lumma | 4d92578b8c66bec39e89c8f6401339a60285763f2543277a8192d9365b026ea5

Analysis

max time kernel
507s
max time network
509s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2025 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vail-vr-trainer.html
Size

85KB
MD5

485dfb58e1c3ba1b96766a68a0577c83
SHA1

20c523144397240616b4e843a35822c5f91adb8a
SHA256

4d92578b8c66bec39e89c8f6401339a60285763f2543277a8192d9365b026ea5
SHA512

3d5a71f76f311bc62eaa67c79c2ef22f5f3c355e138b17f7b4fab09ae6012df2f4bd8c6d5215b6db3edf5e70a9319a73e9533a51d4d1fb80d9d1798f8f742593
SSDEEP

1536:SqfapeXQ6ihUII7CMxL9II9yWxoO6CF29FCmd7P4bQy1PyhdygjAV63mMH0LCoxh:HSoWyCM1RyWqO6CF29FCmd7P4bQy1Pya

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://enthuasticsa.cyou/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://littlenotii.biz/api

https://marketlumpe.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 11 IoCs

pid	Process
2192	winrar-x64-701.exe
4456	winrar-x64-701.exe
636	winrar-x64-701.exe
5540	winrar-x64-701.exe
5668	7z2409-x64.exe
4524	7zFM.exe
1920	7zG.exe
4388	7zG.exe
5584	Set-up.exe
6120	Set-up.exe
5880	Set-up.exe

Loads dropped DLL 2 IoCs

pid	Process
1920	7zG.exe
4388	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2409-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 23 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 779937.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 837689.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4244	msedge.exe
4244	msedge.exe
4864	msedge.exe
4864	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
5912	msedge.exe
5912	msedge.exe
5912	msedge.exe
5912	msedge.exe
4856	msedge.exe
4856	msedge.exe
4312	msedge.exe
4312	msedge.exe
3504	msedge.exe
3504	msedge.exe
5836	msedge.exe
5836	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
5584	Set-up.exe
5584	Set-up.exe
6120	Set-up.exe
6120	Set-up.exe
5880	Set-up.exe
5880	Set-up.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4232	OpenWith.exe
4524	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	4524	7zFM.exe
Token: 35	4524	7zFM.exe
Token: SeRestorePrivilege	1920	7zG.exe
Token: 35	1920	7zG.exe
Token: SeSecurityPrivilege	1920	7zG.exe
Token: SeSecurityPrivilege	1920	7zG.exe
Token: SeManageVolumePrivilege	6088	svchost.exe
Token: SeRestorePrivilege	4388	7zG.exe
Token: 35	4388	7zG.exe
Token: SeSecurityPrivilege	4388	7zG.exe
Token: SeSecurityPrivilege	4388	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe
5836	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4104	OpenWith.exe
2192	winrar-x64-701.exe
2192	winrar-x64-701.exe
2192	winrar-x64-701.exe
4456	winrar-x64-701.exe
4456	winrar-x64-701.exe
4456	winrar-x64-701.exe
636	winrar-x64-701.exe
636	winrar-x64-701.exe
636	winrar-x64-701.exe
5540	winrar-x64-701.exe
5540	winrar-x64-701.exe
5540	winrar-x64-701.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe
4232	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3388	4864	msedge.exe	82
PID 4864 wrote to memory of 3388	4864	msedge.exe	82
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 3924	4864	msedge.exe	83
PID 4864 wrote to memory of 4244	4864	msedge.exe	84
PID 4864 wrote to memory of 4244	4864	msedge.exe	84
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85
PID 4864 wrote to memory of 1972	4864	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\vail-vr-trainer.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,6288930774730008446,10308202002564149976,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5952
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4104

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\921838ee3037415fb2fc0d8b6268c274 /t 1640 /p 2192
1⤵
PID:1300

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\003a6251552f4d6eaccade882135b15f /t 5380 /p 4456
1⤵
PID:3260

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6cfcdcf96661411da40728e9a010e1f3 /t 4392 /p 636
1⤵
PID:4648

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2024,16453760858999516151,17470221795408608993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:5668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\104694f926f145c0a7533733a4a457dc /t 5208 /p 5540
1⤵
PID:5156

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4232

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4524
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap13707:136:7zEvent25646 -ad -saa -- "C:\Users\Admin\Desktop\!Ǵ𝓮𝔱-𝓢𝓮𝓽_𝓤𝓹--8499__𝓟ǎ$$𝔀0ɾ𝓓#!!_2"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:1920

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6088

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5428

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap3214:136:7zEvent3766
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4388

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5584

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6120

C:\Users\Admin\Desktop\here\Set-up.exe
"C:\Users\Admin\Desktop\here\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
be8842caba48dcb8a02aa560da852cae

SHA1
2b696279fb773b0203a23179a44d1570642418dc

SHA256
2130a10cf26ee5cf50fda25e19e0ad2992bc399dea33ea7ec20dda589d53cd0e

SHA512
21dfdf64b51459d0767801966b05b14b072712dd490bed18ccfc386e4da2f47dd7f4317994dd5bc84ed8daf668ce826c21d05e8ce95633f98526202d06ca7ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9db2a0594df297bf53c2c7a01c33cad4

SHA1
d2a815ec895516ea6b7cf3bff26b77383cdc901e

SHA256
33730d3aa056b2f0f6cebaa88c2082cbfe65b0a4657566140a022cd8a9b62c44

SHA512
e6349846db38ea7aed3338ca32dd022cbd84e6ae40ff252301020ba7b41a984907dad63d49cac44a854d4fc2c06d9b848582df953429191b211efceefa515043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7e0cd1fd7cc5ca7dad6751b8ff8169a3

SHA1
0214f4740c23a98daca55fd69b41c7f05666c160

SHA256
94e212bf0c1780a2c69361a19ede32ade15ca9128610654da81cb45aad12b616

SHA512
527f67157883738334c7da98d17ba00f9ad7247e587ce930f857acaf9848a4100372cea451f9837d088ef9718601b29a7273a089b91aa065147dd0e93b50894d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
a5bc164c1d44c93f218bc8bb2b871a59

SHA1
63e4eb5ed62268f94be0ec59ef85d44ed8016948

SHA256
985b57d2789250b1f17793f09cfd3ec9fe7aa440a5c5aaf76fb534dbd1c47f07

SHA512
798f828ae1348040b9b9d9aad5df294e17f70b7f7a8a208589e660bcb586653b5645c9793e35084f77c74afeaa50318aeb4af29a4783803c23e02c1eb3e70fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cda56433df28d35efc76074585dee776

SHA1
142c9bd746f8c6029c4d22affe5508b43174d7e4

SHA256
74335b18eb322ed3956a3684e55c180dd710f347d9bb3a8933add17c8ba465b4

SHA512
28013cb1c735f0f3b53c5b4cbb25b087d7b3ebe868ae1bbeb4db3519c939815762f95e5749162ac528ebfef3f9c3324f200d7452d6ac6baf489806e2b952368d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
c9def2f5707c764b5501a5e6413adcc6

SHA1
01b06aa9b7a1803d12092190fb6debf88c28a18d

SHA256
56276e2d0d29613afc259e779d706f11f07933306b1c1621a5e68f3c7d82495a

SHA512
77780a166783302d07a5491a964f9da7ccd54018f8374b20fbedf7e84994054804a02bb56b2a01c2eb3dae76cdd696dd13151e7c611cb6e7e29bc84e33c90e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c5aed097e9e7220aa83acca3e1d9274e

SHA1
f9f0c9afee601a935de94c47836e6ecf904e2521

SHA256
aac40aff1d4ebad8d8da8b6e916ee8814c1238f035bb5f8c6beb340faf70d7f4

SHA512
c83d50d3ee6eecb08304c1d7d6010883340318dce5a428d5cd16461e3ae706942f44bddf505f08f5332f305b9692ace632c3e351eb7174dcf1095ccf96d33af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fd510bca323d6b19b2c715b036916c4e

SHA1
5d6a250e41adc5c0bc827e2ce1c267f0683cff8f

SHA256
d4355ba4b09cdab59edc81f322a937b5be6f0d3f06921e0960f3f989fc6b070b

SHA512
444241c4a7464cb2996dc33a3452d0448094e118ae3942e61acdc3f2e23e318bb9fe50cb8c04502d7fec7b8e931f55b84cfaedb14d7a396bfb9bee03f2845ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
8KB

MD5
92f9ab7d1f3012187261c03a5a367097

SHA1
5e4e7bb97ff430bd46c7f8f0b3867e052631fb38

SHA256
cf2b89a5a710e0910482ef9cd58b47118712e2393e8a3129ad5ea0b766941f9d

SHA512
b056fbee29caf87f71632028b1ff24f834cba5f9e435c8fa684d24a2e30eaba788817d27991773ead29196fa4a30b6af57aae55d81c7ebf85260f4b2b90b0538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
20KB

MD5
cd87edea378c0b05bdcaba038e5a2f93

SHA1
91d1ef6a0320794551259ff0e90a933ef44b9eaf

SHA256
1ac11644e8f321c619ed421a5a24903ea07521f805f9edb7d6e1f3f576ee4cd2

SHA512
a0c200feb5d7c33cdf328a84f409316a8112e625c7612de6d5bdaeb50516555b1353ae44ee233e13082cf1d1a366c08395d3dc0c29207b2182aa522128c0f594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a961e0f5e4123d42502285bcb1d7f7ae

SHA1
4cf53e476f6348768e7f12be150052f22713a53d

SHA256
a8eed090128028a728c8b34cd9832fb36235e475c4e16ddc0fba4d7069335955

SHA512
860bb4d9314df14325c7a6995117d2084488bc1935d28d4aabb10bdfe084c86195d2fada82cf60363a5bbd48202fd92d6581138c995867d913265779cee226af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3cedccc4d8a681c2224db7a4833c1b7c

SHA1
359b0599761013a743292d3b761651b997c095db

SHA256
98fb520c761c378472dc6bab33ed68bdc9f325de7e17fbb48565e3219c169670

SHA512
db9d810db88891cf946fcff16c5c5930f6964090ffb2790fd30ef7a2d564702a92f0136b56f9e22f405a50ad63b1528e68996017d42c9642560e94e09a0b5fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
328d6504436f24f9b0d845e71d931927

SHA1
b75aa84a095fbefce0f1aecc85df6c933bc1dcd5

SHA256
a3409b94ffcadbb039889ebd2d39a7c437f95ee40f14e657ad7b7b17d47fb17a

SHA512
ac517b7c3fa4bceb991e6c89c14852fcfab3eff7f04a5c90af6ed1acdae1f2fb409eb7829976e8fd5659946f2626f4e9ac9c87ae11aeb74a0a7ad65d0220f74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
00e28cd167cfbb8913200abcdf99543e

SHA1
16d84906aab1cd842cabd9a306d69cbbf80d1515

SHA256
11dcd3d6432108415a29941b034079ca333ce3e012a8846ec83209ed55314d2a

SHA512
a343bb37932f980ffcef25fd0734a9cc52ee133586d646c2b96bfaa473b49e9fae838586e3acb35af6ae5d672ccd131a36adf0a6895328e8decf7f0bff41e625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
455eb521a8d14679f3e9dfb6eb3d24e0

SHA1
3856e57ceab71b530182f0ec5372291b650706cd

SHA256
95a06d0763f3efca2c0a99b20a3e02c8793139d4bc8b2fa39d9e3c44843e69fa

SHA512
a7e15f6bfe6000bad794222298d12ba924c919b78c9920f50b2a0a9c4c689afdd1582e3def8d91af40f62d750e4f01c341553d17c35f5fc8eb0f2e5a019d7c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
029fe1666f79585a60fe59a628b02ee1

SHA1
3fcd841fb93e0c78c1b56719dbc0fb678a4a848c

SHA256
d011abcb9fcea61ab667237d939ca7a07525ef976ad37682e93fa4df7aafd54f

SHA512
6433456d0361d3be83ac89c953c60305d258f82e535838e14fd64188f43690267ae7652bcdbb3c016259e8579bb0db3106d1d082b28e54da87895d79dc56d70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e7ebef0033aa66882e173b7aed0f157d

SHA1
f1b0deef789cec5fc747084c135796d382604660

SHA256
c790d16b48a277233c3b29c25a889fe20ef37ee2b99b21639e2a77c0371c9dfe

SHA512
a0b518d74448ef6473ed584f338958d8f5dcf7bfc9550126b195eca9a7983fb41dce144d6e4998e0125afba54ca961878317432ee68e0adb96d6cad5456c3412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
74b34dbc172df093f547ee99e56a9d3a

SHA1
0ec387c3bb51f4e6c12dd2b00197c34ca70b5658

SHA256
27aece2b565c2c4be61bf6c3967f8eb1dcbd853a7b51a2458c17320a7f529966

SHA512
61b9ad6447c61d61f8ad77e33e7e5d7c0ef646293189c63b301c50b56ca6a00048c6adba1fda404d5c86b5b7e5433e3a9ca2835d28ee5342b97c46493642e9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f7ed47de3d58678fb6931c35b9ba3ab

SHA1
b99d9c516b49848d5db03b4bcc2b0a7290dd1e28

SHA256
7249b3c160365e6229adb515579520505301785fdfa3d524f9079683c68fb97d

SHA512
1ed616933f2080d77f3c60a430aff3948cf9cc3254e71d3db3e619f83842be7ac0851afecc9b8caed99f95393b74dbf5c131d24ad0a9a0f484f26815f42daf06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
19f094ac9329fe3976255f7e3e81ab67

SHA1
e384266be1289ad12ecbcaee51c996373178a8bd

SHA256
8b06d3b04d7943fe449da9a531124f473516814c01739e3034743db179ce9f90

SHA512
54bb55991e6baa5f75f07ad2c581b2afd175a037faf1962fe86f174636c0a7441b7efc5e57095aadf0930440006999fda86c5c8172b516c0c6d996925ad290fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a9fcd817f53562e8972a72be7904ca57

SHA1
64e367409da6c63b2007637bf06627defda223c5

SHA256
e6236123a73e2808ae93be4ff0ef0cfc87739e056c4889b52e9d4f590daf8539

SHA512
c7d8c489cbf0f3401c130406a8b3e4ea684c378124bf402bf7b507b42b3a871225ec7dbc8784cdc1fa786180cd7496f9e2a641fa67c9f3340d7f46ffb251d1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f994a89e325a2d613ea97875abefbc3a

SHA1
57f74bd05e4fb7b26f0c309b2cf1d86d3930086c

SHA256
c87e103c849d9dac8051774872b3cd08c27c989249dd1146158d216ce860ecb7

SHA512
983d18194b22839e36e51e1ea8a94d2d364c8177dcfc455ef1261dccf7a3c519d6b2c77afb6fade101680231cd9d478ddc7d799e32ee6ae11d74dd26e87d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c68e71641cc6e292065ea949c232e57e

SHA1
4f9e1a99a6005f2ae153b1038367f47a4b02fdc6

SHA256
c1641f5876495cc488ce600015c4b263daa3939c5b2eca5b9031e7b7cfdbebd8

SHA512
8a5fd41f005ac2646ee47bb0c399b3205956f8c684b59b0d9269720a83d8dd8a6a433d35a0d50a8d9ca565b7547927da8f8b221cd3a73aab7c1c764ed007274c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
078c16699e556dea6bd29dee1134103b

SHA1
190dccbfbdff3e91be8ff71e5923427e0e6e0859

SHA256
40962f4ffc7d81cf9869aa6a74628e93df3ef7e046bf60a9e9959d149eb68606

SHA512
588ccf60287736aa707a64d5af8602a54c93a1a43ae70d9c6b8801ae94fa967f07e790c12b3623a4ac4534c1a9e059f50da2fa3091f2dfdb919dec675297bd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5eed5ef85234c38d4688c5fa839a5b84

SHA1
889baa0bf6f38a43db64b572d617e4c07bca5529

SHA256
5188198bae8d9596733e6da8c3fac84875db823a42e0915c9d51158a8d6b096b

SHA512
83d0ff827e9e53026bf55deb825080dd91fc5ffb672dacdd2b94432673e4ce31e3d925362244005760e4b1f918eb47784b74098d2d40d1afe518796c19f9822d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d223f8446ba3ae81eb7df33adc0c822

SHA1
ece28b051a9936e03d9cf05b2e1775d8cb3c55d8

SHA256
8f02004383a4bba896395a90920db67ca09dfd1b71dbbee03e46358191ad9be1

SHA512
c5029597537ebe90507cb7bacd598583dfb8d1aa2884675d8ffd6807bff8776f9b7e85bb6cb0f5df898a3aec6c2f519876469d03b7826a2e1f08211be69659e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7ae66a80e9ab8d76acd8b0ea752f878e

SHA1
61e173a05cd60bbc76a600d390952160c3f7cf47

SHA256
a37337a771e46fbe58dacfd197f7db8f50976c4b5bbe23452255695af4d7365d

SHA512
300dd4c962527ab2d6b350b841347745e26c6f360fa50eb8243cbf5df7138ad767367bf92c858f31185a3742c4974e9b0559ebc5e1cbee6aac1f59fa120c3e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d4af07b3858e94bc7363930ac245f1ea

SHA1
b6696ce00e71f61273ed17d9cafc3d3c7b23cc6a

SHA256
b6a888d50dd5bc44abe30848da9bd8d8e977b4824c590ee77273f1fe38246f1c

SHA512
daada31599f5c111c88f949876281f909141dab7fcb62181b6a9994aeed1ad91f2d2a7db23cb0132d43a40afee25d89f074038512a0365961540d67303c3d14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c84d2fc626645940127f3d1479ed5c10

SHA1
6109dde0a3aff0b3de6e67cba347f80a13de9675

SHA256
ec905dcaeadae5d6e25690bdfcee4d70bfd16dd08e9d6584d17fdb280508590e

SHA512
c4bb2449e5a2ef9a449eefb1dbada0b1a82ea644345cd655f1071a303ad1dc0468746f3a02a5fc1a16611c75a314e2e95c315cf50f272e0ba57ee8814fdae24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7348c79d9487329b81383d3291dfb6eb

SHA1
182f217c81188424d8fe40a1f8e1f99c2ed00988

SHA256
8512939a6d79d794708cd615672c144acce263b764b239256fe623ae6dec3523

SHA512
dd41e1e3e757696c470a97a9adebdb325c65e256312da65568b1043a1b51dc6df68595b02f34d14b0e661a61349a27403ab90276c6a9fea238fdb71089bba6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381051985373316

Filesize
34KB

MD5
375a8eb42bc368f4e0afd0a2bdf8e805

SHA1
06e0cf73599db3cd138fb92e9bafe696efb66f3a

SHA256
81cf83770049951675eb4e5950c17a3408d9ec40ec9dd0b0ad6890a8f3202bf1

SHA512
ea06cc23026d4cc003c64fedf24cb199f95d39946aaa8fd34dd639131b641ea31f4f54d55eb7b603868c4b097172be480d639b698846a2ca6d73d105865508cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
394B

MD5
a32af9bef82720fe83c236ac06f1def6

SHA1
eab350e1195f99a4e4a4e93970e8e1ebfdb5c04e

SHA256
8093d71e7f2e3747b96da4864eee37b3703a802237144690aa624af97db41640

SHA512
c5131fe9904ab8485bb33b05bf462912461b9f1352c9e0b6a46f879a9199f90eadf10b6c48014b3567d68e1699508147921987e70052058930ab8b89c2417423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
6a0bbac1f136ee0fceb7ede05999f197

SHA1
8d72dd2b0d25e6d63d124241cca0cfdabc7ee987

SHA256
9a93ddfad21ce0eb496cbb4d52a94168f835b7f1dd8ed62048e566afa842d3a0

SHA512
abc7a3cda93cd7406dcb2aed1758baa151f7adc6747b73f3a13d5da16765df3e0d563a3a1b44235b68763f9e5cc80e814ad52a8328d67475a2f9ee2b08201ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ed5ee44984326a29f70373a5d37a2fb5

SHA1
c86e430ccad5503c3771f6bcdfe210d4eec6b583

SHA256
bd91327d5a833746da9e5616346cbf50a80058fa5d592597e325ecd043c18e52

SHA512
4c42e1206e2090aa89e7f085c3fe60094b607d53028dd16c97cc66ef373c0823b9eeff40eb0828421063ed4f775d6fe198e782220e35cec07f02d0a75a6b7ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2e80eeb6f7ef4ff87470bbcf934fd60

SHA1
b9873c01e8fa7890256238167248d54ccaf5e35c

SHA256
6429c6eca465f329cc2244ae3a6978c8814c4b8de5fe5b8e8ad555c283f583b4

SHA512
c7593c52314c052cb304e3f7fe2284dd6664057d003a0f13d9c6dcf603d1b3f2782e569889b08cc7dd925a5b812585f125b3ccc6fbfe48b17a05eecdb3410a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02a65193d1e0020ea78644debd74ee96

SHA1
94bc839913ad82eb0c09d76dac2bea2314d1fdaf

SHA256
fe8cf3d33ddae620766e56b553aa09e7edd98754e1ef81994c9972dd51e1ed56

SHA512
4a077f0a90c5217c9c7825e4137c0fe824013a211aed842a1be0c082001bfcc2fc8c714407cf5c8920930a09c9ad9b2c68725afeb141be411a4b6161016e4d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
cb184669c3ca9da4d50dddbd2c8cd8e5

SHA1
e68c2a83371cb002556b1618e7df7da26ca4a12f

SHA256
f483464eb5fa4e3694ca130007ee56af7183cda791ff37f0152d7f0b0c3893ef

SHA512
1d9bc03f86a830fb20492bc7ab9ca92be6b95f1679b9c7da0e74b38dd5c768e7fa9e722825865ca2f6d764dfd18a2541be04e9c896a19576de69f3da6d91c667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15e9581ffc0e29d6f6ac1bead2b30840

SHA1
6cef9478b523d7bbae0b11ff879a304508fcf84c

SHA256
0992e1fe37b2a4f4e9f8ba520a769f5aaa1b302716fbf22cd105253931148cca

SHA512
31fe9aebb6930d8a6ac8cbcf9c2f802a1a1ed909fb37fcc4922e50bab25f9c1cc5caccf349becee53d88c3d6054d4eafbcb054f6ceec601ae040867b86a20122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8ff673bd665c537fd513d03703b978b

SHA1
891f9c7cafbb1daa9865ed8eb87855d1b6d38cfa

SHA256
749149bf00f2ac8de31037c5e58442f6827fda69c1e529487ad2bd0c8c634d40

SHA512
98a635c09ec059b10c6ec06f6186e96987410836c6ecf576743d44dd5d84a604edb490713c4e2ae988bdbf80f4f77fb1fa0edcd6738506b16e05a1d380f25898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7c95a5359c6d5df22643a003fffee47

SHA1
13ef5fc7498c505c867d8ab4c3ca5524b88b7c0c

SHA256
a8570e507b732504a4fb788e40b41e9990b01f493783c98e1ee57075790178a8

SHA512
39082da93baabf362b74526f15efc3b20711708c765ce508f684ded7ff65c7d5043db9b2fad1d5ff03452fd07440611be826f3d56c9a6718dd1b1dfd6f153491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
483249205d0b13af4c94f07542de5bdf

SHA1
a6b974bc5bf0985986b1dbab21344bde14f5a9e0

SHA256
04a2e3290bc41eab37054b55f44702d6aadfef031c222e1d6de3a6f620bf7713

SHA512
de185ab94510388cbbf8f4f179150aedf3ddf8bae2a5dbefb158bd92e2ea34a737f48b8874ebf67c65084c668481b8d60a72c8802909c8969f7e1ddd5b99caf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4d4.TMP

Filesize
539B

MD5
381c0ce1144ed83a910a79f101587df3

SHA1
7259b603cba0f4169fc499de070a6045a85c3ae8

SHA256
1d1f08fb228ae6031f112743cc1ab2eac4bef97d2ee4cd9c53da45cbafcced9e

SHA512
ac8788585d3290dc779d1689df16898032f4dc95befba6abe4c0fc98e2357bda60fed964e3a66e21bc186fe007f51a10a02d08c9a76a33811d17e127c8fc205e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b60749f71a0e15cda47e9a16075ada47

SHA1
04e36b6378e48b7d9c39c6b2d3dbc865556deb92

SHA256
9522ddc068499cb9091a584174fcc073efa50f432657b6a1e1e03cce66877ada

SHA512
22302384a39aa44fdb171c0845bf03cddb4508212d5ed1422036d0cd2510cf68f53c0180d90127353904ca5abc031a596ab07ef433d3cd4d1a27b6e2c068a5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
b7ba2cb0feb7abd8d29b40bb958191c5

SHA1
ec74f35cae86b7831f037c4d89fbbdccfa37db7c

SHA256
5c2ee0d4e10a77960502862c3df46fe06a503e8e483d02eef459aa5ea8f78082

SHA512
a9a0aeb36733a1b5a298edcf3890026c1bbed7b0951cd39255119a89de721441c550b9ea888064ca32c0b599538643f73d352be81450e71034f2c2dfd6cfae89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
52KB

MD5
c549bee0efe2f63e65c70d96c8f6425a

SHA1
3d42ae4c4c178bde1ce48e10b670f808127664c0

SHA256
3aca70fa8c0eb663a4564f071952e103a69ea4fb8a48807e584da78e9aa01d37

SHA512
e276ca876bd7670f53d6190f7d54725c204175131e0c585f6b7b45ef7c50149419769f96f968c6ce41f90e921080cbd3b08ea16aa9b6a852b9e595bed31b9140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0746007b0523b93de7e9a2336746700

SHA1
bfbee6ba8c8eccf81cfa3743932301d9d6f1f286

SHA256
09ab0aba204204b65fbc404668ee6397075abefa2cceddad0b418c3b6798fece

SHA512
46dd23a5b37e5ef8ef40a69347dcd76b667c1879fce39a0c8bd510f8d27cf76b2c5aae3ca1753a25e4db1b6de0d3111b1a538815a6aa899fbeb3cfe3f921acba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6ba1c7723dc0bda7903485f31d089c75

SHA1
dfba9ef15b1824fb1647df71b781af5e07ab5b0a

SHA256
260f20744c56930f6373bd104447dc64a569c020990980c535f4c2a1b8552c4f

SHA512
f82c1f0bcecb709654e30659852360505b71ce7369da1acbad6654517c603a8e2461f0421d034e838e29d85a9739416beddca9f038662b8d8d195f059373d6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
809a1d0dd94f6c5d35e1f3e350e4beeb

SHA1
f66a2c72636bb95aa8768fe49d67e9457ae45743

SHA256
f11b54f7d24da768b0aad17ce05665d45b4a414486c7749b3cf24ef1281ef3c4

SHA512
31511e7228a76e9a08bdb4273e94a5c530515361e77cc6a3ba5ee189adcb06a86b4e65526ca3759338f9cda0c71e62947ca2ec420c11fc389fd4be92375d504a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
54dab83a06b4dec98686b268d85b14f4

SHA1
230003eb70ca1f160027d1bbe9dcf1858c373d12

SHA256
fbc787fa93f6c36e32ab29a719dc69996c9735d1bf88609833a621da25bdd02b

SHA512
7d003a85652979640de56010a025e01f33eb509a63783172d838368836efbdab10e6fa0835cf7dac7ea5180707edb76a0dcca95f312c5ee3bab631c381a053ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4bc88086aeab7ffd056e5b753fb1734b

SHA1
1b23e83c7aae88897145fa642cbaee60a180302b

SHA256
0ea75df356c52ee9441ce357e9f27fa1afb52e3d6c4a2d9623b8320f2b7f458e

SHA512
d64b84b6b594b15a9af346fb425ae6c57e4125a6958ef7579b37b3689241c9b3c14497052bdec58ab5d1beb3721d40a1a9f85b83f6ec69fdee78c33719429070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e36ddfa7e0abeb71195f1ef31cc0c5fe

SHA1
46590bced9c2109bf5ef59c07fc5a62bd46c691a

SHA256
7ac1a16afb720f02372305339c2b56be65b304a9fd65e1132fe3df07f211cb1b

SHA512
21acd5131bfb0d0f623cf5ba2828da2e915a05e8a5b44dde9097914832319f0b4551f4e33f7566d7f7bff183d0f150b5a33b4ea9689cacf41541dd7b1719bb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7c5f674aefbab95b86dcd0a79ccec89

SHA1
93d29074e6a21d7ae68c4834482eb352c0ccc4e7

SHA256
cefc53a335d737ba848db3aa136057b7f8e2c357719b39d445325b55b7dbf8ce

SHA512
069098e201f1a5b81485c69a8bd40bdd6ac475d96de57d0acab066ba350ce817e9a0021b3ad5e6c0391833a5c70e3b8c67927253bbd9e5e2b0548efaa85baacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8709d67749ea6676e83ace285e61c47b

SHA1
54dc0dc018121a259c2ca991bdcbcd9866b7d280

SHA256
6b87c1aa0745416a84c8e5eebd76b6a85fff946539afb8dd56401abbed92f2d4

SHA512
22a580a9570cba8c4f057997bd59c9fd4bde44a17b4604a3436fe7210867e9da2d7a5dcffbb5f251b20157ec7b368c04035afe31466611864f7fbc225bcfdf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6f7a9d038bf69af8533cb7dacfb53a1d

SHA1
4880ec774c43405bac7561e4634abfd8e8c6803c

SHA256
ddd5ba1eed94f5df4eaa6958b45929b517820db8850c5a010afdef04a7397067

SHA512
4fc420188cfc8fdb74183bf3aeacbbe45e1c5c99a0bba5d21fc618d3844d63ed3caf90dab827ab238cc5492de462e80ab6f77b0772ed0f2d6e390bf6f4f6e515

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\!Ǵ𝓮𝔱-𝓢𝓮𝓽_𝓤𝓹--8499__𝓟ǎ$$𝔀0ɾ𝓓#!!.zip

Filesize
7.0MB

MD5
ff1746c8f6152c809abc645665e370e7

SHA1
58a78ff92880e0951c5b8f291da08b2c2b24e8ad

SHA256
bc54df6a91a3cd27427d8be79f39f5c2fec4a673543b6462ef18ea0d0f8c8782

SHA512
a9e36b7a045ceca2b44c9f582a3ffaaa65ff85c351685ac5c7f50e3c9daa5da9735b79f7cc2ea6977da82725770d3757fffeb231ae5f485d726f530bee625de3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 779937.crdownload

Filesize
959KB

MD5
e9c74eb7ef55131d54388d548c148429

SHA1
ac4b12358de4093c4c90407ad65865b8a30934e0

SHA256
139bc09123f49acf6007bb995a87595b403110db6f2ef4ef9d481710e7b4426a

SHA512
5727ccac2281578574e24c77f419a49554e1f6c8db792ee3380868a8e2e6886fd7f52ce15025d28db962a7a669b47055ab314663e6361519d16c713ba383f0a4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 837689.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/5584-1552-0x0000000002600000-0x0000000002652000-memory.dmp

Filesize
328KB

Download
memory/6088-1330-0x0000024C7A440000-0x0000024C7A450000-memory.dmp

Filesize
64KB

Download
memory/6088-1346-0x0000024C7A540000-0x0000024C7A550000-memory.dmp

Filesize
64KB

Download
memory/6088-1362-0x0000024C7E850000-0x0000024C7E851000-memory.dmp

Filesize
4KB

Download
memory/6088-1364-0x0000024C7E880000-0x0000024C7E881000-memory.dmp

Filesize
4KB

Download
memory/6088-1366-0x0000024C7E990000-0x0000024C7E991000-memory.dmp

Filesize
4KB

Download
memory/6088-1365-0x0000024C7E880000-0x0000024C7E881000-memory.dmp

Filesize
4KB

Download