4915e827643b5b9d8633e0ea6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\56c39541-eeef-416d-93b6-94cf7363c96b

Filesize
25KB

MD5
5ce96edb7f75d1b4b650efa193b324fa

SHA1
b841ed4f6b7c56c6821255c4cddf06170364549d

SHA256
dc583fa56c38397c693925a2934966fd70aa5dd3a0d77c93974a2ef1754307a3

SHA512
f717b7eac3222d89cc4c76626008a0eaa9c3bd6e7fcdefc3479f9e253bf6d751a6e688d1f8cf84d6f4c3c52cb476a904d5063327254f16fda217481c5386a988

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\5981cc43-dcce-4fcd-b79b-460710f88c52

Filesize
671B

MD5
c2d604b196ffd04c2cef9489a450d6d2

SHA1
61ac68cbe9abd23c68714a0c138af3ede0a77929

SHA256
b44d369f99c3a5588c193ff6eda2c8c261ebe70c30c3bdefc1b711a72d52c77e

SHA512
435febfdc98085937d201b32ad93e36e1ca895dc99f3372a6e774b97399a8a4419554354d5a342ebced2cef46dd23cbfc100f9d3525ad5c23600d0d546e0fb7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
10KB

MD5
795758f1cce07054d1a9a14c5fcc33ef

SHA1
55e0b11abc8507a52d07df335ff20e1742881131

SHA256
b05d750d06ec1ef63c64f2f89c121eb64e48ae465bf39f0251b896e5778b2278

SHA512
1172985aa9ab40edd6db2bf5f4d2d518e7ec0bb9676b0a91a25b83ad903fbd1ae5010dccf8e57355b02d9de6fe432a585cb6895ebdf8dffc52764f12de7169e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

Filesize
11KB

MD5
db56b7f68639e3ae2d7810e3532f7b06

SHA1
8b3eb2bd0f21b75822bc2092dbc3f03ad79b914b

SHA256
71f262b77ae3b0d1fb7a6d39c14a1efbda0a29bc83991b678fc0fbcf09bd9c05

SHA512
6a9d251db0ccc0ac3f464350a835b630c2cf07e8945f11e8e633cb27d395e92b89bb11b1024929f67ab4788da014e1df207ef1e61f5aec338d0b7733ad457ddf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\Downloads\Software.zip

Filesize
908KB

MD5
6f676d2be92f94716a4be2b2b5f6392d

SHA1
2e9a27380b2ecd17729ba0b61bbd35d26952a3f7

SHA256
aefc0d264a6726fbbcfbb68385412b83d9928f0527813c543cb4f90d4920e419

SHA512
2b0911894b54245f9f9ddee3a2f1a06d9066031d0aef6f52baa0addcb165f42d2d0627235bcc6f79f29b144960357cbdbb2b43dccbab1a849551773c3cbbd788

Download Submit
C:\Users\Admin\Downloads\Wave.zip

Filesize
368KB

MD5
43de36b3f2f6d8a6bde356799776a0df

SHA1
94e9b3bbe3ae5d64524c3e1a675f96e6355e9e7e

SHA256
9d3b7c65f776a315a2a265a22b67771d14f1c9a2105c65676844030c73583d5b

SHA512
0e8ec7e8d09e1c144787d8a3182ade8ef66171614559b284e5687a4fefd51b0b5029c82d877d34e896351dca6d037ca44e0965fe4cc241fb614f59e512820c0d

Download Submit
C:\Users\Admin\Downloads\Wave.zip:Zone.Identifier

Filesize
604B

MD5
c1eef1ca972355faefd537064c466f6a

SHA1
a393618911d0bea2cf195885f98c4c91d9f11e94

SHA256
16d30f2559207566f4aa1311bdb7011a1c610ccf527e0a81287753f84e875317

SHA512
7cc47956330f59c9dcd8f0d22a0737426d05cc23b91f12fe8b63aca952d42f425d34e602b76561380e7a300c835ce81c47a531d0dd0fe6a97df5b7e82720abf0

Download Submit
memory/2440-304-0x00000000005A0000-0x00000000005FA000-memory.dmp

Filesize
360KB

Download
memory/2440-305-0x0000000005550000-0x0000000005AF6000-memory.dmp

Filesize
5.6MB

Download
memory/3604-307-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download
memory/3604-309-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download