asyncrat | 3d2a8a19a8ce6ceb2c518866049c909db9169b5cc4d18f1e7274033251684fd2

Analysis

max time kernel
545s
max time network
545s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2025, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client.exe
Size

74KB
MD5

64d4457478c38fa5962d23ea071683ce
SHA1

159352f557fa985db10a2c0a90da7fdaf2be8fe8
SHA256

3d2a8a19a8ce6ceb2c518866049c909db9169b5cc4d18f1e7274033251684fd2
SHA512

cb1c0de9fced110da8d959f86a97445f2f033fa631bfd03575889f5dd27a2fd4ab35e77629860425279f561a993d7fb34fc33f4e94fecf9569a36ebb33077899
SSDEEP

1536:8UUPcxVteCW7PMVee9VdQuDI6H1bf/dJeQzcBLVclN:8UmcxV4x7PMVee9VdQsH1bfneQYBY

Score

10^/10

asyncrat stormkitty default defense_evasion discovery persistence privilege_escalation rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

147.185.221.25:46315

Mutex

tpbheqpeeyi

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 1 IoCs

resource	yara_rule
behavioral1/memory/1432-1259-0x000000001D5A0000-0x000000001D6C2000-memory.dmp	family_stormkitty

Stormkitty family
stormkitty
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098

Modifies Windows Firewall 2 TTPs 2 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1144	netsh.exe
3972	netsh.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
1036	ARP.EXE

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
3080	tasklist.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
400	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
discovery

Local Groups
T1069.001

System Network Connections Discovery 1 TTPs 1 IoCs

Attempt to get a listing of network connections.

discovery

System Network Connections Discovery

T1049

pid	Process
3344	NETSTAT.EXE

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Collects information from the system 1 TTPs 1 IoCs

Uses WMIC.exe to find detailed system information.

Data from Local System

T1005

pid	Process
3916	WMIC.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
3572	ipconfig.exe
3344	NETSTAT.EXE

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
1252	systeminfo.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1432	Client.exe
1432	Client.exe
1432	Client.exe
1432	Client.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
1432	Client.exe
4416	taskmgr.exe
4416	taskmgr.exe
1432	Client.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
1432	Client.exe
1432	Client.exe
1432	Client.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
1432	Client.exe
1432	Client.exe
1432	Client.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4416	taskmgr.exe
1432	Client.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1432	Client.exe
Token: SeIncreaseQuotaPrivilege	3916	WMIC.exe
Token: SeSecurityPrivilege	3916	WMIC.exe
Token: SeTakeOwnershipPrivilege	3916	WMIC.exe
Token: SeLoadDriverPrivilege	3916	WMIC.exe
Token: SeSystemProfilePrivilege	3916	WMIC.exe
Token: SeSystemtimePrivilege	3916	WMIC.exe
Token: SeProfSingleProcessPrivilege	3916	WMIC.exe
Token: SeIncBasePriorityPrivilege	3916	WMIC.exe
Token: SeCreatePagefilePrivilege	3916	WMIC.exe
Token: SeBackupPrivilege	3916	WMIC.exe
Token: SeRestorePrivilege	3916	WMIC.exe
Token: SeShutdownPrivilege	3916	WMIC.exe
Token: SeDebugPrivilege	3916	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3916	WMIC.exe
Token: SeRemoteShutdownPrivilege	3916	WMIC.exe
Token: SeUndockPrivilege	3916	WMIC.exe
Token: SeManageVolumePrivilege	3916	WMIC.exe
Token: 33	3916	WMIC.exe
Token: 34	3916	WMIC.exe
Token: 35	3916	WMIC.exe
Token: 36	3916	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3916	WMIC.exe
Token: SeSecurityPrivilege	3916	WMIC.exe
Token: SeTakeOwnershipPrivilege	3916	WMIC.exe
Token: SeLoadDriverPrivilege	3916	WMIC.exe
Token: SeSystemProfilePrivilege	3916	WMIC.exe
Token: SeSystemtimePrivilege	3916	WMIC.exe
Token: SeProfSingleProcessPrivilege	3916	WMIC.exe
Token: SeIncBasePriorityPrivilege	3916	WMIC.exe
Token: SeCreatePagefilePrivilege	3916	WMIC.exe
Token: SeBackupPrivilege	3916	WMIC.exe
Token: SeRestorePrivilege	3916	WMIC.exe
Token: SeShutdownPrivilege	3916	WMIC.exe
Token: SeDebugPrivilege	3916	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3916	WMIC.exe
Token: SeRemoteShutdownPrivilege	3916	WMIC.exe
Token: SeUndockPrivilege	3916	WMIC.exe
Token: SeManageVolumePrivilege	3916	WMIC.exe
Token: 33	3916	WMIC.exe
Token: 34	3916	WMIC.exe
Token: 35	3916	WMIC.exe
Token: 36	3916	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2344	WMIC.exe
Token: SeSecurityPrivilege	2344	WMIC.exe
Token: SeTakeOwnershipPrivilege	2344	WMIC.exe
Token: SeLoadDriverPrivilege	2344	WMIC.exe
Token: SeSystemProfilePrivilege	2344	WMIC.exe
Token: SeSystemtimePrivilege	2344	WMIC.exe
Token: SeProfSingleProcessPrivilege	2344	WMIC.exe
Token: SeIncBasePriorityPrivilege	2344	WMIC.exe
Token: SeCreatePagefilePrivilege	2344	WMIC.exe
Token: SeBackupPrivilege	2344	WMIC.exe
Token: SeRestorePrivilege	2344	WMIC.exe
Token: SeShutdownPrivilege	2344	WMIC.exe
Token: SeDebugPrivilege	2344	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2344	WMIC.exe
Token: SeRemoteShutdownPrivilege	2344	WMIC.exe
Token: SeUndockPrivilege	2344	WMIC.exe
Token: SeManageVolumePrivilege	2344	WMIC.exe
Token: 33	2344	WMIC.exe
Token: 34	2344	WMIC.exe
Token: 35	2344	WMIC.exe
Token: 36	2344	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
1432	Client.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
1432	Client.exe
4416	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe
4416	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1432	Client.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 972	1432	Client.exe	93
PID 1432 wrote to memory of 972	1432	Client.exe	93
PID 972 wrote to memory of 1252	972	cmd.exe	95
PID 972 wrote to memory of 1252	972	cmd.exe	95
PID 972 wrote to memory of 4180	972	cmd.exe	97
PID 972 wrote to memory of 4180	972	cmd.exe	97
PID 972 wrote to memory of 3916	972	cmd.exe	98
PID 972 wrote to memory of 3916	972	cmd.exe	98
PID 972 wrote to memory of 2428	972	cmd.exe	99
PID 972 wrote to memory of 2428	972	cmd.exe	99
PID 2428 wrote to memory of 4568	2428	net.exe	100
PID 2428 wrote to memory of 4568	2428	net.exe	100
PID 972 wrote to memory of 4504	972	cmd.exe	101
PID 972 wrote to memory of 4504	972	cmd.exe	101
PID 4504 wrote to memory of 1048	4504	query.exe	102
PID 4504 wrote to memory of 1048	4504	query.exe	102
PID 972 wrote to memory of 1824	972	cmd.exe	103
PID 972 wrote to memory of 1824	972	cmd.exe	103
PID 1824 wrote to memory of 3128	1824	net.exe	104
PID 1824 wrote to memory of 3128	1824	net.exe	104
PID 972 wrote to memory of 3212	972	cmd.exe	105
PID 972 wrote to memory of 3212	972	cmd.exe	105
PID 3212 wrote to memory of 2852	3212	net.exe	106
PID 3212 wrote to memory of 2852	3212	net.exe	106
PID 972 wrote to memory of 4456	972	cmd.exe	107
PID 972 wrote to memory of 4456	972	cmd.exe	107
PID 4456 wrote to memory of 3948	4456	net.exe	108
PID 4456 wrote to memory of 3948	4456	net.exe	108
PID 972 wrote to memory of 3884	972	cmd.exe	109
PID 972 wrote to memory of 3884	972	cmd.exe	109
PID 3884 wrote to memory of 4964	3884	net.exe	110
PID 3884 wrote to memory of 4964	3884	net.exe	110
PID 972 wrote to memory of 2344	972	cmd.exe	111
PID 972 wrote to memory of 2344	972	cmd.exe	111
PID 972 wrote to memory of 3080	972	cmd.exe	112
PID 972 wrote to memory of 3080	972	cmd.exe	112
PID 972 wrote to memory of 3572	972	cmd.exe	113
PID 972 wrote to memory of 3572	972	cmd.exe	113
PID 972 wrote to memory of 3556	972	cmd.exe	114
PID 972 wrote to memory of 3556	972	cmd.exe	114
PID 972 wrote to memory of 1036	972	cmd.exe	115
PID 972 wrote to memory of 1036	972	cmd.exe	115
PID 972 wrote to memory of 3344	972	cmd.exe	116
PID 972 wrote to memory of 3344	972	cmd.exe	116
PID 972 wrote to memory of 400	972	cmd.exe	117
PID 972 wrote to memory of 400	972	cmd.exe	117
PID 972 wrote to memory of 1144	972	cmd.exe	118
PID 972 wrote to memory of 1144	972	cmd.exe	118
PID 972 wrote to memory of 3972	972	cmd.exe	119
PID 972 wrote to memory of 3972	972	cmd.exe	119
PID 1432 wrote to memory of 4896	1432	Client.exe	121
PID 1432 wrote to memory of 4896	1432	Client.exe	121
PID 4896 wrote to memory of 1252	4896	cmd.exe	123
PID 4896 wrote to memory of 1252	4896	cmd.exe	123
PID 1432 wrote to memory of 3200	1432	Client.exe	124
PID 1432 wrote to memory of 3200	1432	Client.exe	124
PID 3200 wrote to memory of 2908	3200	msedge.exe	125
PID 3200 wrote to memory of 2908	3200	msedge.exe	125
PID 3200 wrote to memory of 4204	3200	msedge.exe	126
PID 3200 wrote to memory of 4204	3200	msedge.exe	126
PID 3200 wrote to memory of 4204	3200	msedge.exe	126
PID 3200 wrote to memory of 4204	3200	msedge.exe	126
PID 3200 wrote to memory of 4204	3200	msedge.exe	126
PID 3200 wrote to memory of 4204	3200	msedge.exe	126

C:\Users\Admin\AppData\Local\Temp\Client.exe
"C:\Users\Admin\AppData\Local\Temp\Client.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:972
- - C:\Windows\system32\systeminfo.exe
    systeminfo
    3⤵
    - Gathers system information
    PID:1252
- - C:\Windows\system32\HOSTNAME.EXE
    hostname
    3⤵
    PID:4180
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic logicaldisk get caption,description,providername
    3⤵
    - Collects information from the system
    - Suspicious use of AdjustPrivilegeToken
    PID:3916
- - C:\Windows\system32\net.exe
    net user
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user
      4⤵
      PID:4568
- - C:\Windows\system32\query.exe
    query user
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4504
  - - C:\Windows\system32\quser.exe
      "C:\Windows\system32\quser.exe"
      4⤵
      PID:1048
- - C:\Windows\system32\net.exe
    net localgroup
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1824
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 localgroup
      4⤵
      PID:3128
- - C:\Windows\system32\net.exe
    net localgroup administrators
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3212
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 localgroup administrators
      4⤵
      PID:2852
- - C:\Windows\system32\net.exe
    net user guest
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4456
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user guest
      4⤵
      PID:3948
- - C:\Windows\system32\net.exe
    net user administrator
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3884
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 user administrator
      4⤵
      PID:4964
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic startup get caption,command
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2344
- - C:\Windows\system32\tasklist.exe
    tasklist /svc
    3⤵
    - Enumerates processes with tasklist
    PID:3080
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:3572
- - C:\Windows\system32\ROUTE.EXE
    route print
    3⤵
    PID:3556
- - C:\Windows\system32\ARP.EXE
    arp -a
    3⤵
    - Network Service Discovery
    PID:1036
- - C:\Windows\system32\NETSTAT.EXE
    netstat -ano
    3⤵
    - System Network Connections Discovery
    - Gathers network information
    PID:3344
- - C:\Windows\system32\sc.exe
    sc query type= service state= all
    3⤵
    - Launches sc.exe
    PID:400
- - C:\Windows\system32\netsh.exe
    netsh firewall show state
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:1144
- - C:\Windows\system32\netsh.exe
    netsh firewall show config
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:3972
- C:\Windows\SYSTEM32\cmd.exe
  "cmd"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\system32\whoami.exe
    whoami
    3⤵
    PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd2ae46f8,0x7fffd2ae4708,0x7fffd2ae4718
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14037650226308719400,10212355613762629636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
    3⤵
    PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14037650226308719400,10212355613762629636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    PID:2392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14037650226308719400,10212355613762629636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14037650226308719400,10212355613762629636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14037650226308719400,10212355613762629636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14037650226308719400,10212355613762629636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
    3⤵
    PID:4008

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd2ae46f8,0x7fffd2ae4708,0x7fffd2ae4718
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,9479441111081099171,16077166987801248925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd2ae46f8,0x7fffd2ae4708,0x7fffd2ae4718
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,11822640194264952196,12427084303097541001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Account Manipulation

T1098

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Peripheral Device Discovery

T1120

Permission Groups Discovery

T1069

Local Groups

T1069.001

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Network Connections Discovery

T1049

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c458389d0b861942eee70c0ed95a070b

SHA1
8ed291d32fe28b859047fc703f909f7098871a4f

SHA256
12cfc38e3e9aa95cd98c76de9cbcaa6a68ae5eec567a62e419be552090673d25

SHA512
f81ec9ba07d17fa136d9eaceee57d2825c56380f11ce180e0377022fc7870651ac32f70d1b7c377b16c5fc949c7c66192874df4a7af81885ee9b20c3131264f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e94bbf2d6696b0fc59fe3a5fe96d6847

SHA1
64dc3d26e04462f5d53bb78e7b3bbd26f11a7cbd

SHA256
5287e8784d476f0eb1c83fba611248fdc2744ed9329a35033d4a0fcce42dfecd

SHA512
5a27a354179e5de403643c08777af3fcb767bb8c5187af951606f1b6677cb4ce55120796b87a76ad8caf5199914cee1007206bf6f61cb231cabcc70eb5d9d6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f33275078b77e641c049e3aee9816a4

SHA1
dcd69768ce2341a4cbb0bf30660ee3ba9e1de2d0

SHA256
6792bcb7871b931f6404826588ce2f2a176d463e8ae8892314baf40311f28d5c

SHA512
6b1f1a7f21654f8662c2b4262dd3968ca8ad5408051e052b297270edd3b440d945d9fc3f7cb100ec2078a9a837ed380cab05b34cf741dfe627b042977cdb17d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
50236cd957789ed0d1b6564c7f0ecfae

SHA1
4c9e4dac57ab9ffb5bc55154d6ff89f1e6c1d5f4

SHA256
5820467c07d06249a1462b7c9deeb0801a8a6475ea19637397b9bbbc95f90fcd

SHA512
1cbf4be5224fecf811bf81361d6d282810de016194b17e2002d510287d384048272215b813838912eebcdddb1f657ade0aa3c122871c9d636b6a8fa8e74535d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0504c0d0b9c007a767de8a404f2ec484

SHA1
73b1066ce283079341bc94a3e5c65535f0523145

SHA256
3469f4679beea250ce59f3fa4721e48f81587735f44e0fa2b70638b78dbf8a2d

SHA512
c6c0c6edbaab3b92832c4140916e99ca6725b79e5d3a43ad59ebd94a567458ef79923e2236b43344ecb6fd75442d0c7779b024edbd1bf9035a2a86ba7e5ce606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9417350a6273a176da4ec875380c05d1

SHA1
a797bd099abc2df791cedd434037eeaa57d0bd59

SHA256
0249fe72db0482797308e1aadbe5dad62713796038bd6ecdb7f836c083a3b452

SHA512
dad4eaaf49457b0b535cf5a352621d9aa61d4d65268317310a9f421420de32b3ff512d8a5d3d9b0ea9deba41551e2a0e5158c915ae818e05b6b80edcf5d108f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1723dee39196fc8ca877953f918944d1

SHA1
a4a9564d6585a150b2f0f45ccf643c5e17764ac7

SHA256
7891c41f5f620a0941650ea3f466a76265a31b9b40796ce7289ee4b0b81ce894

SHA512
ba66f70437104128425a729c19fd587f2bbf25a5bae6d391f49be7a8da2cd9c979f09272fbb5548b8814db096ad8f363900d477d5ee4514cd67ba3a42935cf98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
dd9fbda7cc19da5ca86f70a80437645e

SHA1
59a6f0b57f4cf8866b552afd715bacdbf36c8eaf

SHA256
a1da34f479c4c5810171fe9555483e0bed40a93338f715c7120d8530b7c1e714

SHA512
10a70ca37e62f7c08bd9730873342b0011f2762bb8f0fc8c51927a7a5e7ac0bb9e19d83d8322fafb04a6198bc0d8fb85d9fc1bdb0de7324af1aa88b6c0278928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
b35760b9e552c66af93a2ff0d52d28ee

SHA1
e785a2532ce4d03592ae42975535fad7bcd486d0

SHA256
42915f59b603a90430930b2954a4fbf6817b7f042dcbf802dad8fdb1d73fef8f

SHA512
09fc77e447f855a63d1e4d84c300ec9b32e11ede2da49c7b6decb455d8887995e4f4c5f0c811a21a08f10ea74cc2ac84d5dee1047da44fffcec1a1ab872cff96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
435KB

MD5
782b7fc18a24ee997efd9a7f02fa4bf9

SHA1
db1f15bf56aa30ec79bb6a9d2632fe2a12de099b

SHA256
c45388c0937dde58151ba6f3d2225751b8b89ac001be1ef1f40134c61d391b8e

SHA512
c08790580afe4c89fd3e6cf9dbb4b26548b4a686b1e9bcc3a9dbc6fdcad49e84a0a5ec2ea7f3935308ac059af040af3879e29f3c0e2150d7687bd02fe5f4daf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
673dd47445cffffaaae7f3ffe6dadcfd

SHA1
14f3c694d6ef5c5a03d233de9f2e7c391ef3ac34

SHA256
a9657528abefd571781a69805fbd0f7880bdd5d397e07c5c0f25f150e4cdfbea

SHA512
cc3883664fa0f9d88db3d7c958a0dac9ff9d0eff1c4b4c1d6b918ef061eb11b5270e7a0d7e64b65cca517dabcc40a701f6b85d9c749509d154fee979e9713fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ec863d98b02859739265e6abcfaf3c9

SHA1
58392ba09f96a938b49fc039ac6d55dd10d9daf1

SHA256
66429885219e2ce0dfa6aba037772855d17a10a092e441c146e1e18682a2d895

SHA512
97cd17261fc8ba8b589a39f761ea9704f7b83e960a9431089a04392fe48a6d06e34f7d5406c17f78d0c1869e0c0056b3f6b8d12b58d6b60e9c06f084e13b01da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
012fc73dea98fed62abb6fce8259b6f9

SHA1
83e7c87066b7608b68565b5133c707056106e3d1

SHA256
393e3f56d4fd759eb56b07d8a51f149645b53dc314150c65df03a4d2182627eb

SHA512
e2b8fe8f0c7e6847f2e9ea7e93468df04f6cc44f8b54fd4668d8d6a3eb4437561c57d57658b3ec6debe632554f277ce8b395f2671bb1f66bc8b990094865c7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
e905bbecb1c96960fc78ff500aae3e36

SHA1
f9b5eea24320396c499a17ebb8c001d68ef1dba9

SHA256
c10876cc6e6a86e2b5724868f44a6f4a7b79a416008796295c3a4afb8c8d1677

SHA512
ac8bef9a2ee20865b8a18fc2f39c77a0994e27d2e3b7cea5d58ad5598cba8062e62607ca597c5cada868d989b816a3150de429d6976d47d27086561f484b9fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
8c1eea030463d3d50ef213c6a13a5360

SHA1
d6e51701cd746963ec083dfc32e6892f9d5a0f9c

SHA256
b6634fa837fd453cfc4c89b2d40690b85df4d4abfba113224f13de3c53e45930

SHA512
bf8c4960a75f0aab1c0eaf1c0d535d3bfd3b88db1c709aa1d39c2c9fe3206f0fd8663efa880aec33e9d989cccc0d0b6ad6b21f6f14c17d8d68cf9aa64e188cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
85287fe80f119a471dca8bb7531eb6f4

SHA1
06383f13d6a0d483ea9a7c8bbec9e84fa7fd110f

SHA256
06c77d0a030b7a642b8255ac0e2d3d1a0a2405f5bdb1c7af6d12784b3ada520d

SHA512
445be72e73cb56c3b674c3798078d17a49143b26240d14a0569aab5fb97211cde21a51f5541b6b78af17e89e4c8903f7fd50b28a5b124b5cb14e3e6c8e0f1355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
d95b521576a3e67d9d7e2c066aa10264

SHA1
b6fe148a80d7f1ddeb95b2996d467e1f7ddc3a93

SHA256
b3f8d3c6807bcf1a8a4982927859bc0631b48eb4351c637aaf4ec2e220a6588a

SHA512
ee647656e7def49dbf7cfb76c1ac7f0a83a63fdd3f73ea8480a8db0675e66d8845f11cc1dfdb513de8696beb7c22560e36ee1f8ce677e683a7652db78cd57fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d50c661b11891338b4fc29a9a7469ed0

SHA1
4b24b194ecc8c4eb6e65d945e9f9abb618793ecf

SHA256
7935c97ba39517e2f57dac79d1d6b8fbd49c9181efd05c18bad3904321ec23b0

SHA512
1460e2138538731a0ed9a710deab77ae2538541117e67fba8c6ff63d22cb2a3a0e8e119f4ccd93c00df414c183c03f7e72065524884c785ce693fac258113414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
321B

MD5
4d8ff399aeb7f73db2e8138693c94169

SHA1
fc96aac1016b48732ca076c4e640765d3f3080bd

SHA256
282c133bf5d7fe51efc89bc85f1868e395af13a04f4889daa17f9a932fb1951d

SHA512
d7d2a841dcf68e0839ceb4202d30360d3b651d6aadd316ecccac6e96bf56bf1718f8ef406e4369794b1f884d249225ca85f434cf32e25ce8a2ff540e092a22df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
63b1ffd564ef7b9fe056b5c1a98c9dec

SHA1
d51d80c96c1a46450c79a76ca56b1f3e1b14dd7b

SHA256
ae3597e967db0ca6ddec65b8c857de59c4ba1d2df6283edda7acf1d0a8ff94a2

SHA512
cc42398bcb29d42dbb14e154a0f54f7367649fa0435dc4bd48d78b8186b62c21745aabb18649fcce81988786bdee3f4ff30639416fe3b190cafd2bb51b6479d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
9559f0827aa9c770bab1a1fb6f5adbd6

SHA1
165154c727687ecc2aa5b56e6ec5b27e826aecbc

SHA256
77c58c152a9667b80073be223d3b6ae230afd64be0b5aa8ed31158500fede79a

SHA512
58b16f59a6651e423d64156a0b956ef4ce9b8bd1df0de81c8b05f635751558f7f73d2d58f226e46ad1d4eea511dbc3b2cae44b4b4c461579aff510942246d3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe5e53bb.TMP

Filesize
671B

MD5
31a8a23f66c932d0d46e588ff411a4eb

SHA1
4a96a107c6394ed253481410323635425d2c1d91

SHA256
21847a94fedeafd8c09aefd63ecd518cf1d16ae65d92ba1bf30d2cf0dcc73671

SHA512
d4b373c8af43fcbf8e6ca7b0b6db88ff8600e05ed4823a9951f46f7ef29e4b2d902040cc84bc17ed41520406b79bb25410523e93285b0ea949fd9d6f4f478545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
74f752ced0b902d52b72134b3450cbcb

SHA1
860ac667267a263c07a98b84de2627eba371ebef

SHA256
05478ce604907f1243fae143c11ee499ba8fd6e643f88b15b5f1f9d240ad08eb

SHA512
b16041aa044b32ac0b5658c8b740e0ca030f2b7041562473cc4770bb342399d8b6c2d64342d1b72aa78f6ca76a9586840a8274e98abed75a52bab4ab802e7661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
25KB

MD5
1a4c0da5b2f12e2c8efc0897be8e7146

SHA1
34524b98a3dd3b3666a54749577ea444dea118a6

SHA256
c0a82d2db8c65f3ea7b21ce7aefafc3a863f543ca495e5d0e965e85d6e9147bc

SHA512
8d6ecf18bc634b6978e1311aa9cb1c11b34957c5afcd2c27f1be87520be71ea863769c672267166d22d49daa31f6ab9aa39e855578bc8d1d1e88e5b0ffdfab76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f7781969b285804b2d7931c85ce9b2b8

SHA1
5e0c3d514d9515dd4333f149ffbbdccab7d97c09

SHA256
8cf25f4990c2240e4d8365487ea6891f69aefb81e023f7041faf08fdf0f1c60f

SHA512
52e0b2acf8df99d8213343182efc816a5ed851b69fc2c98d99025b498ad963866773af3827e01091031ce007ca351523230e26fbf2f5b30f0f381d91a6f0f4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
689B

MD5
1740b6d4a97929f4706690a09bc8adde

SHA1
8da7f22126d64bd41d72e8347071fa32045328cf

SHA256
d4e992a1375be321b467c279fa691d56766868a0827ba8125f4736acd139a315

SHA512
8627d8ac7b6a5897e5642ccd9376a5d379c2bd995ae5eb4afdbc9b4422759d9b92b2f93857332e02023721ecbf9d9d294d426155d859a214e18d60616aeb8082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c3e330203af616f2b547e11ecdab7406

SHA1
c6217188eb52a63fb3cfa43887a5932b9f16f4fc

SHA256
4c71398cb0c3c4106a6767ab91a46697a259b69763b288c86e1788bd3d99f7fb

SHA512
f8305f3db4885c6e6825832937eb1bad5982593bae4ee222f77162a0de609a4315a70c1ee89a85b0d5681a7e8a7903a0507362f6157c7e0576917daaad408128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a65200b9796c8cbce106bf5667b3714e

SHA1
254205e81dadcff293ecbb943da5981b0e388e1b

SHA256
584b7ec003f7465081cad891011d92609403c3249811732f7050e33d6d70eee0

SHA512
c05b03edffc84b1ac8c094db7c861b9e24ddceacbe9c12b83106f60e6642113b480c9257e77ee49d8bb011ca7bf34c9ce81e4011f796eaf02c94f7fa69a54641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
709a07fdbb3ab1430416391bfe7320dd

SHA1
97cfec648626b39efca554ea3f1f87493cc38677

SHA256
0be9ec15ea87b3a96e6ee60477cc77fae1cae77ec991e2731a5fca8aada306e7

SHA512
1c28d206b2f0a2687d45f7335f0b2f6cb24d3c0b80eee43bddd766dbf6fd0e7b0f74f811de7939c0b3d0e205f4d2cffa55896e7dedc9e364de776e767132b668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ef8958b020066fe1d4f1bd1a6f3ac11

SHA1
b3634311a085950d2017c1474f3ec1df7aab344f

SHA256
1e60ccd4f7b5fe187792f8b4a4b9a761d32ac7393eaf288ad8e51c89edc91f6c

SHA512
9f6e2c92decaaf3bd71ae88c1b6e1e3fb8f0796221d1b758badf5879e101708565f8c774389548cba167f905a417eb2b33080d42a4ff0f873986eb747a3a837b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
22defbd9bd0181562edb2e482b0fb8e3

SHA1
41f318332936c53e9ab9e43f182c8efca1e7d214

SHA256
15ad4f41c5dc95eb7c873c42c421707924436acb73c5561677a5b1c9a6b84327

SHA512
afba0b1057c6823dc89e43b9915cdea1c8947375d075ca94134138b4abba4c428c1160eec529ae41e202d0105fbca48f1b17cf982746589e9a15f52192fb27a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5219df60e15e55b82eb17f7cd85d20f5

SHA1
9b817fe3765b2d81a8938d8e33c6f6be21ddc809

SHA256
d17c9c2c5277eaa85cf92d4566a685c454903e19774d6cbcefe021f770189d32

SHA512
14b6cb5069324768cd0967fddc8962cd3667f0adde0955049573d78e447b3413329dd3b46768f0a43ba50f52295da069096814238c9476cd7813078c1c9cc057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4d44f996342cef15789b725044fd24d

SHA1
c204d0d5ca3f35ba84789737e348ebbfcb7151f2

SHA256
dc93f347211748c0a2f6149a0265918dab5896c09b5a7888dad96f04eb3dbcd0

SHA512
28ac21947c5de2fb9d8977a6f85caf6934839683b847f889a0d5116b1c595ac8e3794acdfd5e422af0182c066b03dd97b2571349084d541b61dc0175450a0489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d9d8def484ea0cfbe8eb9cd20de2976

SHA1
c973dd2b48aefcf668a46372cb20b0e8d96fa456

SHA256
a470891c082c109e655655c72ac7a7e86c1bc59e6ea528efab76a985ac6dfee2

SHA512
5feeef80a60817100877e47479b4336d20cc005cf579d4e990261732400fbd784296c994b9adc607553e85d1623bcacc1afedc80f123a18c717d06a3b90ae17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e708139d1489e8c7bdae62790a1fcd6

SHA1
e5ab73d435ee2f860af6dc1c250ef9b539d5b1fa

SHA256
1b9d2cfa6378c186c90978a92e352e267b4c784d902f6924ff0648a21e4ef803

SHA512
0714c7fca3dae99f26340a348af9bd885fca61540942368f0786593c1e490079883f6d590ec193e7b89c394bd9f105bd95111401dd2d0b9b8591e3b70a156cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d48524d2d4034ae7cf780ca731197bcc

SHA1
cd60ea2693444c0ad1de8e36d6ade7c30b129f10

SHA256
96dcfeadf0cd1049b932e01f8478fcecc2036db2e1bfcff7f18e0ef14f46f150

SHA512
4f52bab18eccf3da07375de2267f0c6437a50bd26683b122cbe7c8d60f05a13374fbb565ae4c2b96e610e8f30e13644107a1691d29167de46f34974b184fa3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec7569696ccab540470312f528c912f2

SHA1
baf0039dcab5f8086ce961ca72469f5f44fec243

SHA256
821d597ca8bfe4ea5dc637e3d7fed637b9e72bdd5061bf107c0a12e8545ad99c

SHA512
652f50860024e10eeb16cfc0cd7a22b6977e2c929395396722b6ba77cc03831a1540b286f7eb8954fccfe1e16e798ec64b914d75bde7e79b287e0b0ed2639fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0309390eb62fb61b0450fa4898d6f105

SHA1
2106397a1563d1fc588caa98b021037e7614f354

SHA256
e22c55d30ff9e0d8a1522fb1d114706396b28fe2f6b4755b15e77302df520476

SHA512
b773276ca2172e1b279978b07c499aaa01a7c12b127b0eb4b935c0d0e5a8155abca4d0cd560aab4f121cd4f35d3d8b14c456ebd1f9e1439836a176d2154e98a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
d03448270e17eb421c05c0a7e1961743

SHA1
f5bb7d17c47049e716aec554bf57cefc80d3a2c4

SHA256
71d6049dc3344d8a68734de7fd5710abe8d140084db69b487fd1e2f9fff97166

SHA512
1b69f28f468107cd2446111d2de08e450651b28fb620b3fa177b501b2b3c7c15782c6073097c18dc7a73f6e326e055429fc0e267d1b5116f6efe2dacaf1a869e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a92a294fb96527f3b5ba41250ef4d020

SHA1
f0d6f697aa94fb4d31a1058475cf769fdc8660bb

SHA256
50d645f72bd1e04aa22c44299bd9d106ed14ec822579758f7f0e0289f070aa8a

SHA512
25ac67d230521fc3203b4233975d5988fb291a09613b6a2319a27f1097ce312322732a0058b4ae3afd0234f6c2b192e2ede9bea469167af5419cc17992b6662c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13383027213493451

Filesize
2KB

MD5
373fdbc46e8871bfce847ebd3aa81e71

SHA1
c2cd2ea1d2c0018a5d87b3e16c128c8c3a78dfd3

SHA256
7b194e6143246d3d27fa2039e215ecb454fd91c419821310b4f018c7c12965ff

SHA512
91e2a85a3a85d0db84e75ab75291ebc0fcb204613dbf64ad6724fa8d449ae13319efc8273d2e71d3a14c339be4f6c8994787211c8dea3350b50e1876954ac4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13383027213646451

Filesize
2KB

MD5
50b987a82bf26304d07d49b34ecdbdaf

SHA1
6aecb8e052b8bf83b749a902fd769266f74d643e

SHA256
04f8ae994c5f1af35327bc8f25ba59c7c699806bfe0a0e3c01ac598bb55e8915

SHA512
cb67cf7b76c634f85ba28d09b43fac55a6c97466f824960067541fb245c3ce04c30548c2ca9491ef9a09cc9560289954fcd9585f8b6dead0c7634153f9d8e926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
df237a86e8ebf96b7ef11929b8817011

SHA1
0816ee0d2916d46f0df7e7c47565e8e886cd3b20

SHA256
1e03c548e3c307cc43044e88d4ea3a78ae4785dce685ef2141eae347a5d16c6b

SHA512
aa69625ab21a259ef4e31a670a6c4ab78d0b017f0acffdef9a04daaf6c859ed66d4c6164aeb23d94e4b1a3a84d6388bfcaaf5ca9831114dd844943227aae7a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9bc00c42dcd6c537537dcc31918d75d5

SHA1
a6ff84475c83ba5fe5e032c8cc0bfc680d3cb238

SHA256
31de6a13da4237e37db8a49ba35807b90d599e5c4e6ed8ad6a4676f0e1286f2a

SHA512
ae33f0802c2d929b2681d3e7bb73f563d12d2097dfeacf392f8d350fee4fa9944de80b541075fbf1004d97c17ecb0d6f99263666b08e9de50528cb6ba5a0bed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c29b74f01d8cb06622348164d9cc6662

SHA1
43986ab7af0e48d5de90a7e6c6a6753a8bb53155

SHA256
fc12fd8edbb223af61f36869fba9c11fb1af9567d2c40df711f0c57bcf3f27df

SHA512
0956a7a2c386466e98bc3d6fc0221bda7d6b18ac9d6e97154b4d457f4eb9ea730ef2a7f39000dca8b0381757f17acca01c561ac9f6975c3e2b0ac94ac82de4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f9d4656d6f281440907ac486a8f584a

SHA1
28ce314e40cb99fb69d3fc655897c5a8382b5bc0

SHA256
c98b8700e127be96643c37a27e557b8e9d97d450557778f5ba2b29ae847534de

SHA512
1d6e884653e733282487ab7a71e339321ec06ec14fe0ff1e292e7b3261baeeb8700764157aa5d465371343eb1cf09bbd5ab632818a80068e7e718db91b2d4cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fb00eececfe0a21afec9be7f6a8f8aa5

SHA1
8d11ba1120b2272a0a3366b2ab7fd2268774ca29

SHA256
5356c43917c32638ece02498ab53a8655abfa191b364ec231caa2002a9f4eb4d

SHA512
a4451b197d213b417e21ed0a4dcf1b986fd26893b5d2837c60a41490ec1b3f1f0a6f431dfe62f6d346178d25438d60615019bb65c8542a960791479e43d6c7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3fb3d0ec6140dd83b4590a72ff727638

SHA1
0ac780836b71674ea7bf7656a0f1d8e29d67271c

SHA256
a4f31a7347c1db5c73515baa823ff71c25096370450ff6b2edc6dac4ac728dd1

SHA512
3e9e9c8800cf3c568a502853a64dbd7a0bbcea6cb939460d162a19c0112f8ba4c9a10ae1a2ec7736567dcde29c5da989a8360395de1ad2a3d55575a42a060a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
94be975dbeac7e93fc790d8fe66fc7f9

SHA1
3125778e8010fb6ce9dd6d7cbdc791a734b7d9e5

SHA256
f878dbb773c64a2d6dedd10523aa8173d1817257e15ab87bca18c0e79ed8a674

SHA512
6885d5de11be347d21c7da188438861dca9b0bfb03b91c27522678032f482f5626e54202308d9027a7a8aa571305b85cc833704a2363c44c0d04592fe2f4800f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e332ff2631883e0cd8420db8e5a10be

SHA1
49de653e3309d065cdcb11e5536d1a2c5ad5b05b

SHA256
8176e4d2db9c44231cf23f69848b6c3bab39cd592d0205d5836437d228fc902a

SHA512
a3a88366438bdf17d3c61335539e457dbfb3f2eb49b7d66e67fd88cbd6c47c277755bbc23fba0ea9b0a66a769b1c22ef4f6d04ae84010b8f1f1ee855cb3cd463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4780eab6c83174970a29b51c055cdff9

SHA1
6ba3aec73700ae705280e62ced31521434031423

SHA256
07c12ea3dddb94a66b15ea1efc776627a15fc3bc1857eb2bdc421cc49de7baa3

SHA512
d448fcac7e40ab11cb47120e18e0b9978c4c24b6149af3660d525cb32ecba068a7571c007091c2d7c75472c40d59619ae75f090d43e5e9539010ee83ba5e3ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1d85859a08d06cb852e58eb89112d9b7

SHA1
fc704fa92049e65f87aa74e6baa7a224ba9638c3

SHA256
98cf86c60328650a242281d4e2c03f38fe5ec567fbcd8bb4256b5880e64b4b5d

SHA512
95e7e3bb59e5da0d4fbd7b164591f5471a8b53b9d5a169d0feee78e5dedb44d8b5853efa3d8bde398827256b237b7b680f13918492527d17865120fe34f46895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
af4c8820bcae97df7a1b35626e1227e0

SHA1
ff6a1f2b31a48878349f491276ee9ada5c507e4f

SHA256
0dc91a2d66bf7837041a25cc6be5f132347201011286d957f9cfb8a9b125b198

SHA512
cc282e9aa8967d0b3089c49dd5b099292051c517c054daefad549f89e73ea5f20331ca7a2fa8cc7e44a870c81ef6f39d8757dbdbd371a7302083ddbb38ed9e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
a8fb1fc01bba2ac42f3c410624011a00

SHA1
561b18068ec1a07d15d450fa2a1aacb5a77a49da

SHA256
a697152e32e4fcf894bc62d7ce9877980e8b6b2a8a400710d2ab1fcbec3e1d1a

SHA512
a32c1c24c0f37f9a6f366b55560ea5f1e0fb5119200913ec89db5871eb4c5700a163877c5f629611976588cf3921912e37d94daf93ff37195c3d648a136d618c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0d22c25-13ea-4031-bc27-953c5d3b1a57.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
21b2aeaebd0baeaf194189ce35fee533

SHA1
3a59c227a163a0936eb2d0b390a5dfbe6e3b1a3d

SHA256
a16c6b67230d9908f92791de5fb402652acadc0d0b54b5963839f56f9fd4fe2c

SHA512
d2e33b4d6357eb4c6bd6ad8b42019938c7f487e3b109fbe9862027f62336fdf92ca3e9b0060580690bc75f941da8aa27c258fd3191ffe5cdcf556e377c70e13d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
31d7e0cd84a551eee46c1ff2e732cfe6

SHA1
fd29e5f2094c310b401bd7b0c482d9d9686a02d8

SHA256
69f0a2e2fdfeda5400f387f5bfd006d6661d001785fe8e946b0958da87c8524e

SHA512
2fa0841c0b14f5ca925c069499379bc387df394959a07c4d95aa360fb6dd5a875f825caac1fd1c69ea58ea015171d9a983438bdd2830a1a55712b4fa517b21a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
cb488ab17f792dd92e7239334c716080

SHA1
41698c3efccfcc1aac08d624c9c4fdc90931d16a

SHA256
dd7b0e8b1c0a9661be96d7e0ab6a10919ad0e9c3db001de1f32d59303f726f6a

SHA512
234eb14e12e180a5c82d8d40fac3efcca4d141e7dd109de1c5c4d81291265d658e7f71bdad2ef2379e50a80dd763132a605b5754ef82604fcc6842cded44f3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
6e24747f0fccbaffa33fa6b46c277171

SHA1
a8911a55ee2d2ea3678930aa1a4e0a135dc3656e

SHA256
1054bce2d0a68598622e3c2989a25dc014e45a00d64bcac2b3f851260e601a06

SHA512
7b3e3b840c791cd2ce727bc30d19265c393cc129698470050c3fb9a30b3caa5cad408b534b75c92e314d2aa0ca03bb4eec8f2c5adb80bd9d120bf21567746878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
707ed8063943f3666e93ffd054f2afb0

SHA1
fed64e18207d44ef0bbb5d5340f2b68e58f516df

SHA256
b85284d1655765c46b2f9ad90d234045e71e45b28c9be3a55c93bb4812bf5acb

SHA512
3077dcda62b0aced7928237392005688a99f5c3be641321f74438944e115d596bdabf926320d5378cb655b509b6d13341529f2b39aa25f37c645182c8ac219ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
922e8020e55bd035aa5d70dc1e1f7565

SHA1
e4f78ff626812e1b91c647003fdfa4daae6369ac

SHA256
07e1f2a0c9efb8e3cfb3f6dc2ea59486948a9498a4adafbde744421475b87bc6

SHA512
cb8be5a717fbc39b88c0743ee0459c5ae55ae2f8caa4521dc4bc72ac42318111a6f399fe406df3a9fae18214e4de1cd4147daf0c50b24989794c1835ada3c753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
25KB

MD5
596c754665dc3ef9437ef542eb4b130a

SHA1
2fd7ba914e8df3314850a0f0085d5388e7d45811

SHA256
bc79b14f5edf047445a5ead84ac1c46d8bb2e8015fe8465f1ba90a8286375500

SHA512
d224eca48a06915370fd20858d6250df1f19a8990ec3bf2230fc5d72f1b5f356f609a4098fc5c22fcad8137734d4adfe9d69f0e91836fcfd6c1c4464559168eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
25KB

MD5
5bd00f5103ae7cfe8b3ffc53e19aba5a

SHA1
86a2c393f3fb55a45e8b352df59935e6dabd8408

SHA256
3ff9bca3baca0698e2ac5df01a5fd26d80ab2bf0e9c067f73ad934ebc0fd7d97

SHA512
c5ef76a734365feb32aa4fdf5bde4de5cb550ca1b71eb728ff2f587c2656918408169464546723287a2247d911785780b523cf9aa6c962e11c88e67fbfce4961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
19KB

MD5
3ec20f00a772d639978e1d890b0ad168

SHA1
34dd2f0add1d59492e31da27417aa940899d9a67

SHA256
af24bf1e1b1c40e8288ea76a04f429e91030ee8c554fa2ccb0d143c8918a745c

SHA512
3e90f549962394cdb9cc840cf1864e6855c2cbe1d5ee5a1806f1836eb071fe8b6554a3dc5d0ca06ab52325f3b2584b92eeac0aac20a5b19a5dbe6d4f3dfa2353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
bb8508b1f315e3da5f8663ded69b22dc

SHA1
d05efdc01769b64a3e578f9f0921e6e10a373f32

SHA256
3ff611197ce09fb9883a0bb0f809bcd7d469a05bf6a41e443f4dffdea47e9d5d

SHA512
ff84e49f689b60bdb58efde65fed19639ef8e00af5f37f46ef34b4848c2321221513780c75ada1aa353816d20616065c3d6226d4bff16ade59f17876d6c598bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
18KB

MD5
767402b2b0e1ab41cb828360a2403d9f

SHA1
7cc33a9b60b5587c5aa64b3601752b47c8a90bac

SHA256
8a68a417ec1dede58073167964e0a9baf8c24faf4bfe83d2bcfede4fcf4f223e

SHA512
afb4677edbc4cd621ae5aef1f07186ca1c63c8bf0471e58b8cb786a7a3bd02f1b789fd132ad7447d27d9bd49b585fd5e6ba56136e6b1cc1c97baf8609d7d092a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0501cad2af2e38b3a960ad62486c1080

SHA1
54fa1ac898f0c8b475a2fe7f17667719dadb0655

SHA256
6a81ce07822587ed3553bc2cfbfac55baa5f3f9064def8dd16fcaa8f91e849b6

SHA512
e48be454efb438c70cb6a59f166eed4aff7e1bdd1db76c5545080f90cbcaadc26073be8e27a63f0644c97dcb17682ace57f54c38635394921906d85477b41e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
febb9b66cd747145e3d7d46955daeb7b

SHA1
58c3deb9cf8483dbaf9f064e4edeb741afbe906f

SHA256
7801348e25af82bb68f7f28cfc316c24986d94ee68b62d1c16edf33c05f35458

SHA512
a0472532459108f699c46b02d4c4416d64d79a8cf26720da46ae56f883cef1e365732b965f98b766f8bbb9f86ebb29acbf9e5cb0c603b81e797fc66dfef52c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e5adda960e11279bc2eca90a81bba05e

SHA1
5af681107e2f2c2b4b4e1d5cbffac309513476f9

SHA256
dd15f52505ab472f0c32a542560d268b2321130ad96bff03f73bcadb8af37620

SHA512
661451c68522b686ba85d0ecdb775e9cb1d1c59996ba7ec03e21feca4081ee91e1a7bab76665b4a86faf32797e07a82211976c922aa4b7e017b1eb074f4ea462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0a9d08d10707fb7ab534a799ef89762b

SHA1
18283fa753f15c3d78ec4054a06355538638bb6b

SHA256
e054431e34a1d3c5550fc9c99c852d1e33853410d0471d4ac3c44fad8e2d90c8

SHA512
286180dafec69261f38082f2fe7f111641a6859afc73ac4426e02564936c163b6cb2920ac5b62e12a3f057ff975c8cd3dbf5fdce52e40f434a1f58293dc0a402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
6a49a1340c9a2bcd58777c0afec59f71

SHA1
233b92303fffa9d030a6c74c253e424168784961

SHA256
fc47fe77fded5464847f78f20110b28b09bc83640b9847b686864494566b843a

SHA512
a12883cead2ca253002efa93365e4049832525fef05bda5536d681afb0070f7ec671535a660b493467fab9680aa5abe3c0f34c18c4a0c316bedfdbe6c7b20517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
5f9db22c7e30f8e7c824701b13956b68

SHA1
568a92d1932227ee14d908535d18bbd4ce17aa6b

SHA256
17ec5dadf56d6f656f4e0d969ead168ea3051faadf0785b02fc9bb5741bb788f

SHA512
3fb351e9361944490f57c519d2c344d8f9461dc8c33bffaf62a0f7b0d8a7a240782197259255435fffe5e836a060795a78592b239d69653d7ec24eab202bccb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp907E.tmp.dat

Filesize
116KB

MD5
fc9cdc9cb245d298b12dcc7011c730ae

SHA1
aab5f0801df10a45cf230dfc58050e7d1fb22c7e

SHA256
d07bb93439c98c80e653fe1fa089ae17a748aa025c6844a65a07be1d0416357e

SHA512
1a852aff9aa8b4e8c15f2dc6460a06cb658305f77ea81efc72dbd0fe3146214305d9a7903d172ec004e6b48b604c09480107949ed1fa7edbee3673275d3ee2e2

Download Submit
memory/1432-22-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-1298-0x000000001CC40000-0x000000001CC62000-memory.dmp

Filesize
136KB

Download
memory/1432-1383-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-1382-0x000000001CFF0000-0x000000001D199000-memory.dmp

Filesize
1.7MB

Download
memory/1432-1380-0x000000001CAF0000-0x000000001CB56000-memory.dmp

Filesize
408KB

Download
memory/1432-1-0x0000000000F80000-0x0000000000F98000-memory.dmp

Filesize
96KB

Download
memory/1432-3-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-4-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-6-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-7-0x00007FFFC9993000-0x00007FFFC9995000-memory.dmp

Filesize
8KB

Download
memory/1432-48-0x000000001BF40000-0x000000001BF4E000-memory.dmp

Filesize
56KB

Download
memory/1432-0-0x00007FFFC9993000-0x00007FFFC9995000-memory.dmp

Filesize
8KB

Download
memory/1432-53-0x000000001BF50000-0x000000001BF5C000-memory.dmp

Filesize
48KB

Download
memory/1432-54-0x000000001CFF0000-0x000000001D199000-memory.dmp

Filesize
1.7MB

Download
memory/1432-19-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-18-0x000000001BAF0000-0x000000001BAFC000-memory.dmp

Filesize
48KB

Download
memory/1432-15-0x000000001CFF0000-0x000000001D199000-memory.dmp

Filesize
1.7MB

Download
memory/1432-14-0x000000001CFF0000-0x000000001D199000-memory.dmp

Filesize
1.7MB

Download
memory/1432-13-0x000000001BF80000-0x000000001BF9E000-memory.dmp

Filesize
120KB

Download
memory/1432-12-0x000000001BA80000-0x000000001BA90000-memory.dmp

Filesize
64KB

Download
memory/1432-11-0x000000001CD70000-0x000000001CDE6000-memory.dmp

Filesize
472KB

Download
memory/1432-60-0x000000001CDF0000-0x000000001CE0C000-memory.dmp

Filesize
112KB

Download
memory/1432-10-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-9-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-8-0x00007FFFC9990000-0x00007FFFCA451000-memory.dmp

Filesize
10.8MB

Download
memory/1432-66-0x000000001BF60000-0x000000001BF6E000-memory.dmp

Filesize
56KB

Download
memory/1432-1259-0x000000001D5A0000-0x000000001D6C2000-memory.dmp

Filesize
1.1MB

Download
memory/4416-33-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-32-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-31-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-43-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-42-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-41-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-40-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-39-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-38-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download
memory/4416-37-0x0000011C42B50000-0x0000011C42B51000-memory.dmp

Filesize
4KB

Download