218a3a1f233acd4e53bc25d4be1919a926cf72ac5f787c779c8b52e3c9a66e44

Resubmissions

14/03/2025, 11:10

250314-m9yhdaspw2 3

14/03/2025, 11:07

14/03/2025, 11:00

22/01/2025, 12:48

22/01/2025, 12:46

22/01/2025, 12:43

Analysis

max time kernel
395s
max time network
400s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
14/03/2025, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

474B
MD5

10957f24772eea915bc129c12ad964c9
SHA1

875b9ce0b9fe2f519d28cc8a3e8e957db9779360
SHA256

218a3a1f233acd4e53bc25d4be1919a926cf72ac5f787c779c8b52e3c9a66e44
SHA512

dd351894c8596e496a8e3ee3411e7b4a9cca1b9d13919eaa333c1b093377c18c93d8b2002b36027fb398685907b558a9021e60d8af51b2711c4452b1ff8d1602

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Grapple Practice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UnityCrashHandler32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-580533235-1933962784-2718464258-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\The Grapple Practice vBeta .zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3244	msedge.exe
3244	msedge.exe
2840	msedge.exe
2840	msedge.exe
4440	identity_helper.exe
4440	identity_helper.exe
2920	powershell.exe
2920	powershell.exe
2592	msedge.exe
2592	msedge.exe
6136	msedge.exe
6136	msedge.exe
5648	msedge.exe
5648	msedge.exe
5216	identity_helper.exe
5216	identity_helper.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2920	powershell.exe
Token: 33	4784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4784	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3108	WindowsTerminal.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5632	SystemSettingsAdminFlows.exe
3108	WindowsTerminal.exe
1444	Grapple Practice.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3244 wrote to memory of 1228	3244	msedge.exe	81
PID 3244 wrote to memory of 1228	3244	msedge.exe	81
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 2456	3244	msedge.exe	82
PID 3244 wrote to memory of 3236	3244	msedge.exe	83
PID 3244 wrote to memory of 3236	3244	msedge.exe	83
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84
PID 3244 wrote to memory of 3948	3244	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe36003cb8,0x7ffe36003cc8,0x7ffe36003cd8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,18313310471147834741,6319637343712838123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
  2⤵
  PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2764

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5196

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5260

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5296

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TroubleshootActivation
1⤵
- Suspicious use of SetWindowsHookEx
PID:5632

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\wt.exe
"C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\wt.exe"
1⤵
PID:3928
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
  wt.exe
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3108
- - C:\Windows\system32\wsl.exe
    C:\Windows\system32\wsl.exe --list
    3⤵
    PID:4392
- - C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
    "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa40 --server 0xa3c
    3⤵
    PID:1284
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffe36003cb8,0x7ffe36003cc8,0x7ffe36003cd8
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,4114899763713846220,1026265587862972965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The Grapple Practice vBeta\The Grapple Practice\READ BEFORE PLAYING.txt
1⤵
PID:1088

C:\Users\Admin\Downloads\The Grapple Practice vBeta\The Grapple Practice\Grapple Practice.exe
"C:\Users\Admin\Downloads\The Grapple Practice vBeta\The Grapple Practice\Grapple Practice.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1444
- C:\Users\Admin\Downloads\The Grapple Practice vBeta\The Grapple Practice\UnityCrashHandler32.exe
  "C:\Users\Admin\Downloads\The Grapple Practice vBeta\The Grapple Practice\UnityCrashHandler32.exe" --attach 1444 42471424
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
471B

MD5
f4a8dca499eac0b2726271b7e03e71d1

SHA1
f48d3665ec593241a62ede94e9cf5d17daf849d1

SHA256
be5def45b182819b683feca70c9b19859376c761b7bbd93c309b7df55c53cc1f

SHA512
3641478aaed58bf1e8b83dc47e6c33bda9f45c30d07afc4b6f1bc0588c7f9569de9e6d341b85a79b2094ecf5c1f4e9c4fda53412a54d083884a5f120bf15ca7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_363582827213C09529A76F35FB615187

Filesize
412B

MD5
0f7c3465d5f73f024420d80588d08408

SHA1
02c94bd3745088a93b8047664a50100f7417de8a

SHA256
f76eef110f21894739a65c869643f7a4982875350c4d754cb6de9bce35775790

SHA512
e9f34dcc490609a3dd6dad86177ea3b4147fc9e440f349f1c849dc7b50b6e7140b2319056d63545eaf3550b028d79575088e8415907190e99dfb6bbaa65c8b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ae85e5cf3f16b6f88fea75afff52ab0

SHA1
b5e295ed2ddf08be4d80d37a9ecd65c25df6e517

SHA256
d45c4ed2ae15c6079c37164fa5f36c8413ad19234f11bf698f0db413788e78d8

SHA512
3ab8a201e3d426262d40d00a4d9f37c323df95f2edcb3a1a831c081a64825f5cf5cd37e7f9b9ed38eda7e09989f7ba9f5f9146ee49929acd1d61f17058b0c4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
167ac1d3ce15aa3c1530bbccdc787c62

SHA1
b74c1753fbe0ae5ecc1e6088fee0c6ae90770569

SHA256
836a26f6db62b8b0d67c7884b355ad4851ec975c32f554869b8016fab5944af1

SHA512
4d0aa2e31011731f860e8f0fb5640feb199d778fa6b20d15a2e98bcc003115983cdaffea72c958dedf4e744adf2e73a499c3b1b7349b285f9ab01cc5ff6955d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
407d8cc872d6aa10999fd8c5e3abf85a

SHA1
aeb2ebf8e30de1549a01d02725d875ad5609333b

SHA256
d3208e88b00e7290e291c990c2b8ac47627308f8c1f3b294fad450b036d0489b

SHA512
e6e5a77fb306c3633ebd4f210026722a6aaf3bdf2922985c6448940685b3f2408d99489727a14a20eba20a10481492f1404d5ee319b29778497ee661d5576b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
57d5636cf19706fbbd7b4f22dd021e66

SHA1
4f8eade2a567064c8e2f711333f59d0c2f32ace9

SHA256
7ad1541c32bd8190e8e949d9c97a39fc65cb327f7f9f5eb23e5e888a2b94c023

SHA512
b755cc197864b65207dbcf79007ebb652bfee509f7118b03894900d9cb5223e81e82ea5ac943427b34c6272d568e9a3d5f9ee2c69862e09d123e89e3961d4b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
aaea75e8588938ca4c5516524ff25a27

SHA1
1e0f24012656dc1b1ed7d47eed0a0a7c3879fcb3

SHA256
bf345ba95a40b366e108f2fa5578cca2dd7fbc678f3e63eb55a213f570e60925

SHA512
ad084cb76e549e4f3971ec022b8db8b0d0f65a7a8259f1b35449d0bc0067135382c468543f5ad808f91e9ba24fad1f15909d0c676c6071d6801ee39c6cec8574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
2ba02c5aa54bda5217c53047971ac8dc

SHA1
7f3de09d6aecd5813414bc44966841c3f996fc2d

SHA256
f1f990a8be2aac222c683181235f12fc62d5d930625fe3c89187d5e95d3d4aeb

SHA512
439f2c8a88987aa9b427aff07f03c0989fdb76e5a288211b9ea632ee45285eefcbfe000ef7895eb1c5589b550599dea487d9b3b1d82bbeeb961117713f0ae561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
549fb59249fae4ae62226733f07d3d39

SHA1
ad1619ac0ee7f81ba6057fbd88a5609a520da984

SHA256
eb12e7c6a9f7a412751fb145131c3729ce72bd5e39ad90ddda3770d0b8f1e199

SHA512
4f11306771f995f4684300d2f37674f9d9b8b99887a5c2b16e488bf26a8d91cbc06225cef7f0b8186ea61514ba854f3f53ca746e541593bd62b5ea86a85d4fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
006c7912d84a084bc4836e6b63cab147

SHA1
fc88fac0a2dbff7f7c48e7960257f44a0d20e174

SHA256
48902b9b9c9da9238c1893926979d10bb2568a410ced12f696df38036b7fe1a5

SHA512
671631bb24f17bd3117c6aca381b25b8327a28782591710c692ccf9a4ee762ac08f1960b3956061fef71c69b53304fed261a12430a420c13f6beefa1f967db72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
109KB

MD5
8b491988644f15cd8767e89aa5c665b7

SHA1
f470a8902021bec88717a217771989ca12294247

SHA256
46b90d09e546ef4626b18e05ff38cea60b30bbf90f31ee6bbdf71760a26b9bc6

SHA512
2838fd5591c7674a9ce79425d720fd221198300e1ed6718b003d54eec440557215bb47eca35efe2c78eb72020e09d6fbc0e1aab3983ff95c4dee2b62758b7e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df13cfb31cb0046d_0

Filesize
258B

MD5
8c3afb485804feaa39243a46fead5e55

SHA1
8c24fbe170dd03fb4232f2bd8d74ce7ae59a76c3

SHA256
9c12b91ba54d94644bbeeefef4ec086665f04bd3edfbdab7b1ab1ffd0873fe8f

SHA512
055eff1a7ac9bc763045fd65203990b1ff9f8d472ea0b668dea729d2054785f096d641a58f45e5afa171ed5a5b1e11e8841245366f27dc048a570c34d2eadf32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ef6ac28bb9fcfe97_0

Filesize
472KB

MD5
fe9e560e3f2d0bb66e3faa86343d2db8

SHA1
dce2adfccce3898bc539b5ee6f05f237872d67bd

SHA256
ca7c281216922da3df60e79dd7b383aac2ea51d858b854c983a30d265036bcd7

SHA512
9ccd52145d55384753fadf20f4727db285cad79f5c72e9b38d6df95a795f0d4dfdd7eae18d3ebdbef8f20bd45ed1e2aae9673b846e0afb996f61261fffd12845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
3b91fc40564f9abd047d6bf46862069a

SHA1
1112e45659aae5f903fb47ce992fc32c98b1c7b0

SHA256
edd9fb63d16dc29cdab3c3ef9b0b8592c65efe6c1166f8cd6ae10eb8d083f274

SHA512
d4614f28d2d8e05821aa08cb48c447f2f3e4b066a136812ef6d29a29ba9a4b929f078156dbe9e625612a70148bdde1613b7c95a47460bbed6ddb6adcb0dc15a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d99feb4e31c5db6d0b4b9ecf9b26d193

SHA1
d6473bf8e1f220bbd561e124d2cec91970909ef6

SHA256
009464ad4852d443a714a4f3a7efe6cff89d391e406346bb05479df4a91d8f2e

SHA512
92dbeadd34e81279e8c8d66be6cb2b3a35fea7512491aa030e8f03f775fcb76b31b4431feb4c36e07332284361e62987f187c42121bc1ee34e43831da0758866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
f114ee08a81e13836110d9074ad83267

SHA1
9afcc90c570016c4772183a5c259dc2dd059449f

SHA256
68274561bdaeefdb8410e235f26e36832c187b800daeb1c5efab079afd1ab00b

SHA512
80cc576731cf8088de45f721df13c0ab33b27d04284a4e2c2e1c6cb757bc6c3f387f1ceb0a250d28b5c3bfc29b601291d10e81233dd65c05d2e086883a5de1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
639d930d82720c06f2d6c0249caa4c5b

SHA1
15d016fc61cc2c3c053f00e43c1740353315a8be

SHA256
8b868f88f6954e0fd6769204bfc14fdfdbddcea6cd78494d2a2cc2dd9a666520

SHA512
233092f19a8429d6dea84160c02d72e38e3a34407b223233a60f640c2fe703586fdc1013b50b8ed9278b72e15796b5be333ebcd8a6e0f13cee871ab106114356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
19e68713135768375af972403d67e598

SHA1
a709da445f63a1351d48cff847b3ba02b203e487

SHA256
29b3fd390d4227ee14b3a17b40fcfbb4aaadae313fe98f7cc8f4baa7796b1323

SHA512
a8d70632b8ac4cbc72a4bcb8df478a99a086506dfec0e4d8d841f2b560759ac037d9308b70dcabac92cf1336fb27c09e70e4fe237ae4d40799f5e881f889b67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7e18617c1eb6f7d37586079ac7d6b5ce

SHA1
2762b27ce50a2e161067a73f22f379c04d26877e

SHA256
11a48564ae16d160719bae923508c2d99fec090a93f7686eda72c5f93f81970a

SHA512
c051016a4e347c4fe518fbb8bb23de0c0656f240b850701d7344c23a891bc32ceab0cd44a4ae8dd59292178c10d2b0af955ae07c630f2aac521eb08c6c016f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
10d0df609cb92bf8ad4248f585328f76

SHA1
67023a274f140e63f77a8f16ad0b93ce15f5e6a7

SHA256
6921f891d5bab95296d1e3d027c98a409d15cecade8438e6edef8328fda936a5

SHA512
b8ffd8af25823b86efaeb5b1cfcee27abffbf7929404faa1c07bc8d83d66ed8afd146c6436cb238c1d747becfbea02cc5aa80d5d8cf810b7748a41528fa1c653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
e06834345126a134de875cafe14e9ce9

SHA1
4b0a0327fb1010b0bff1b0e7449bbaf3e8303766

SHA256
0f566a6052220259832ca6af34e9c0880687df3df152d3e2b0b3d90792f733e7

SHA512
a01325fa495f0a02abdd6155b1f295a8af5adbb3d208625d71410480fa150e1170602fe97486b474895efbacdaf00f6c9cef431cda980ca12b601de302e0de06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
4811d20246ef79ceca4461155648dfee

SHA1
4794fa91c664cd6b7fbd225509bdbd81818d21d9

SHA256
313de49960c75b389c3564265f6fce95babac754d451f157418e2280e808b73d

SHA512
7a8837f19ce8a0ae4e6f8d3207be6cd78825322554def7456ae68600cc072470e61534c7494072137b466594e76719ff86e7479fa1e4fe97483cc3c1f547f6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4316cbb5562fc8f859db81bbc4495467

SHA1
940ec8a8df04ba0b3ae631e48e2ca790d8201949

SHA256
e02eb5b9a89d8f4201b5f9237a002f78b7254fa86d15b5e0c2802ff0e8463c7b

SHA512
e6aa55314b616290fb81efa6087610565d3cf70574e94b05727d790f92721b56c21e907a3fc0066c1a014d3956f3308a1abf3ee57cbf9105f6a8d5e2ed97b370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d00261077b16d9caa7ee7dc22f0d8a4c

SHA1
5dc39686835937e844cb683b6aadaa4ab1036fd6

SHA256
018a8cb46fbe780fb6c124bba8c0d207f7c4cbd663abdf7221bdd203938cb868

SHA512
debc85f5d46886408f2d93079d53a2c4f0a42586314d41f9b5f2f4463d6c412919e84882f578a810fac06d8626ea97146008d7e0bbbce37f4828ab70f8d2170f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e014eadc83c620f59f7aabc75ce52d38

SHA1
cc91cd36c83f534276b41b0db52f35dba81a80e9

SHA256
9945af6f3145ee2e285feddf36e4048d61c40222a5759162aa00ab00d4f718a2

SHA512
0026eccfd7a06386108f27c35bf6d2bd7734412ababcd3a63bdb30b5333d25c3a7b3e618813081a7f3e7a439a702d061ea4b977dc34a199cd3c7adcd193bfefd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dcf5227c778774b8c38b4e412f220933

SHA1
a45d3f4292f28457a2b599b073842a9a9e00798e

SHA256
77b7079e3299972176aeb6c3e542d9b33258812b1e5953420e61a410cb93661c

SHA512
7abe8fff18d13baf9c0fb3b8df085409f4d22d6feb0549f22ecbf779acabe8d1d0ec2e02b1bb9ed503cfdba5d0e46043de5aee0fa132516b87b817d70317a4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6eafd3561851ffba3b21554bfbdc881

SHA1
19eb08cccbbd8a5a351da52721ba43251facd02c

SHA256
8ccd18881ccf482fffad1422526eb57af4a7b071a1a6b8e6bd80effe431ec2fc

SHA512
95043d31302f6f5b42ae0b6cd4c23f444c2686021d87354e447e1e4d8ecfce6ac9cdf8163e7a5d87d6e93889eba1fba608935c0bf2adc5badfc05cd0722b86f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7feead5f7c9685101f27c9e4c9ce8fa5

SHA1
7625f35e0bb615144263d1c1228d41aa4d3fe914

SHA256
b4ef6cec8402d106241fdf13d0070db645e890cb9d398d13b8320b3a9d75e7b2

SHA512
8efde1228a3d342837c2b22f7d46d4e33a919890b3327c4ea1b67669bfff7d88e461a978e12cf066fd1b18a17644e6ffea5d474f9263d0e79db1f6fcdbf01280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fce9b118a951ca432ae048b048cefc2f

SHA1
1af65395aca33c8a78a7fbb509bc8b28c51a4970

SHA256
ab6a1177019fbedbed5a3e66690f7485b9ddf6e0bfdf658bcee609ad2f232382

SHA512
78e3bd6c2a6ddaaa83c1c635867bfc6c49d07fd36311a2ff2d97d8afbacc3ba79184e6def4b1f6b5d162f87ba9d0ce909af9d7dfafee00cb275f83e78f7e061b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7ae69e50d26f345e9ce38add4f55bc48

SHA1
b7500e1eb58ac7fac76c31e806801fcfe88c8ee9

SHA256
855e7a50f3f83ae404805f8e862b8cacf291a66f45f82784fa51c920922af15c

SHA512
73c8131799c1636e0303aba3430f1209e50f6c89b258db3062d076f72c10969cc9c94d4479cac938007e0d9b2b9a59966cc9855d6d92f6d4848487c3da547fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8dbd6d5780fe63848139c0e6e25832e2

SHA1
20ebca906a1fbb99b5915d0c1a81e9342a6e3b9d

SHA256
0eeec63a300e8df338f37fc5dee949b81f35a6e03dd17572ec50b1bd34a5db13

SHA512
f344a8fb78f1d3627e5867bd0a9cead312d427b619597bb47e85e5c193b42f26236ce3b76b50b2b1988bcb55a351e16af2b570b77661d835e1b7e17e02245864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c83d51d3f712fe21fc8c909b7100252

SHA1
ae67365f1b166fb30fea742e3ba13a9d1c7ce3ac

SHA256
501839d3201e0ce6108ac8354a010924ffb9b0056d14988eb220940f43d6da5a

SHA512
a6f9b9fec9b62daa99294e9cadaa05eb0ebcdd04392284bff329b319204ab0d8a3095a586aad2dbc71b1a8af328a3cfa0c2dfcda2a0de2329421833b18e59df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e383105e954cdd503aef61a59cd3b68e

SHA1
19f20503319cac8031667e33858a6982d87efcdb

SHA256
c1077a93c34d0100f93d3bd058e0ff3e9d36b2c7b325a768ebae7164b7ead06a

SHA512
a60e8684d276867bce3c179ed885a8ac8875f93e0eb22e179102edf8f9b9814ede7b246e24f35e6221ddc283057841d3ef192ef73f219c6eca19039c61fd1575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79e400475f6a801364dc2c2c5c79b486

SHA1
673715e341846cb05d5292f06b141409a28d235c

SHA256
62898ee8f79c5520caa25a13ce970a3154e81cab135b443e5b943dfd6955d885

SHA512
428944a29259ffce658e395855379f4d973e9ccc0d644d8db24efd346ae2573791dc0c00a689cc20e3e982b9a0a24dd10da163902aa75ea21520c5977081d07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
c8a886daaee2cc58a2a27e4bbc91b975

SHA1
b0ba4a3419b89dd097c81790e028e73a604466a2

SHA256
79f0837e2769da6f494b074142c0f03369631ac2e73d93897ba17bfa4e40b647

SHA512
96c1f6b51b52a5cda1f41dcb9e2e975c5e1e64bb4da05896662ebd26cb487bd74b81c403fcb3eb40d96616bffe98b37692fc759fb4180b4f21402fa1247c1f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
af8e0023b0c49e732594a2e708f307a1

SHA1
3d062b195364e79d8f04e60396baccf5683f158a

SHA256
1df9203d71c2e7682e071266fc0b6a3a7d83fda0ae12854920eab71cf4a602b3

SHA512
3dd861a2a059cd8ee50820f742c141a40e73295cb91a3985935be2234adff0f8646d661206005dd7b496e9aa7c2e65103206cde42d5f95a45a3b2b9e22cb3428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386423636053553

Filesize
13KB

MD5
7368b3837f2d7edbfd03bbb646b5c558

SHA1
a4576ead3c630638321366513eb0aa20390a08ef

SHA256
ca6fe32d9fbcf8711dda16e690102fbed0aaf56624ae4fda1c738a0ccecaedd4

SHA512
3255b6e54c522c01b31790ca8de8f35a833340866bdd8e39c16bca521309e0d1cdfc1e960656cd19af302625807f492c51eecf55208325ca70b370a476e06f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13386423636225553

Filesize
4KB

MD5
dc21f980b4041f270f97e6a10b079b82

SHA1
31c8155e7de6b0d881dbcf7df7b4f345c0369c5a

SHA256
94f92414a823cf492f209ee430b8530e95e4cf8f0692385d409e6398074bc063

SHA512
4ab5a0fe2d23ea1fa6368553924fb44d619617584c61c2e98b95d911f63a81967f04a20ce7b4e118e3382bd7b1ca9793347e4a8d29d612d9d7b7b5dd83752140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
c144eb610edc4a8d2bccbc8ff75e8b9c

SHA1
a27a97693c95021cdac04065c36e2d4d83f8b3d8

SHA256
6126a435dd2ce0791fa081eb78a25e5a8e35c55aed519361f8cc781d0d4c67f0

SHA512
8893d6bafdd52c1f23f09d8fed0fc0eb587b291f01b205c8d16fe94f0d8c4d574e5d16966c3561ffe406307d03f8d5f2c8330a62ec4bdc6a28dba90474005d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b58c3b275c7838707d4840c03a6cef52

SHA1
3b9a15931a709e8600e42ad79131d75f4490cace

SHA256
be5a47361dc5c095cf5725fa567182892a690b9551016b44d59197b59cebbf48

SHA512
265f7a1079879a66b45e3e2ae39631220b52f111e2f7276b427c1f463b777b1b6ff663c3c14c48fbd0a2046627c82bc2fd50bd7f9e76aca62f38615b9697fedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
757f69a0c0648aa4a590c2a5763b9c94

SHA1
04badac21ead857696c1c83b3a8eddb720730938

SHA256
41a744c96b073895300bf15d5a67391887fb521d5a582ddeb95246a04c4c0ba0

SHA512
ef35d1a1026f3cc44efc819b810404cdd9175ba5d5ab0ae0876a2c6d3846b527819ba2a650f784a0757f1ea874f79588933fe50170c6d092face30d432b3ca0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
8223da2c5c3d70664cb985a5dc4aee0c

SHA1
9b18340821fa88928f3b96d6ea860a41f7d4c11b

SHA256
d5f751c8b6071e7813b722dd6947de83aba0e27925fda7407bb9b8b7e9ee4ad6

SHA512
e0c502720a44e31a8c1930b46526de2741360c3625d7ae25d40208ab9f48550a7d201c0177cad8088f6b377f76b4c44e8898c19e94b5d75511a4808c0ffd9ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ce789.TMP

Filesize
705B

MD5
06666d681e6b9c0638e69068d7ea1248

SHA1
6cc681cbcadcc3f4de6b27078c940bafc5a38ba8

SHA256
36faee90241beaf4720e21dcd592c43e3bdb4cbc5f43551077416bed3356ea14

SHA512
391f977a3526a92e3a751f6725f74b8db6779a7163f20ba9f26c69a2a2c97cf1f60bde6bbf7a4e79d6e81222f18f8210e453b7ea0946e460a1cfb61c21773ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
f281dd5a5e69d43dbc412d07faa60376

SHA1
8d0e3b9a75101cfff53ee54bebb1e44db92bd57b

SHA256
91d4ea1ddecd3fe790ec0d0791191f556a28987126bd5fc50653e2ca52eeb689

SHA512
9aab310d550adec6239251e8fbf768f2916736d9f1ce81f3f6e7f8b1544e021a43130a4a76948eba2cb09a80e5e5634c4cadeb4e44c56552ee4175e61568bd64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
60b1d3bb08d2275b78992f2209cf2abd

SHA1
f74744e499fc378403c7f83aa4895fa985c65d06

SHA256
3323be30a4c94d31bea80dcd6dfcfebeb4a36c611e85e650c6652dd0f417cec8

SHA512
bd34e9283185db1e18d03dbaf61edaf7d3c6f1a8edba2b6deddc3de3c273a1a0d3d1dfb98414956a201eaa05a35d61800935682574dbe894c36bc61adc528837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
0c5c2da74a6edb9fb45f5881b633b9a0

SHA1
3aeebeb4d697d4f9f3700e5397063887d65bcec8

SHA256
ea9e9ab9d86ad55c74890b3e28811e770e009e9a72ba32d8a6d04ba8180f855a

SHA512
7a9696d43024303873fd11d50ab4594be0f1cbdf1101e76f2817f9ee4e08a25dba005ece17c2952fd08ab79828770c70105238ee585f43025c9ee4be3ecbc091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
976c229ff58bde64e028e08ecdb518d5

SHA1
6da4b3d9c776f65cd76cac08145dd733a0b98399

SHA256
a9065113a31a540d2b28bbc4d11660f5bdc9637dda947d8d3a9858feaaeead7a

SHA512
354dccc7679f49f8ba2b53c764313c07fd30a4767027717385f3c8a20935ea45f1207548aabde07631b2f90ae06152dd621f48368fcb6346a5629b5b855b8c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
0ec32f3e8fbe3d8f8c3e26e0dbbde30e

SHA1
3abf1ad24aa74d234119af03206026000c655a0e

SHA256
917272f530af27db97999374ecc4e3700ea38e1ee6289dd2aab1ee0b17214c3b

SHA512
35682e8f1c1ff7878cc90ee3c58bb4f9fd3e5c25e34cab96d032b267b7ff5c239ddd31ab98e3ed6cb17c6372cbf7e9a90142f812ac869aadd058d4a0ba1808b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
906b728c66af2abe8e071fb7564d9fbd

SHA1
f0200790806ee8401ab19593d70ef4658d371bc6

SHA256
38732a76074d66bdbe55c6abfabd0f6faf9bc0fe4d65af7ed6607d7421378259

SHA512
12cc8fb935ef262a0606524e6ea16d611ec71018497047e9a5d0d974672694261491d68e73509c51a31766de68da76461249b36512dfc44ce4b19ec8c127dd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
307deb7b16caf5406df269cdfd860c65

SHA1
923b255dee22622f06999ea1a4c27d1c2b75a544

SHA256
e0b68d91a9c746499fa457d83c41510d4d42781cf2f0d375d9b253f22397996a

SHA512
bf4ef712416f271cf4eecac5aa1ad71a97cf85974f0b21508664c4f18a8221c1e1fae7c734285b16a02163c173b5453f526a8bd1208296d1bdb1fdb8eb9984b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e15052afaf16b0a8420e3dd19b1e2f67

SHA1
620ffbe0ded0a8ed1002b430a8e9bfa78618826b

SHA256
e759900296f6a5b25548ae81450b6c5e622398600475e0ab72f640f7ccb03294

SHA512
6932c7c013199ca5ecd18646cd14b559a1f551f7edf05679127bd1a3e270838eff854e0a222367f3f676da84e6561cc9ee28f20ccd23360b3900a5e62896bc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3a8c225a74db28c9d950d61f3938077

SHA1
d1ddabaa8a75d8e5fa2121d481df755654a27eb4

SHA256
ab385a9246048e5a141c4fa373bc2a5596c39c5f953d4d1891e629c03519872d

SHA512
7f798aa5f719f65bb54f22fba5a6ffdb6c9626f1068b614addcfef721c6da9b5bd9728ca9e369a740da044c02c157e0c24f4b0630292ef23d16b476cc8e14462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e849283fa6cdeede6c3fdf3b780b0a9

SHA1
0413a1f377fd1ba251a5f2cfd501336a29c482bb

SHA256
950572c35ee7e0ae50014b1a0c716e09034a7af41b20a0e29abde75aad2cf30b

SHA512
e3b24733e50fdcf36674f9ed042034f98f887283e177a8545e9b67c0ad5c3cc3f169ffa18fd9780b7635134ceb8c823f5219dc1619fb441bdfe3d09c6c0f32d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d59ba55f874a92e68dbd5682a5f94b30

SHA1
9c6bf0cae2cdeaf0514bd4e936890803fbabc12c

SHA256
6e3b24aa6645a2cd3db73faf77a8a95b0224d182fb6befdaf242daa785e61fe5

SHA512
3db43211711fb55fc751a97f83ae925e68003168dc5a8e4212c79b30760467cee4095d641ee7fab428da60cd39bec17e041185528b19929cd188849a3f8e65e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e28f8592b4ab592c29cd6bec18ae307e

SHA1
2d17abe13ce99d728254aa057af5d74f58d28b5c

SHA256
bac68da8a543d2c7eaefaa7583b9a0116052c06ad6388e3406b3edc14956fe33

SHA512
74469805b27baf20b953395bdaf1d6769dd9179e820802219d2c0c9ef596c3257752973c9832470be6d8a05ae6dbc36d01e86b3f41a906b34ba028e91a752afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
004e05e17d59bc57b3540a7b6d3d171c

SHA1
f7ef3a6f14d1196981bd4c6ae233697a5b4cde39

SHA256
5027f4a65a58d4a6048715944c7a43b0d9ef63679fba8bc92f39dc08590c6ca2

SHA512
a7be5caa887be5f2473424dbd35c7cd7c5d9abed1a7fb2186b10cacf9baecc9d9ca23ab1d1bbe13ed170bee570aa6c0d0c54ab53cf510958a9890e07692518aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
e86ee5c7e440c8bb970890ba3a8b3afe

SHA1
53b637e69f0239afbd1be1716f0d17a798663efb

SHA256
002f380a6da033d2c99ab0313256a4b7de6669ca65afe6d94b3b62ebc072e7ba

SHA512
4f0f981a317a04038e6499133bf6f19a5b74f6c0001e23acd86382d2ead4d55350872a17cfcea77ab60672ae2e9fe625a865859df3f5b16c44908fbca3846555

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qr210mna.0tg.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 794882.crdownload

Filesize
17.4MB

MD5
9f97616f94a1bd9a35f7c78a9f4dce02

SHA1
4d8f596cf9b72a71b5a36b4741a134d8a6f97aea

SHA256
f87e681b7fbbfe1b4d462b2d4cc0532e1d708ae19c31275e78b6384a6407764e

SHA512
7b4a6f28f8ddb94fccee24dac2627d6011c6dd05eb15e9223310ae6d3917070bb597053c08800829ef3eca54fdd0afc5f4cd434df5b6bf291a679c75c43486e3

Download Submit
memory/2920-257-0x0000029C00030000-0x0000029C00052000-memory.dmp

Filesize
136KB

Download
memory/2920-265-0x0000029C000B0000-0x0000029C000F6000-memory.dmp

Filesize
280KB

Download