6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d

max time kernel
1128s
max time network
1131s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-01-2025 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
Size

25KB
MD5

1d93e8597dd860cf81cd913c4b997818
SHA1

a7dacf6a32b194720a87130a16f2222c44f036eb
SHA256

6514b345465786d232a61f8aca8e3b60e2bf8a3e45f237086e55caac0c19cb4d
SHA512

c35592acafe20b18914ba7ee31201faa7534136df292d7c14436fb3bcbdd5f07b96b3b63897509068b8263ec4e12f55e192de027996dac8e63e08712fb891e98
SSDEEP

384:PqlIcCtF4JVGTHyk9v1o99t5W9ISFaTGHx6QckT/gbpLOXguLZ:sZtSF5zg9ExLZ

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250127162518.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\76058671-7bc0-4a82-94bc-8009ea4792e0.tmp	setup.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
6112	3276	WerFault.exe	167

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3982764349-3037452555-3708423086-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824690376889943"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3982764349-3037452555-3708423086-1000_Classes\Local Settings\MuiCache	RdrCEF.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3982764349-3037452555-3708423086-1000\{11582A11-07A8-4DD0-BCB4-1ACF5679D271}	svchost.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
1140	msedge.exe
1140	msedge.exe
4856	msedge.exe
4856	msedge.exe
2168	identity_helper.exe
2168	identity_helper.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
1860	msedge.exe
1860	msedge.exe
2964	msedge.exe
2964	msedge.exe
2492	identity_helper.exe
2492	identity_helper.exe
4964	chrome.exe
4964	chrome.exe
4456	msedge.exe
4456	msedge.exe
436	msedge.exe
436	msedge.exe
5528	identity_helper.exe
5528	identity_helper.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe
6024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe
436	msedge.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: 33	5916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5916	AUDIODG.EXE
Token: SeManageVolumePrivilege	2052	svchost.exe
Token: SeShutdownPrivilege	3276	wmplayer.exe
Token: SeCreatePagefilePrivilege	3276	wmplayer.exe
Token: SeShutdownPrivilege	4596	unregmp2.exe
Token: SeCreatePagefilePrivilege	4596	unregmp2.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe
Token: SeShutdownPrivilege	4964	chrome.exe
Token: SeCreatePagefilePrivilege	4964	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
5504	AcroRd32.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
3276	wmplayer.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe
4964	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe
5504	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 4968	4856	msedge.exe	81
PID 4856 wrote to memory of 4968	4856	msedge.exe	81
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 2252	4856	msedge.exe	83
PID 4856 wrote to memory of 1140	4856	msedge.exe	84
PID 4856 wrote to memory of 1140	4856	msedge.exe	84
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85
PID 4856 wrote to memory of 3648	4856	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_1d93e8597dd860cf81cd913c4b997818.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdd6e846f8,0x7ffdd6e84708,0x7ffdd6e84718
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7e05f5460,0x7ff7e05f5470,0x7ff7e05f5480
    3⤵
    PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16241396906920086757,13547943882141195456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:6136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x16c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5504
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:2472
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=28AA1A97A57859BD8C502F28EDE90B0B --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4940
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D90E8C84129C28CE3C258FBD2D5AF0E0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D90E8C84129C28CE3C258FBD2D5AF0E0 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4564
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3F75FB5F43F35D32192A11A4EA853970 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5880
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C17FA42B784B67CF3E5BABD14B6ED15 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2396
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=258DBA6F41E8D7633B68E702CB23AFB5 --mojo-platform-channel-handle=2400 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5572
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15E6E9362296CC5EDCE32EA3D2785F4C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15E6E9362296CC5EDCE32EA3D2785F4C --renderer-client-id=8 --mojo-platform-channel-handle=2512 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffdd6e846f8,0x7ffdd6e84708,0x7ffdd6e84718
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3028 /prefetch:8
    3⤵
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
    3⤵
    PID:2004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
    3⤵
    PID:5544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17089517297625628580,7299994237540755807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\27bda0b20f904f219b704a72d58de378 /t 5864 /p 5504
1⤵
PID:6012

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4256

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2584

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:4456

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2052

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3276
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5860
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4596
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 3192
  2⤵
  - Program crash
  PID:6112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:2412

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3276 -ip 3276
1⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffdc470cc40,0x7ffdc470cc4c,0x7ffdc470cc58
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2036,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:640
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x7ff71e694698,0x7ff71e6946a4,0x7ff71e6946b0
    3⤵
    - Drops file in Windows directory
    PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4764,i,2087718449829591870,6732450091301877526,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3936

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1168

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SuspendInitialize.mht
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x14c,0x150,0x154,0x120,0x158,0x7ffdd6e846f8,0x7ffdd6e84708,0x7ffdd6e84718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4364 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2164618507643545296,8750619355658313768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
44f4cca7af79967765e90dbdaa7a2d84

SHA1
d5b10e0c31ea482da5397973f65e0c97999e5641

SHA256
7d89194616353b1e7866dddcbbf79fde953deccc7b84e102c1577e16d77ca30b

SHA512
c9a265dace3c54a25b1ca1a44f96bcc456f932d7a3699d959b3e17802b1afe21087d53de8e2fae4edded2151c34f28a9619682e9610523149267d52b207a10c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4c49b558a8769d7d8f740be476fd761c

SHA1
050b8e833dd4711e399c909dd162fbedb2151b0d

SHA256
3e2e697dd278cfa98a69fe867166299d0ba29c752e812d5071ed22a27b45b257

SHA512
395ff51a46a6957876c2af07542a85c7ebb7ba4997bc6d31dd89805933722128ce3a89ce16f20cf60ed7007357676ff954639c5fce391e7b8e827e1eb88623a3

Download Submit
C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
3de442e71bb95e87082970481a5a791d

SHA1
81c9a1df83b0184084e810c7c3be288fd4ad68a6

SHA256
3bf2a782374560acd738702015990e90205fb96fa22f43eb8a6ab68f722719bd

SHA512
0f194ef4c60317a1ad06e4dcd803357b28e35e0643100d739752514ee9f264e0777c2634d29241a668de8d55f50211079a251d4d98d0ca4a0751ae5c6a914355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\6f0aec35-352e-4d5f-924a-143f06a00f52.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9227a66c-4118-470b-bcf1-3845b1179e8c.tmp

Filesize
15KB

MD5
0edd6af8f8f3a0e1e514b0903e910966

SHA1
a58caf6536bc1c6732bcf58226b6c67c342c0d30

SHA256
92137093ed3b78302fde33bc87b3088472f7ce6b64de7aa8cf11684d818571d5

SHA512
0249d12db6dd15e65865820aa47957060399da5192e6c23d7adcd09e9bef99781c839d5ad581a56a09db60507c27403118ea6b6fed4b003672c0aea222759d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
65090733ab352209c9802e5fdf3504a9

SHA1
3400600f846ecb572c73bfbf2ca589b3e16020e6

SHA256
d9c8330aa3d192ae43ad8fc83ac50a9808915fbb16dfc80638d4c09e4aeed271

SHA512
fc4e7460a5b56238b66fd65b3b5e50ee707c4211b83388f16ed0c158ae58aa42a1aff7c0de7b3af087dd9f842c9500358ff649d45e575cdda2c1665555b6ba19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b53bcd685e490fce3ddb34b98147835b

SHA1
96c6cbbab2925dfb8f160b1361cfc9fc64f23f91

SHA256
080eb6ba21619dfc117cd4063e5b9566dd355227572d3cfc4faae504cc2ffca4

SHA512
a1a0806d6ad27386b86345c90973df785fad0a30c7d4c7ae96391f57a30dd3bdc002c02c09425e4bbe3e05e8a7d1e447206d9dab0043d002d6443876976c777c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
54bb2dbefbfdaff184c1a59901e9befe

SHA1
7e87d788219241865b6e534031f7901a74bf1e58

SHA256
449e697d9930fe708d473680171e569233f010111582891b6058d5678155561c

SHA512
f180e028a61f903ef69c2dc42882d95c64b2f37c41fccf6d6b798b51f6307600bb139d1252bf7a6fc03e59f48da154bbc0b38df9beeff0f2f5d62659c41c2cf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e88f2c44dcfa0c62b20386d81ce88358

SHA1
1c344237d355be366354372728693b39947e597c

SHA256
2e0342d236eb7f31e65df034f21aadc9e360e0959af233cc99d1a4a79d83301c

SHA512
3d80fecefa8019d470767e4706ca3721817a8807179e60acfca4bf0723f6b6cd0b9cca777b292edff3329360e030cd89310363cfbc13c3b3d5ea6b398982ef09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e25782e28e995c5f9507b27c34fae79

SHA1
8c052fb41db1aec3a0b73b8b09fc206ca9860a54

SHA256
a2853abf1be05f438da4eb978a6fe16f06f46326685df6006cbb5d699ce71a27

SHA512
5e59993b82c45c54434d7f3a5ea33428ae4afebaf2d31558d8f0ff7943375ef46a4ae8b72daa3569aefffc56f5572e2682f979bfd51f9475bbac172a9c106920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21d7e6efdd58f83e9b69e14898f216ee

SHA1
df632370d5b807ad1262d076c77066a53a34a326

SHA256
8ed8ac7b8ba1f8e0cf95c6e78fd4addf77bedf3d6bd3313bce48223e251cc3dc

SHA512
ebf633a7af6cda12eb43c76424f922a6b7c341a8e97817e030bb75614165d35069e3c1872943b806e800a0a8632f35c7b5e39fc4fc940ffa36bdef417846368e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
f6403abfc90af7ffd9e5612a78ebbf5d

SHA1
a5cc7c63b76b0de37bb8ae3d6afc72796634ba7f

SHA256
490db100d34bc32cbbdbf684c0e48df939dfd837dae1b875186b557199cb5093

SHA512
8653deb96d4f39dc3c65266af769d2cc1230e632a9635ad40d86c042454994a25638b58b5446d78431e8bbdb472b9f31c464a724f2d564a1b0a074d0e30490bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
47749c69ae88ffdc28a80b6169c37447

SHA1
d469c674654a5c23f5516b914b49bffa90551865

SHA256
418bb3eb703304339b3fe6ed138ef83f72039b036382bef214a318eb47584105

SHA512
457eaeb7b8a78f98a5741c4f24f340aab823664b04a709d4dc60d47e07f5e95763b3cba8e631665ea8b7de2b334f3675e255fd23d202baaf0e4b2e554360b473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
50a139aba944ca85ab4a0c154b01bc63

SHA1
e5b50e94fbafe168b3ece75fd6b750565c54f5df

SHA256
2653e90df1430a4f72648a6244c4477cdad72b6cdf600915ff6901239d3ff470

SHA512
cb041355dec7d56f1e1d3461aeba3ff54ab02bfb5249920e7cfcf669a4ccf72b66c0126abf867059c2886f0b2d0ca8764aff65a97e610b6ef33ef94b992333ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a803517cc4455c57d055feb80658d3d

SHA1
55474bb449878acef0b5d39d904352f5bcc4380e

SHA256
cb8e15868f6e930d6d29764af1b0fc08a2d2ab1fa45e9f312b8c4565df48946b

SHA512
ae7e5ee5032c03259a0bf9afb763afb16636956f2295fb4636f0d754e514a0b25844f2e8ef9cffb8c45f9028c6fc8e75f74cba7cab8575a0cad6840aabe4a02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef03cc1282ed0943a4e65ee30bb3ce5e

SHA1
47a332dfad47fab1739ba8f9758fba14c0977674

SHA256
ad9fdc05e41d86ba48c95d6b78258236716818eb0cc3614cad24404a817146a8

SHA512
54365c304bb07121fa3414201f97b9a76b0bd70a1ac3be0f60b324781dd159d3db447b80cdbdf90ef450a4f58cd2a5ac5c63057ede1d07942b88d0dccee58552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b16630717cf81f638bae67ab57f5e76

SHA1
5767a40e7011584c074743df3ddca48d05c833aa

SHA256
687f4722fac01dbddcee3ad0b9bb4c5483d21a83538b049818fb3ea9f2b52cfd

SHA512
3718b25f887b0112db461060ee647ad4240bad91d82816e48659e15b9f1c94b4a637665ac258b025fdb6b3ae0349bc26802e4b6d8215846ebc01777ed5a6f771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5df040786d363817c2b0a2d79932284

SHA1
5cf4fdb61d61ea3cb0156be5a987af038207e69e

SHA256
6c57a6d7639ebb606763815fd4d41fa87e1e9de6ada3c74fcd76ac0cc1ec574c

SHA512
dc39746802bf2374e6d9759b1fdab51a375fcb9c68b25c1bbff160358326107ae48ab17e9926637c9f6b4da0a59f280573cad258ffe5692300dfb47eec070ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ab523be0df47b9c44c0863d39e9402e

SHA1
a41f981235db6719a25988be3f650f0dd44c5803

SHA256
65223a518625d4525c42fa0a46e7bc62cfbc9f4eed6570a7c10f639ccbb907ac

SHA512
865d0e948b80b911c029f4782d31bed455d6ae405823db137fe5582674f556312db9182f04417f876a4c04326183d97759abe5b114230a939417c9fe87449e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\98ee7423-0706-4cd6-8674-87c790b4e68e.tmp

Filesize
5KB

MD5
8e4e6b0f9b51c049c76c11dd66da821e

SHA1
44a2571a0bcb5f63c844b1919cc0b84732e4bfa0

SHA256
9f66b71c49a8e17096592f7172905ce63db9097c4f2390aaa4824794dd35b11b

SHA512
6dce8d82a6b35590ecb86d73603a2aba63f0db7f18c36210b256abf789d071e37ba6d8958e2ebfbeedac732f02d51f440efafdd8508779223e61c801d2d58023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
243KB

MD5
166067ab4e8e0e4360a5ef617a3d9e36

SHA1
b5412c8099e10e7898e877f4a3e9b03582f08a83

SHA256
0573502902ebd67c929cfd48f869ff80dc91f340442dac9dd4099d136fe01fc9

SHA512
af9590fd696a7ded64245216ca22e8d8f39b990a191eb3402c755ec9233515c449b32c976793f15593d8134c1b7b16133bafc00be7a2e6b5a110a8d54977f69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
49KB

MD5
da6e34fae9b3ddef29ffcbbb0912d6fe

SHA1
2a5d74cae10d2a5ec12d5b6dbf042bfbaafd9336

SHA256
5c9383ba24395c1c8b5f9ae51d4290a98e4a6f3910d2c71d91399e7c4c5ae661

SHA512
1eed354367473e403f8ad55e8527b6ffe10646a436abd6b3c81cd1bd17107465bdddfb8a5507ba43904054f03678096780063f254619ac76f5a0c0839867ab4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
641KB

MD5
fbd295b721ad3d5804bdb2a278eea75b

SHA1
a3a9b097f14b9fdf4174d16c249764fc4a4778d0

SHA256
d6ec901270bc92b63f7e074e112541f2eac59e1e8e2fc05c7e8314281b621f7d

SHA512
73e54ed80d1867d318a5cbb6bd552b5ef58dd4cc8a45233796dbd9f5c44f02040761733b0968ffc6d322727f3f16001b943ae124e097904e1a22d5405ba70421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
34KB

MD5
19aae33887c6287c6db80d79cdd34f5a

SHA1
3d453a877bdff0097cf125addc8f5f1b85580362

SHA256
09c5b498a942533c54c94c229aa8129af67b0cdaabeffcf8ee6c03d04552ea52

SHA512
0fac3cf3a46aab179cf054de5544c19ecadd740f87770c5ea92ac665f7ec5646d29ef17ef4d9f4bc7889d8060431319b9fcedd59acb7156bc8c8df3ee99b83e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
34KB

MD5
08f9985e49aab1e6c5e9810ef6f8afad

SHA1
c0b6d51c227bbe3e7ae6151536b633c007d4c609

SHA256
ed2477616a2ca75ef014c2dd86b28c1d9a042c8df9bf72c76a61763d430d7f18

SHA512
80cd2c3133e37db5be277b48a1e3b1a319f305e52bff72ccd73775bed04ed64d7fa0a2ae24ac7ef5937257a31bfb7e19c2c95a851a52b2ce398bbafe4f04993d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
833140c11069fed2c398f8dbe177868b

SHA1
eed2c60d749ed73b640f5933066ab7d1bfccace3

SHA256
ef7797323ccdba5303bf760355adac599ad246797ece368ee50ee13a1497b565

SHA512
396bbe19da1a87fee6f1d9703a39d53cae9ab9188f06f6828ec85a3ad21569fe04e90af17281c1ff5be2169bb00e39b43cf5a68773eb1ad73b3833943a8b6ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
705d50a086a6c26646bcbfe0aaf21bbb

SHA1
ed8477b9df581673ebf91c2b945e82f5485541fe

SHA256
2e6e508e4a8b30f4ed915754ac42735271aab2b80a86076bbe52da0f58ed82b0

SHA512
cd6b188d9335296dd3d4050d09e7004dbf2d6d20ece2de09a3e9f94202229e5ea8ffe96b3143f9e707ce5b437cece6b6ef8f03b051419761f0d167f4e3ffccf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a0dff8b6fbd7a68207586c8a6d7686f8

SHA1
ae54b9788558744e043a1211ee22b978b9ee2099

SHA256
3ad6482160f37c4879f7a975586d2658c3d26f7551ec860d5518a3655521ef46

SHA512
50e10192f7e2ddad02e5956d6314a89eb939550e05f9ebea4043a33ef7b8b703ab9117425d559d3331bd96c9d4b77c783eb277e5e77e0dfcc899907b77aab54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2c1d2a0c29256a1556a47ac34f77fbf9

SHA1
546e75dd0ca2686ec3d27870c87dffe82f96825b

SHA256
99e754b3180af843613caf9d32000aa99c271e57c9cdce2bf24a37c7224a6772

SHA512
9aaddb717b97b9925449b05415b943927373ec7d47020ef44afa48a93d2c02b494b877bcd6909ba6b140fb77f411a23471fa0eb1f44032b09117b8b4bd0c569c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ace261a5b651c87b8364b6e0268e6e18

SHA1
21eaa4c16378d9cb3e1b0247145452d7ae83a8be

SHA256
615815de2d499c129fe5b5f8a180a32bd1cf2df6a7bbcdb0557aed9bed630b7f

SHA512
00f3c94633adf2a0fe5488e8550425c26ceeffb530a1f834d9eb2dac2cec8a5bc14e73d1c373fee33b9fa6b82e215e9313bc54c94bbe1f5395a1480a049ca448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
da8cfa184cd7ae093eb3e0c655883ffa

SHA1
1ed3aeade345f6cf13d0aab2ce021010ab0b3afa

SHA256
d8daa9d29f3cc98c191496487bcfb41d05583917865b0d7030e0ee150fa714b8

SHA512
64758e06149faccf1f9365a6e8b6481681021ed85649f5987063361b4f42b373c82d60eda7ac3e4307e4c8ea651b7a694317352fae9bcfc764de1099db318163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
e206e5c3f17aebf23d22494e64e0c16c

SHA1
e7406550c094512f524d2ed3050e737f78f579fe

SHA256
9360cfbf8633218fac8a90a6c0fafa6ce3982a2957b894842e0422b63c88a766

SHA512
f0628b44305c75408110c7c72a811caebab63f5d8d5f1ac254339e7d603a72122e3df7222ef823fc53106311bec38e923c589410c5e7311918ebc0357716df2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
554a805caedc645d0f5a2d14630d6541

SHA1
23f6c77c4784af597cd9ca8b16928c719cf1cc92

SHA256
a5cccf1fcf2db6c1f1cf1500165ff2916a7bdfd8f7521b381252431d578e56da

SHA512
4e0104183c345aedd64c635fcc6f5d2dd771865c280225447d5949cedda84b3f5737f7a4f8af0bac6585ec3fca47dbecca290ed898d2b570efdf5334dca00ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
30b4b5346050d0a48e39a1a578cc706d

SHA1
765c49c5c0aef4b28a152279b10684b7404d85c2

SHA256
29fbdbb1205b2270b756cafa0f9e59c5f67a064d62d0b6f077587d13c8a4d479

SHA512
9ffd54cc23607bbe1b7fe00798727a9b027af120af29fd27dcb47889b471a560c16fb2405f02f819248748310293e116b3999e1d9470e15590e29d2a2840ad63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
20f2bc56ffbba7c210fd9d7078153b67

SHA1
7ecb56fe4f0d5ac763a2c27f84592fda46dbbf78

SHA256
3626d82197b5adef9b97f62660ac9b0fe74e8e0dadcd29f8acaaf5d327223354

SHA512
95393de1fc65aef6f4a1e46b50670256d508c4c2faae320ea6cd3cd2078881f3e2c9b62ed3d4e52375e3e699e9fa8cececb7d325539c5523f71a303cae4da616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
9b199e03ce4393bec2bcecf41c77138c

SHA1
390e56785c030374e453108a51563cd7386fec0a

SHA256
1f52b2c062ef8212c94dd76a12caf64d1da81c1cde11d73a273c5f2f2e1707d2

SHA512
a4436d6ea1d5d38c91b8d6989d36cf54e9ad748be8c13f7b55d081b4feb9cdd9bcffb2e5dc8ef6254b3fb160020c6946e2255deacf9f45a933b97ba6c1ac3e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7da61789266bbd7b30a84b8507535c32

SHA1
51841d2bbad41cd14ed3572e743fdf1d305332a5

SHA256
dfaf8dbad0b42ede6e9e1346517edf8a1ba7cc43714d9be114ba5dfc6678eb29

SHA512
30958c0763716a3d1aaf4dc38aaa3d2728599fb3b011ef7eef05e6aa310ae59a058173b356b2f67ca4f7a8640ae8366894c0baabb28119cc66a90998836477b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
7139bfbb0dbe3a02771583b6a54a951c

SHA1
49ec19c688872a33c25720c8a6e01bf771fe2233

SHA256
4725e013833b4a8d2eaaafbb4e9230a005b99b006e461b9dec7d6759174d3bdf

SHA512
0fc5d18a4dbb8bee20e6d8ada727cab34820a35f75d85325ecbd6d54c5c47a96dd0f278cded410aca2d25ed498b5dc83ae20d42afc7b4ff2385dd40142efc29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
fffbb8e26a0949d6a35472ba5f4a4cd3

SHA1
8591ac360f129a098aa9f2f93541cff043b53262

SHA256
16b4eab03b780b93a5a5754c7c94c4aa6d6857541b1779921f0c9f793fc8aa39

SHA512
1c25849ab56d7e01c3828a8a8d7321329d54a222dffbfba8a096e0efa5e916e8b9c9c4a215d43cd02df19dd380219f741cc6580ac9bd178ee5844ebf9f7f8ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
4ac93d035988e7b46fd95d96f25b1f08

SHA1
1a774275233146b13c9f330603c03b3da851acef

SHA256
8129e99d6fe50b46a3e1363fc0471ba5b24d968078a5fc20c73765eec7f6a95a

SHA512
162c72026b5cbb6572a9bd899ef2583b43bea48fe28840dc7d2abc3e401d18517fdfd5e89e529a79c4920ca35b70244bfd59f6814c86c146563f30ccc52609ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
5566a56addb57dac1f10bc79e4ee551c

SHA1
d9a20f30bc64da250c3502da0e7c40bad62f5fb4

SHA256
96dcbede8919e4b541f1bfd1cc0994cdfc403cc290f3f1b18a2d1614cc6b7ac7

SHA512
b20106c0e0104d1fe2c46f2d3b68192d93b99bfaae7f083b415dc5a7bbf95d459853989ed4db698ac685ef2b5e03871c1b5c2a5c7ab748bee76307f74714857e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
48ed684c1250fe409e5ae87628d9e924

SHA1
1692a02159d932351537f5b29497b82c37851bb5

SHA256
5ff3fabd3c4ca33e8b1cc3ec8f3b41a952089bdb294c0709cf91cdab451bcdd2

SHA512
373d39b2a6b91eca852c0821c9019e1181c980eefbddef33821a2568856c7fce065b271cba9ca34ae7511367f467e993f16e967c8ec7903bc4ab1fc995f9ae38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
09dceac74c3a9761ce3d2ac3975e4ed9

SHA1
65a1c658b1360973363f0ac310311ebfa9573483

SHA256
d46cfb658426cc7e80e943a8d5f042189d7aad6642b84954d7268db3e1824d5c

SHA512
fd4596b28146b1dbba547ee3562449cbcdcaca2fe0e24cd46025dc5d3b4ed75f87483d4a00b7b3bb8b1d310fcc7fb6e45206a9defb15b3937510b4e6856685d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
96a5f9c9b926ace131f09c33af7078c2

SHA1
49f45644d28fca1dde217d041b1537a83c1f7ff7

SHA256
24b4f2103da2bc5d52f749c6b345017cb58a33d98874e71453025ff835b4e0ea

SHA512
ecc0a30d7e0bd1bbd76630945407d0a1d4357789f2c1ee7bd8def3362e717d1b0384b7c1d6e7f9457985dfdf9c095b8624ced41a3d54498e805822631d314e4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe581160.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da5e2844a488f722bedd7186676d782d

SHA1
60a89b1409a27b75f95d6aa27194064ad2d2ba7c

SHA256
52c3b09dbe66ad6460f23940c0cea71578b275ee669dd6e3a05909de8622544d

SHA512
b6b4003728bac415f22df747665d2e7c8fad91e61b35ccad479241144da069bf213a36011efb3245e669500582ec912355e7823c06baf19417bceacc6b823a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
675cfadd52ef57c15e58525b30abe29d

SHA1
26e6e01612a88566cb84b2787196f09a13f09075

SHA256
50a7b8df857ab5c5121e0942905d2ea6788da0de66e6987fe3981f42add1e385

SHA512
1b54d6cedab626cb8c800fae10fb5d6207208386c03998b3f39c4c0464e775b8d2c396946affbddcd4af41699f4d0e1c2fbbb9b267ac9be8312e17ec9afbb49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cb057e9bf1169c3b9068dae18e10bdad

SHA1
60b7e2314b349d2bc99a732e97c656ce936ebc6f

SHA256
8667860d622cf95a455e1808d07bfda0730b7911e04bf52c1753c7f626105eee

SHA512
852f695d880df9dda6770c95608ac0de4a0df155da30d1fdc0169af606682abfd9702a85704161b5987a0ec66730ee08ae04542f2b0d41d9a73a6f0dc9614c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b921af7a3b1f3ae9c85b8a7094176530

SHA1
50febe8ab9df3c6e643c51c9fb101541b5e254f2

SHA256
72b7f30e98b24670211f0bb251c009b862636f0504c84723fab1434affdd6f1e

SHA512
40eab6276b135ad4002c243107fd5a4f9ce728c30cfc981fab150f5f65dba6afed2d20277e92bfe8c0c706befdbd57e6bb3f012551ca13888f9b7513057246fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5953e7e80201928c8323645184eb3329

SHA1
cf7aa4f56882250c275c8056df8ca70e1198d89a

SHA256
5544bf1c3f881c14e8f9233ac81390175e080e7cf290d1798cc6ac38e16cece7

SHA512
63fde68b217515e6e17a66f3b69fade7e95263c312968aedc7fecccac83293edb5bc038e30d512f70d18cb9555c2a872d4506b6b443b5427518c69ac4901251a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
581f2621579ff4eab68f2083e65768d2

SHA1
dcd9b4af0157db26373a7a045d39c340c5093ca7

SHA256
a060cbec935cb127dc02f00968827811fbc31b703ebee63fcec72cf5a9770177

SHA512
13bb46be351d52655aecb84904ced9c26262bb0ed8647c57d36cc9f2e5ff8f8fa49cb64505904fdfd0b085a3e1d66d2c98cc1840bc1f1cc0131b4a6377c3e11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0deea695aef1495dd01cb2edb718e751

SHA1
fd038b3a9321294b8baceaab3ada7db9d40986b9

SHA256
f78fc089710726cff50b8504fa2f9a0d0d98c9f39472dff9cc1a7ef53f0a9bf4

SHA512
513c2871059c7fdb8c9353cc653a46047268cfbe370f1914642afaf8c8c64a3e468ea7e0c78cf4dcee806ee3783abc87c7f0a4613e72a4b2b2373889dfe5be98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6f45917de7264bea2f6803af6901f831

SHA1
5406a3c2a9e542b11f8581c416e1ed71b4341daa

SHA256
5d26f8027594dfe179accc514dca914e87987baef490bb3da5563d1895fcf263

SHA512
32fdfb06041614484969520a634f0ea722a563ad96067d5fa275aa6a14ae34b28f437dae93f1cde899bffeb5bc3bd6b540554b98862a57db4292b1ee793bb90a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1b13d10cec3ce4b99f4f7a37b8f0b40

SHA1
22f30cbca31cf6080bf41e1964a352d3e2bd4a71

SHA256
e2c6644743192d84bf07a0bef59de639d3af02afa921bc1b8210fec640e07c53

SHA512
334475a68ed3eb9240daf0f5056bb5d2f474feb0968f0372c1b377c326ab773d41199297f084532aae5c27939567e1eb2b02491809833f8f7529cd3e87b7a5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c1ef796eea1926ced4cb9b6c13b80dc9

SHA1
d78fc591f20acda8f27fce192f957eba22dd0598

SHA256
61165e044eb5231967254dfdc6e5f637ec2ae995eac7ca8e8f126c9660ba75ba

SHA512
173870d3e7e540a60858aa8472edfa34403356a11ed58f8daecb06feb3ac706706f71a4a8bfb03ed1abdadb0233ffb0af7bb1d438e2151bb118bb71408788005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6f87ce7008295fe47b00b2bc38287d3

SHA1
9ff24ed2c603fa61ea7d2f61148d3564ad461833

SHA256
eeadf4d5828da74ca51f8e7d80de79fdc28c9fee0abc4bbc4fc020e79acaaae1

SHA512
b8968b7ac8bcfccba50e2b7e0b77545e2cfb884a7b86dc8b430ca401a841b5794b75efd64fd7b5037431e9772f9b7d301d3a5393ded74efda056940dc9a7d42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d590b705436b349074c9730516c56716

SHA1
545dae2c594f8dd63eebc19fabd55900b7a001cd

SHA256
da4e0974a427913f72174b1fa4fc560396d987ed41ed691409916cb42d914413

SHA512
e11e7aa45fe3b931bbdf7956379dc61f845e19a087eac8e5ebe4783c5ca3d2a602016271e8f1ea4bd2ef9dacca444b93f1fcab0373921246e2ed7350f48cb9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac53f799eac28e0d89925ee5d17a6546

SHA1
7ac662a77a2eea52448ed6e619da951a4ee2b702

SHA256
e3819909204d1e99436296302321516b4136bcad09858057ee35a9467d49fa64

SHA512
33141517e756db3cd99d0734b8944bf75b7a7722f8ce52a31b739e3047264da130248d7219075593fc4e6216cfaeebf59659cb5e8b22a2e4749cf31e246347da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
99315c72c0078122aea1e2e0e41a26e8

SHA1
1d04494fd6fd5bc394405c02e23f8df323394d4a

SHA256
2dcf01b803332137a3a4925f7fc2878c3c6b8be4be77ef359e7f658811446b97

SHA512
7a5404b86f6b5cdddcc12fb9c0f23f4264049ae784faf0be2ff16277eddc09759bcd4f62a6652c87f956255de49f12b12c32dbb5dd228cb99574a963c26ab605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\225d4a03-767a-4248-9e4d-6852f6b9884b\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\28163722-e413-4355-8371-514b6873570e\index-dir\the-real-index

Filesize
2KB

MD5
412fcf91d9135bbf075e0063ba389075

SHA1
805f817a957c2df38528bee7d8fc4fb55f57971e

SHA256
34a7589874c1d89a4dd9bb2b40445bfd49f5e8a0383e604fd00ed651a24e7d3d

SHA512
36d887bf3cac326e89540253e23c7cc06d9be0204fdfb30ed3857c7797f3eecdb1ebde34bc3e8f0322132cbb4aea46b5a008b25bf9e97315910511e0e1b00c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\28163722-e413-4355-8371-514b6873570e\index-dir\the-real-index

Filesize
2KB

MD5
4dabe78bc2085dd762e353b4d2b17465

SHA1
72f81e41980c21c80da7891ca7aff761d8f92d16

SHA256
a0fd94e155adb8eb9f41cd19355440ed8312ff6d59acbcdaa470deeed45abda8

SHA512
dd81659b6d157288e19da84c79067d297ec4e3a90d684ba56d558636d4d86d855cedd777acba772e3a9a1b76246a1a533e1e54ea583241f56ac50b94e0d5f226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\28163722-e413-4355-8371-514b6873570e\index-dir\the-real-index~RFe584d60.TMP

Filesize
48B

MD5
b29b5ec30f459e48e8505f8c9308f891

SHA1
779d5a5ada25f446db52b6a52d3fea44faab4887

SHA256
1791599222d6d81426948f80587ee428cc27641d79ef1c506f0bf15c40bea26d

SHA512
26b510551d70f1860fd7ee85b93faf16d9b913b6a1abdf5f85461b1475dde7bd8d813a6cd1be9a1ac3a3cce614b4b03a248c15a6ec8fd4421ec6594a87b8e591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\603d383e-86c8-42c3-b1be-a0c3453d0fd4\index-dir\the-real-index

Filesize
624B

MD5
845ecf8c104786f1f61b083fd6fd3098

SHA1
5666a2bc8953ca1d3cc3fe1badc40db048fbf00c

SHA256
cbf177a7105d7d7d77e4cd3f32d14eb698044e91d523f126a0c131c5638f92f3

SHA512
74d4fd9f719e4919e1ff26209db5208033cf3d084ba5028ff9e40b03720a1e0f0ebf032b7dc1be7c5d0ac6e58630f5bb57e413da077574d2cfdcd804fde1f42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\603d383e-86c8-42c3-b1be-a0c3453d0fd4\index-dir\the-real-index~RFe5892b6.TMP

Filesize
48B

MD5
feedf4c0164b4851915457875ed80563

SHA1
f6a945b0d6916efa270c2f81d0156d7c67e3c31e

SHA256
5b8cbd6c5a6698f99bfdc1f0d90fee1a364e7122108ae3755a4776034463756a

SHA512
3b1fff8a974580658ba8e9e40ddd7f5f1bcffade1331bf4c60db58693c80892c9c6524963e2f64b26ac374a98e05e246e7f777cce8ea039cdb31ddf24aa70271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
d592672262f1b09b003356864044c77f

SHA1
ff48b713e94c1b21f75ba2d2f5266ec9bbedfbd9

SHA256
90b34b820ac95c45d57a604a5d8a162960ac64f0f1d007f2d6f3093080f149a0

SHA512
30a57034e4e9e9d3a3eeb0780ceb610342f8911668f3c81762eb7b56bc23c828f090fe8e7d705124a9710ab4351c9549acfb83359c877fad3f480eea5d6d938f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
587367b524c2206b7def6e3edd89dc95

SHA1
3a598ae362733121d81bce42ab11f30f5c7f29e5

SHA256
ed4c99cd959ee77cb9a16e64a48415dcbd31464db5ba50819f867fa4b491e6f9

SHA512
324043d86049c29de1db5c7c95a3c7479cca1adb99acfd2681464ef5948c0739f1234a42954d5b220c0c15aa18cef9427440425ddd054ebe396b8ebb7a6a84f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
1171fbbb0cae3bab54493e50cbe12dd9

SHA1
afbf4ed94550ab330c34105e925c52a5b1869dbe

SHA256
f566499c7f81aad1a67f91d281c441306351f06292d9fcb4c01a5d043ff3e1ad

SHA512
3eae87792e56eb1872ea46b3cde92b7f86cdcc85e6cf21c265044991b9bcb353eecc8e36945070317a8061a5d725563b07188bb040e0a139a4f921f1ca7605d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
a73c26ddb91cc411b3be2b75db7409d9

SHA1
ccd93a416bb8cdb50e87e66be1798adb1fcc0413

SHA256
d9ef4ed1893aa6aa5a8dfbd1b6e0ebd6ac9e5076d3995a2236700e68a5174f2f

SHA512
66c586b0ad46bcf1311f0c62ad04e330168a7e92f7f00c0cb099d8ee65ed02e7ae962362d7775066637a1b5ff85083eec1119404b0bc95876aa75d51b2862f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
981c554a4de32a34ddc8fe9066e4bbd4

SHA1
8698f9acadc47186935a588dd8559f2b94ebdc94

SHA256
1f8f7d49f827d285a2e88422e132a72c371d229d3ef0f1a1f7566d1b68bf6179

SHA512
a5667ec0ef163bd70dafb34e5eeb6c1f59f5ca07d2fa9f79ee304823842dada498964fac04118ea11a32683da14d6497c420bf8638fbf9f2ba4cc968f32adcb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
13530832fc32690ddf5900f508227930

SHA1
ef93dd4759be2d26f587dae1555f3eaf2b2944ad

SHA256
7a87449c050f55951c21057510865e35c1cecf2aa0a0f42b7e4aa2df77c8f24e

SHA512
dc602b9f264ece5d78c21455161aa192610b154b05ed533a525a775b14cb91047f54891e95bfb0c112c912c6b10ea29a6e2daec34565eb470780c3a8c6d15ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
32e79a1446651f299bb6818d98e6bbb5

SHA1
cae1bde3c55989f00fd8dbc550d56fe5bde97de0

SHA256
c25f53fb9e85fc7ce1a7eef7bf4e92a853acce21fd8e9e84041ef7b8b7d493b4

SHA512
5c252a6dbc5fada37eb05386f8003647420e507c4114db5d7de2699ae2f48392b5e5928e9c3c07eb62e8ac3c15f040f01132119875b5a1a18fbde997283e5b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
22bdb1708a20701080ca07b933223d52

SHA1
5f8d3193938e159721e8d61796882fa4a92e4033

SHA256
25cab62350b6d5779aa9bfe9f94228b0e61c9971f866a6036a8a195c07341df5

SHA512
7c099f1f5ad2aff322156e0595f98c5d2676e4d714dd040a1387b79e84e50d11b1a13ebceed355b25c6f14ea8838e49b4cc87ae2038ef52bfcf53f312f7c2b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c7f93b7c3b862474813e3f7ac32c6cac

SHA1
6163cc28d76591acc8e667a4e26f327dafbecfcd

SHA256
9fb57b8626ff3e28a8f6a5227be78d2bcdc85a92bb941ba7ad46a2663afbd296

SHA512
92be47b9a9c716182185a4674dd28a5ebd7e5d98ff24ac6da7c670bcee9dba03475d664d41f06d646cc14ce9961ce23f37acfd6752d8e39ca421a92487b38e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
74d023de918b94fe5873724732dc7c5a

SHA1
07ee75d784711ade25979a70233d8fe5718596b0

SHA256
640b4126d0343df8b7b94616c25945eb57a503bf5c189cfc5d6501034599fe92

SHA512
0881123f7e373c5aa6858a43324266da23a175214be6d7eacb3027234f74c9deb0260e9718389320dcb9af63d06328fe17c84266ec1e9e99173e5211bf250daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0ec344f4a83c6e5631dead6ccd86587b

SHA1
285f58d27c1a42743d405a367da34aa35334be3c

SHA256
6d472a25c304a1682b77e46da48ef17085f73e6f6d6a9cbce0b1086e0a5faf3f

SHA512
a42604397214816cdbe74166467adfdf0bb270ce58525aaf8455c4c0c5e1144dfd2cdd973fadea90068662cceb9404cae684a3ff8f335c48ee18c36995c9582a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584a23.TMP

Filesize
48B

MD5
0c8870b29111308a310938f1e2495902

SHA1
f1c816a93a082e39e1d248dcec41bd118f608566

SHA256
4ab3c38b65f5038193f62a62db62f4f76746072e9ab2440d0a63fe028d54025c

SHA512
9ac9e97f20194b6ba65e2ec73941e394bbaece7a7350ffb986b6c1af095cb5a9e190a6a4fb1dc9c3593e812b69bc27d3f7e9efdeecd9f1c83c91110467d841a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382468769078111

Filesize
71KB

MD5
2f656e76e14e614511b0e752ecaac8bb

SHA1
8db8b6d632a3fe346289645bbcfc976df36028df

SHA256
de495d73aac0e04fa90316da20b3e5fe9ab611b0a9c4f9aa8fe9adaf85e7971a

SHA512
4c38af09e8c3cd3158ef573972a8bdd8657dd90bdbb27f576329c0cdf57c3f190021632a1f31a18fbae290f47e469b0aa9c50ad6f943ad5efed02b7c54539585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
fe50bc4fa4aff0196404274dcd354c77

SHA1
2a084bc6cdc2fafd923eba8f3953264ddb6c9c47

SHA256
4a832f4324dbb09fb0e81a31b77c8fc8e8b5e46abe764b5676be0f3f264be21c

SHA512
e7a0f0c13014dd13ef986613f8507effd7e4c927834a9668804dc1ad10f6d2ac3353446972ab29db10126eba8a5dd811596ae89b851c7dcb4eed9144dc2f9c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
602c10434776e0778bb7280c174e9387

SHA1
c475162b911a5242781ab01de895e082b63a93d1

SHA256
ba4642898e91bb71bbff33bcabfa0dfbb570354fb2e85452839885a67b24ff35

SHA512
db519b03f8ebd251ef1a3eea0d8d0a0ce3a82653d0c04059b1994dd2ee93de57fe2ef46bcad676aa9ebefc87214b597169bca3b7077e893ba354f6a43827496a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
b1a33a9ad8018fad1527c403eda08fac

SHA1
c4cdcf5a93e897f0804ce62d858b3d3c8de23d9b

SHA256
bf2c5e99bb1b1b2b1a2f2140157b946510db29a993f4024c0899678a54876e8b

SHA512
0cc060d82f51ad16add4ad7d151d42e97b1e500528c5134bd7aecdd5ecdf019d82eb934403dd37789f37c6dfc7d43f90c7e1afc32b0519826c90d7673fc620ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b15b1cb0a1f9f00b259758aed049b867

SHA1
56588b52d4ae9acb6a0eb923c8b0a1a72bfc8db8

SHA256
37d58f46c6bdc52a858c2576cd93617e69cf8902f9010393d409f421e505742b

SHA512
bde9c1b9a2bec3d22a719637af4937a4620053bdc1f692be02ec177a63035ac3766e074f1e60725897265f084d4e3c4722f9f9adafd894017893b8ce47833941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36ce602054c85c481cca3382a29058ca

SHA1
1c2a24b0397a16b28ed78661f96b23592e616064

SHA256
5660604fa1e82e618fecbb2bc135d1ebba5ac36ba85db449294a1df4508ba35b

SHA512
f16a49dac08d9a7de6cf8888e1c648b6eeb813e16253bcd4b7835fb31da9857dad66b07f2673c5f6b4c5e947fb523db80ee3f2fd6b88722350ec8c8886fb8956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c4e269d1cbe877b17beace689807c26a

SHA1
b2a746d5a5c9d3c5ab9b30d4ea903c081d3747d8

SHA256
1d2b7d8d305668476b9404811d27c9e550a894a6c2540e3dd87505be6560fd98

SHA512
bd04580c2d087d488a9d755a99fd523735a9bdee35c6d2079061989b8d5604ed5430a1bbba9838be80c9538f1d4d5be2fe601e5fdd765c75c1fbe309697d5c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0889b53a1b2b0fccf0ee6c9293a3a7ca

SHA1
051d0bd9f5dea2c29601baf467372f69f0e36b81

SHA256
653608c1c6c56f48380428e5dfed9813c3fddd6fef7c1acfe8461b04c3be1ba3

SHA512
e616bf31c4b09f1c8c28f8d9cbaf51d1e3223d29f2bdc3f2a6acbbcc64ec19f6cbf5a2875571dd9b96546db8da33f57279c2ed0505a21c42491b6f7f7bbe8ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b603cf31c927fd184823dd595c7574a5

SHA1
4788f22c04504b6445019a3bf2c3358d9e249e86

SHA256
d1fbaa92ad9881f46161364ea3715597b79bda5ba95d63cb121c669b25ab2675

SHA512
486f2dbcb8ecc5afc6efa21a85c2d741a8ff3dd14b91858e688feae23c9eb1631b2e5b5bac6ac3cd8c9a8b71814b1cd3e1a50893fce814dbc7b770e0eaac8904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa36c9630db31eadb911ca9b8ebc9954

SHA1
a7677a0992cee1f270fb36a866163015d463f28c

SHA256
a55c0f1237cecedce3a13eef42f0415b162ebf6182f91ca1ca1cd0fc30b34fac

SHA512
587fa670d0046bf78b345832c841fff18ade463619fbc5c51093a18eef82dd8a71a761763ab6b12b0d2abb6f5dad012a5d1a25b2914c1c840416f9d0293b60c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
efd1b3490021db7832d41a45b84e7a5f

SHA1
a2b2b9dbf893456aa6bc431df20417eb0fd46202

SHA256
c41b204401846f48b37fb11da1488e8973e8957036a5d0da2de6ca9d9b952ce9

SHA512
3adc8cf4ff2b84c4ed09cd1c1bcfb36bbaee10601d315bb170144ffe15b5bc8b9628a1e158a897c6eb0532bbd133d8f7d0e0364d11a12c4d4a6163a9c353875a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fd3c622d71c89733041e486ef50c91d7

SHA1
02fdb0d2ce0c4913ef046de668be91e9c5a8c39d

SHA256
08dde974bec5340014e1145e4aefc2bfb44d7f66606a72dba117b504ae4bd231

SHA512
91731082698fd967cd3e695e9a447c71c2f4ea66bde157f455ae2406e972448620d011e685789152edfe7cc3d3d566ee6d607a889737edf0bcf60b26f6714dae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587402.TMP

Filesize
1KB

MD5
bc6762f3854acdca1f33aaf8a636f36f

SHA1
303ef7961e1b027b764b6ab3c300c99d7364e73c

SHA256
c31883e2fffc1b3271342433b21a1b29377f8a19355043ca1104ac951a4ef11f

SHA512
412aaf32b0685a40201179a98977bd710567f2bfe643f285228d37f93cc8fddfc4a41a7811a48cf438b632fd0b1d7512ff20d8cfa1094019ceb701d2984c1afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
15a1381322c18400917f0478f57e6d35

SHA1
922e451c53a8f667669b5bd10057fda0c91b365f

SHA256
7453f17a2151484c86c197717c52f71d7a457415598c26b943ffae020f44d986

SHA512
75e554ac03359dbe4c23865eac02a90fa629d280e7b0dc0643a7d72cfb30f61dc03f06f4e04830bfe84c2542601de93063df9a4504ecc33dfe8b08bd9f50267a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f85b125a359cb3a5fda5267677ff22fa

SHA1
8ac89248613b1840b99265e9c9222d46850cd336

SHA256
ba993d3f1e2139fb8334196fb910f261d19af3d13d162af086dfb7625d2c25d3

SHA512
62f6e3b1b3a7398e3ccf1eb98c4565b4a9339de3efeaaf4f0286db1832b0972836d9c940c1986937907c7ae2cbcccbcccc183c19901c9cc7e7c0f79d76332108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
84KB

MD5
33e8f206e09607c14f45d0bef7922369

SHA1
7498e4209be419dd8f2a7314f5d515c9c082824a

SHA256
f7f46f669a387cf54d7976fbf63883a0b0cd531c068c27fac1c42016a24d74de

SHA512
f2cea0f0d780517fddef258df99782d300114584ffdb5b940a4fa834d15c2bc2f7ebd335a59f1f617e0c037d39088ee0bb4e170fa93177e638c58ca0723d2eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
36640f2a33fa35ce2f3efe28f46ea43d

SHA1
70253c46c17ccb5b2138055667aabebc52faafbe

SHA256
0338d7a302638291378035e597a8ae02dcc2e16a65a4ba35ffae4c7a60f1e872

SHA512
c34a03dfe40221557444151259b157799a1b2e93780721622f4875bf932c7055d80e2fa6763c8bba5365bc1b508f2907b4584f28cc371f7345786f0b6ff52b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a0e83516a0af794229f1d38bf5974a89

SHA1
498d56fa86b735d7b481f3ed04b51864c6f0a92e

SHA256
42294450f67c1b9bf9e81e7ff4e5321577634bcff30e271003b306f71faddc16

SHA512
ac9637ed4ee386f2bb807c1f62220901a0ebf6f0d0a5a03a28e77ed3aaca2784815833f576219cd47af3d892a0149fe348d84cfc41051155272c068a7dafcf2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cdddeb44a1e95393b57df4eec694d437

SHA1
0ffa03d04ce0999744b0bf859e87d82d456c84e7

SHA256
e17ba279ec5a52b061642a6d43fa7376ca90dd8bebc8c191f8868ad5887affd5

SHA512
9c494ea01b202c2e85276c02438fe974389b5234a39149bf121ea9539e5a2518e1f9253566ce1fbd7b43dc31cb510e22e48574d354a976af40176833ceda03d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e96744b894c561d28b5f574b564ae49c

SHA1
a19d182c19f1a318252155ff8a02834069f4a5de

SHA256
4ae7e46a63a6953117d9518b4ad4b9cd57bda623179dfa3e22807a8102fcfe5a

SHA512
5f0b0098c059a70a28b3d596b62f67584a32cdf41222f0a6ac38f05975b37bacff4d295710027362baaf6d06ba07f3d1c323c6e6fa48379c1ebabdab8acf42a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fd337ce97be2c29e9d67c6182e6710fa

SHA1
85035f33e329bd153afe89208f31b4fe530a16b7

SHA256
22c09424f06c2d468eefcc5ca1bdf103e953b3a766c45dd8e49909e2cb465d4b

SHA512
390062d43288cada581cbf1e13add61b2d94f71f09423c7c267d40e1096b0df487b7c0c9182162a79554ebd8bcb6f271ac6afd415e6d87cde5c706207919e54f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
39c12b8be0ab4191d153c18f0e495bea

SHA1
81c031d79ad7ed58be83184898ff8c691ffed3c2

SHA256
a743e86bf84fbab2ce0a83dd3d848ca9be0760c3f76fe9d72ad30d159e4c10b5

SHA512
b200e0b4e34c5bd21104708aeeb30d8cd2024c21800e807b1195d70a7eda34bbc9613cc6935593c831bad044db68a4019ca52ea2cf4c10db9168e5fec7e77ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
e5b375e2997d5560d479377caaf93b55

SHA1
493cdf93505714478ab1b4e10cf325b10b09be44

SHA256
3c9fcdf9db91b97b7dc2e6440075683d49d6e3b3412d27319cbd662756085155

SHA512
5da2d282bbb1268f0a4454bc96970230a3010450be34e6cd3a7725cf652d29ee4df6a175ca4aa50a95f2d072aa06ddc2a058288f4b92f9a6136b3496f54ea0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
bc85c1fff276eee17d23cd67500a9ae1

SHA1
bea1aeb9947c780b6a3ffbbdb4ef6af05cc4e40f

SHA256
bf52f80f7fcc384be9a372641fc5f4ff8645c4a9419b66e3eebcd6df99b1f2c7

SHA512
01d33850e1947e4a479c13a0527f3f209a7eba1b64f0351c28b622170c16f6622bbe5824b246cb29c762a99cd932f8d3a25ff67fa2f72a227c4bebb77e524cce

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
04795b212632f45cda752bf9a9282d24

SHA1
7b6265990027ce8ccfb92eba69ef2d649f0981fd

SHA256
011c907ffc19b5b2c66cce0a5473395aa9b8db578cec0d0b7743a1847cdbfed5

SHA512
214f757c19f59c169e134f71ce5aa5e33657b9e1ced26443e9397b966fdcddb82fc6b45dcfb5aa4b9c6f09b64d39d7cc3ed09ffaa9f84820cdd977b5021a75d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0bb2edcb16574e37f7f2171af7bf3aeb

SHA1
de01fe7256a1f62d09f10351a6ce3a9edcd0c569

SHA256
9e7e6d3f138a1a5dae9616ac4a474cd7d045191ff2d6b8253e0351132f4536ed

SHA512
32f85683b2eac94d17b6f9361a39a8849d1256065db29cfbf17773900a76b0dbecc1075ff6da0c9ffa8f5a1866b52ed1995d98f6743a386047681d816a18b1a3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ee6f2b2512bcdd870d50d50faa34f77c

SHA1
d6704d81efd4cc63b4e922367ff61bce6b6c7b05

SHA256
14e79df438457673c3d54b94d98a3970a360ad22ff413405cc5fd3f866bbbf4a

SHA512
98abb63394fdfc14737e5f4f60cf110a6f778565fe4ad5272fcf348b779dc9439cdea9481c7a5a7644a8b7cff31b25bdbc6334f13542625c40b766da569f8056

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/2052-1669-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1673-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1648-0x0000027223E80000-0x0000027223E90000-memory.dmp

Filesize
64KB

Download
memory/2052-1632-0x0000027223D80000-0x0000027223D90000-memory.dmp

Filesize
64KB

Download
memory/2052-1664-0x000002722C470000-0x000002722C471000-memory.dmp

Filesize
4KB

Download
memory/2052-1665-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1666-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1700-0x000002722C310000-0x000002722C311000-memory.dmp

Filesize
4KB

Download
memory/2052-1699-0x000002722C200000-0x000002722C201000-memory.dmp

Filesize
4KB

Download
memory/2052-1698-0x000002722C200000-0x000002722C201000-memory.dmp

Filesize
4KB

Download
memory/2052-1696-0x000002722C1F0000-0x000002722C1F1000-memory.dmp

Filesize
4KB

Download
memory/2052-1684-0x000002722BFF0000-0x000002722BFF1000-memory.dmp

Filesize
4KB

Download
memory/2052-1681-0x000002722C0B0000-0x000002722C0B1000-memory.dmp

Filesize
4KB

Download
memory/2052-1678-0x000002722C0C0000-0x000002722C0C1000-memory.dmp

Filesize
4KB

Download
memory/2052-1676-0x000002722C0B0000-0x000002722C0B1000-memory.dmp

Filesize
4KB

Download
memory/2052-1675-0x000002722C0C0000-0x000002722C0C1000-memory.dmp

Filesize
4KB

Download
memory/2052-1674-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1667-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1672-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1671-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1670-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/2052-1668-0x000002722C4A0000-0x000002722C4A1000-memory.dmp

Filesize
4KB

Download
memory/3276-1736-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1732-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1738-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1733-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1728-0x0000000008B70000-0x0000000008B80000-memory.dmp

Filesize
64KB

Download
memory/3276-1729-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1731-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1730-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1737-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1734-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download
memory/3276-1735-0x0000000008C40000-0x0000000008C50000-memory.dmp

Filesize
64KB

Download