latrodectus | hxxps://sites[.]google[.]com/view/drcheats5

Resubmissions

16/03/2025, 11:50

250316-nzsptatms5 10

16/03/2025, 11:46

250316-nxgjrszxbz 7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/view/drcheats5

Score

10^/10

latrodectus lumma discovery loader spyware stealer

Malware Config

Extracted

Family

lumma

https://hingehjan.shop/api

https://featureccus.shop/api

https://mrodularmall.top/api

https://jowinjoinery.icu/api

https://wlegenassedk.top/api

https://htardwarehu.icu/api

https://cjlaspcorne.icu/api

https://.bugildbett.top/api

https://latchclan.shop/api

Extracted

Family

latrodectus

Version

1.4

https://remustarofilac.com/test/

https://horetimodual.com/test/

Attributes

group
Ferrary
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Downloads MZ/PE file 1 IoCs

flow	pid	Process
543	5760	svchost.exe

Executes dropped EXE 7 IoCs

pid	Process
2424	Setup.exe
4428	Setup.exe
3980	Setup.exe
960	Setup.exe
5748	Setup.exe
2220	Setup.exe
2636	Setup.exe

Loads dropped DLL 61 IoCs

pid	Process
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
3980	Setup.exe
3980	Setup.exe
3980	Setup.exe
3980	Setup.exe
3980	Setup.exe
3980	Setup.exe
3980	Setup.exe
3980	Setup.exe
620	rundll32.exe
3456	rundll32.exe
2988	rundll32.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
960	Setup.exe
5748	Setup.exe
5748	Setup.exe
5748	Setup.exe
5748	Setup.exe
5748	Setup.exe
5748	Setup.exe
5748	Setup.exe
5748	Setup.exe
2220	Setup.exe
2220	Setup.exe
2220	Setup.exe
2220	Setup.exe
2220	Setup.exe
2220	Setup.exe
2220	Setup.exe
2220	Setup.exe
2636	Setup.exe
2636	Setup.exe
2636	Setup.exe
2636	Setup.exe
2636	Setup.exe
2636	Setup.exe
2636	Setup.exe
2636	Setup.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
5	sites.google.com
6	sites.google.com
12	sites.google.com
16	sites.google.com
25	sites.google.com

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2424 set thread context of 648	2424	Setup.exe	160
PID 4428 set thread context of 5740	4428	Setup.exe	163
PID 960 set thread context of 5884	960	Setup.exe	180
PID 5748 set thread context of 5028	5748	Setup.exe	183

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_2089707992\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_2089707992\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_262808883\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_262808883\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_262808883\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_145406857\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_145406857\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6040_145406857\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865994506838988"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{43BD4762-E2A1-44D4-B886-218EE6CC30BD}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{3E92FFFD-9D06-4137-A844-26BD8B7518C8}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{94A89417-BA76-45E6-A8DB-A61A62BB866D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2424	Setup.exe
2424	Setup.exe
2424	Setup.exe
648	more.com
648	more.com
4428	Setup.exe
4428	Setup.exe
4428	Setup.exe
5740	more.com
5740	more.com
5740	more.com
5740	more.com
5760	svchost.exe
5760	svchost.exe
5760	svchost.exe
5760	svchost.exe
6040	msedge.exe
6040	msedge.exe
5760	svchost.exe
5760	svchost.exe
5760	svchost.exe
5760	svchost.exe
3980	Setup.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
960	Setup.exe
2912	taskmgr.exe
960	Setup.exe
960	Setup.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
5884	more.com
5884	more.com
5884	more.com
5884	more.com
2912	taskmgr.exe
5748	Setup.exe
2912	taskmgr.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
2424	Setup.exe
4428	Setup.exe
648	more.com
5740	more.com
960	Setup.exe
5748	Setup.exe
5884	more.com
5028	more.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeRestorePrivilege	5476	7zG.exe
Token: 35	5476	7zG.exe
Token: SeSecurityPrivilege	5476	7zG.exe
Token: SeSecurityPrivilege	5476	7zG.exe
Token: SeImpersonatePrivilege	5760	svchost.exe
Token: SeImpersonatePrivilege	5760	svchost.exe
Token: SeDebugPrivilege	2912	taskmgr.exe
Token: SeSystemProfilePrivilege	2912	taskmgr.exe
Token: SeCreateGlobalPrivilege	2912	taskmgr.exe
Token: SeImpersonatePrivilege	5928	svchost.exe
Token: SeImpersonatePrivilege	5928	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
5476	7zG.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe
2912	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
4124	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 880	4136	msedge.exe	85
PID 4136 wrote to memory of 880	4136	msedge.exe	85
PID 4136 wrote to memory of 2912	4136	msedge.exe	86
PID 4136 wrote to memory of 2912	4136	msedge.exe	86
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 2840	4136	msedge.exe	87
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88
PID 4136 wrote to memory of 4248	4136	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sites.google.com/view/drcheats5
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff9a168f208,0x7ff9a168f214,0x7ff9a168f220
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2484,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3556,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3564,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4252,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4316,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=4412 /prefetch:2
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3980,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4600,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4032,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6628,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6216,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6876,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6776,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6812,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6648,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6748,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=6268,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=6864,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5968,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7012,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=4416,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7032,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6808,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7452,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7600,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7672 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7552,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7652 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=8048,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=8352,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=8376 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7248,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7640,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  - Modifies registry class
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7460,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=8380 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7548,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=8016 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7740,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7764 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7412,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7228,i,15549550693433787151,15386309199136882314,262144 --variations-seed-version --mojo-platform-channel-handle=7968 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x258,0x7ff9a168f208,0x7ff9a168f214,0x7ff9a168f220
    3⤵
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2172,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2428,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    PID:5500
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:8
    3⤵
    PID:5708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4596,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:8
    3⤵
    PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2568,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:8
    3⤵
    PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4660,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
    3⤵
    PID:5292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4644,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
    3⤵
    PID:2356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4720,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:8
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:8
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4972,i,16978121424649692724,17313650371576891474,262144 --variations-seed-version --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5904

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\New folder\" -an -ai#7zMap7306:106:7zEvent27649
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5476

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2424
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:648
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - Downloads MZ/PE file
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5760
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 "C:\Users\Admin\AppData\Local\Temp\2V3CND5OWUGO5CPY.dll",Editor
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:620
    - - C:\Windows\system32\rundll32.exe
        
        rundll32 "C:\Users\Admin\AppData\Local\Temp\2V3CND5OWUGO5CPY.dll",Editor
        5⤵
        Loads dropped DLL
        
        PID:3456
      - C:\Windows\system32\rundll32.exe
        
        rundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_6762b44b.dll", Editor
        6⤵
        Loads dropped DLL
        
        PID:2988

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4428
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5740
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    PID:2972

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2912

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4124

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:960
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5884
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5928

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5748
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: MapViewOfSection
  PID:5028
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    PID:5636

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2220

C:\Users\Admin\Desktop\New folder\Setup.exe
"C:\Users\Admin\Desktop\New folder\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:2636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping6040_145406857\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6040_2089707992\manifest.fingerprint

Filesize
66B

MD5
3fb5233616491df0ec229ba9f42efdb8

SHA1
18a8116e2df9805accd7901d2321c3fa92da1af4

SHA256
946f3a9e019b0d80f5671de782f295132341f663f74aebad7628f22e528d6d52

SHA512
e9b17ac626bf6508db9a686825411e90d316a0f1dacbf63dbec5baaaf6b96af4dbc9a7332975b6d5c16c43757d79fddca6b888ea97bc07a8dffb1b3a06366b4d

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6040_2089707992\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping6040_262808883\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
a50baad04242258fe112a53d5753804c

SHA1
478ac86c7d53771f496ce53eee540708b6380176

SHA256
bf66f3424fdba5c41e9531db97c17437949531b4b34baf30686bc8cd2a94c831

SHA512
6021f0844364bb2c0f64f3f4e0e8d71a84db6843ec4bbf5e6457ca6b7d1a1f328f6773f76ff9360833a07952c0789b126be65e72483494b5261a29dfd1143a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0dfd0863843cde804a343df1a4961122

SHA1
e04eb0f970aec55fb92482ad597578be6b00607b

SHA256
86f57c57cca3507d1a93d5baf9f3f7a032f8070c6ce3919d81d3aeeaff5c9d3b

SHA512
edb6845866c6360158aaeb03af2376252a6aa4931b9e8f4afb11e5ebd5cb2623492ccc37ec36799e01ce267faeb4b1faed779da752a481825bfdbe6cc0c4cfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
4b231bf0ef19612d49295b5e45f0a2e0

SHA1
b0dbc77cb3b9449ca471e35a888043d1563af36d

SHA256
01e15aefe2bf4c038bdc9abe5e7d862edfdfd36876f07e27f35cfac165730a20

SHA512
7c4797978d731ece6697d6b365ad4db61bd19bc99e570d54fb16505a6a6d23b74d3d1eafafc1d43fede326a3ac1a6210c3f33a1392792ef0d7d4dad325152c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
471f9d69922d20765e5356032a8f2edc

SHA1
e20599c32ffd9b349815b7f8e818b296b5d14d22

SHA256
c2b5e6f0f487005b6ff0659039c545973e75eeef944e8557df0147a9bccecab5

SHA512
74e20bde5baf66bc969d5c82e3b2d6c6e198bb631b16a5e2892ae6852ea6173429434233332cb694726342f259978e56a08bc573b3779eb8d687e02834d11de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
76cbf84ce0f60efb3c89fd0ff04da60c

SHA1
32e978a0245bf625a4bb7b8625d1ae341fa9eb82

SHA256
3ad279b3a563cbfb466f0dbce820c2ff48e2e0b4cc4462880db2908e45beb331

SHA512
881a33ba3cfcb2a6dd04c28b1e7b6da7ab7500f1230c90f470dcaa161786ccb2e3921f0dc7e89dcd29ab94f1fdac75c9cfe40fdd54e142aee5a506098faa6bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
08c46bf17db4a80d47ad567793f2fdd7

SHA1
f93442ecb3254189ec9c3f7977f4989bdcdc5ac5

SHA256
c01d930ae1d30d8ddd403c914ff3e2a265da5666c7629e15f0066c7e4e9257d4

SHA512
0987f8afda987ffd8f1baab67f5cc241c587bd48068d578de1459a7449dd0e0d6afc846ddcc4dd147a1917d01ca27ca1536a2c810840bd69d62d4601bb1d36ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
44KB

MD5
1beaa1650bf90c2825e33f014093687a

SHA1
4cd0fc31172eda3a76cab626af571bc81801aa34

SHA256
536dfb4989b0cb6194a280170074c20a3fef32c3d9c0df46fdaa29230f69a212

SHA512
1c3f8755b79d8d1466916d9bff5a8a5322582840c43d9ab653e0f3ebb7886a7078c299f9df1c095dd1072301027b1bd6cdfec8d01338f497877f74caa49abf93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000070

Filesize
169KB

MD5
86c1e3d82344a315a671a557f494fe36

SHA1
77e33662dae82f4db9ee1e6a6de660d2b813814c

SHA256
3ce89f58ee74f307d41d246d4694a0f8a1033cd9f065f352388cfebbab058435

SHA512
38675d19bb3c7dc05a1677afd4b44c74e6533ce8fbb7ae9131ba859a6ee14f52c93405e31c5a6192939170592d015d2c99f2d94409aa4622e7735edeb8415ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000071

Filesize
1.5MB

MD5
8eebec666d2353b5a848ce6104981a6b

SHA1
7eaad71ecfcf67fd4b00013aa8a7da59cd01c976

SHA256
7a15d091226b0656653eed6c66b34ab9703e6c941a7ba2828de9d4cfe0775b7b

SHA512
893e82ea88a29b522d962fdc736dea7ea8e279159c73d986f9bb73e0d92b8018ad7449387ad527bfbebaf9c161281480afbb8a06fa25d6d7f14c02d7b3572aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
20KB

MD5
ffd3d57638a7899d80bcc108713c271c

SHA1
d186409ee24fc3d1cc8194434dd707181ead20ec

SHA256
99027d866818f716d208569108a962ac72200197cae503efe5b6bf002bf4915b

SHA512
7305c344cd8f954929314f3b5c9b996638e57d5f142a327ddc9f42f592880ea30b5102c73ee0e296bb3c4fc21d9fce5d862a492b4bc1127ba2c79c4def527c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
232KB

MD5
7dae64d9367a4216880262f9e88c3de7

SHA1
1c865b1e7167a8e5f61adf4b663b855a3ced53d4

SHA256
ce8e868d53f6c6485266bd4c69c3fc1514d32d50774dacfe2020ea9f957f4be4

SHA512
4a3efb83f82c4f60905eeb0c6f7662d00765d95a80c6cf4ff6d05bb846dd69b7570a7078409295444a574be83997328880983fa007108c87fee13b2da416680f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
106KB

MD5
707bf2b3d9eb3cc25d00fa46bc27f48d

SHA1
536ce2f6d23beb2970a292dc5bf565765edad2ae

SHA256
2d2c540688197ec7c33fed0fc49d55880888632b8e38b398cf5bc4f797918b6c

SHA512
d3350c09f866f3f9229ebdaa2511a9091800c117666f93482e41ca8a1bb92f38dad5d17d1640d5e1f9317e7c73399a5ba8ebe69a209dc70a05170c039edaa1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000075

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000076

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
8d850be3cd8d49a6d545929ec3c85671

SHA1
021cbd98797ad16ff1f507de24a08369b61dc777

SHA256
6cd669c0d49ccb9209d6eba13a1fb747977eb36246f8c8f4b4fc20329bdaeedf

SHA512
d73d6f5036e4b9b8962873b4af4e2e340d44b2290063091272873fd4ae538a967a25ad464a48b9c30bc97f141a20a09973556990dfa96c87a00fc717222841cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe582b12.TMP

Filesize
3KB

MD5
4a4388c5fdcf248c8a16da033055b611

SHA1
632822dc2607d94cbffae4a948d9b266caa02eac

SHA256
9d92e9c4af01921d82ee71176a1d4d7456bf6138f97978642f8c8818b6b8b851

SHA512
7e92743b4963a72065a3bf4302de9f5a3ae45907c4f60b4adc36d5c72801fb583981f32c99092d4a3e5f5ba12826349bafcf4cd575af28801dc04439bf9b2e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
afc6fc824b87e03a52083e9264051882

SHA1
dadb87d80dcd8d82718a6e97390169f75efe8d9b

SHA256
08cc08e07df38425d3f6159dfb3e0210e13adb622987801811779304d310566d

SHA512
15252b8ac0df3b97c307d760bacf451ab43e9e0ac7afa997a78bed58c8ac261c41b528a0a6b172d8698759e75d4c2b8fa0355d4e16427e5c7b9ba28f45855365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\9ee2d984-56e6-4fa7-8131-a95920b8e7b6.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\manifest.json

Filesize
2KB

MD5
c1650b58fa1935045570aa3bf642d50d

SHA1
8ecd9726d379a2b638dc6e0f31b1438bf824d845

SHA256
fea4b4152b884f3bf1675991aed9449b29253d1323cad1b5523e63bc4932d944

SHA512
65217e0eb8613326228f6179333926a68d7da08be65c63bd84aec0b8075194706029583e0b86331e7eeec4b7167e5bc51bca4a53ce624cb41cf000c647b74880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
224KB

MD5
85d6f4d327b5ff4e063948970781842e

SHA1
300464afb78d133d8276ff7685eab0a15acd0b5e

SHA256
7a27a1b69249b824841bed21aa4b4a95391871122117a6c63579118c7d637379

SHA512
d11f72daa91a5a4babe0ceb808c0c002a3bcfd71d8540be5901671c28b829fb01882f579db89aac8069a2cdd18e4c99438557dca726fd29f3168f600134607e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
fcfe54fded3d4b9b042c14e0697c038e

SHA1
4378658912911ee321397340ab05631e70a178ab

SHA256
5191ad3b841ecf5ab7c7aa6138cc38fa65853d2c93ba1f0706639eb59ca70f9c

SHA512
2378c8848e9047b50a12252594c90694b6d4d38145a40afee96bac477c234f37127cd585dd33934d010fd975731b45d7e8d45ee04424f6400277c180077e40f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\bcfc60e6-c2a2-4375-9c8e-4818a945d483.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
76ec233b61bbbe501f9e8570b1e55d10

SHA1
16d088d5035f5db2436b1736e7030eff41d30aee

SHA256
f9151ef041383b89d100c89b6dcf258082a4d8ae38e14947a3e3f9934cd3abf5

SHA512
e00b370456974cc44ed4df07ecdfece2ac6b53397ad019172cc5b22c9adf7451909c62ee67504260a49adf5f6e159c250ae38e16fbd0428630f3478f3a53b5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
e7e8d79cca3d1a73908e33b90823076d

SHA1
2085499236e577d15ddc202453f801599a2f60d4

SHA256
76cd1116ac123d608d46a9dbed8a429dc36bb6942ee049b33ecf704a0126f771

SHA512
1bca44e16a9ceebde412c3a9b751fa1462b154d7e2f2becf2a7a7d14e9c4aa62e8fa7478016f6ce9d135ec29169f66d3a34cc41358cc94ef416dec5a9377f0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
6a37b5112d5d6f98f9fb1272a1dbe7bf

SHA1
19482ad651868c7a12d8043bf4221f8f7fff56a9

SHA256
fa6a5209937e1dc4e271ca87d8d94f54613070e973e5550058bb64dc30727f90

SHA512
35296ae303e2240715112b0fcf5a957c4a5640de3d12ec92323417542e0631de80ca51883e778eeae43a5d218c51ab3a2f738b9b8b241535c59560148263dc29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
83b09caf3547b39cafd6ea146386e068

SHA1
b87aaebfdeb3ee5f1e2ca31f48ccd45604a5021c

SHA256
2649382432e428d7a9baf468b3d481767f974e1b6a6ba456ce8906a893fde382

SHA512
eb2d77499cd8c1b47150a42dbd5bf2bdde703dc1dd1ef0e8e9bb806f94ff691ae23041ec0cad817ec12164c9967e9f87bb685f1f32cbdf5226a1d2d369ad36f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
6b06076ddde98b577f9525638aa6bf94

SHA1
e225fdf52cd894233ee69709545f25a5cc6803a7

SHA256
8bf55ca4239d463ab9279cf1bead22aba6f389fdbdd14a649eb0c52de506d230

SHA512
2302ebd040ecda201b470b1ced9d9b699c8216f96aeaebb575abb7f052d1cb2bfdc1bb0572f55a007adcac520b1bf1060582bf38a4c7d85e230342a3547b119f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
183c08391c8ea3e09e3bf39f633292ca

SHA1
878e60d27ea74953d2e3209c7b446913d981722f

SHA256
1717377f08012fc79fbb291b3776528a379c66ba4f08932e7a3b572b177c37f6

SHA512
6a9b8daacfaf1f1639f75712b2eb38f3081105984cdc283113c75306b9476307ad9eda6410b072987013db93f4f4ab86d67b80ee9b7fe4b70b5cefb64cc591e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
67a6352bf772abe4724fde2998ecbe16

SHA1
3ecd92f179fd06c16e9821ec04a81b49af6d3987

SHA256
82b8f91b1f5fde94b6f4c3382e9133a174ac7cc4ab531e5a786f3090a52bd0ab

SHA512
519aa6514b7f042ebc7748d16a42ea9c9613ead94ff9453966d3ab6e868e703ecfd9794b247f7d18b408598a03a1bbe7525fbb455511d4f6fd1707b823b203c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
6KB

MD5
894d715da834b20463ab7145c2854aeb

SHA1
719a0b29d2237318792933c659524a5f540c7116

SHA256
5af97d5448e012dd8eab96d6d8d5943729b96912f1f8cbc9fb3191d0465694d3

SHA512
8debb6c06c9f4b38d1fdb5a35a961d99a99c9068e5798c5b0942e851db908a9e5f09e1eaf9e1c5c9faa64a9c651325ff8f66649c92d5814444f660c322f49d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
2cbde2f5f3b60350ee82ebd8aaea0124

SHA1
e2b41387f8387e82188ae1f596e6ed9caac4e5a7

SHA256
a50a42bfa608b1c8f73ad39c32244125a2ede549746229f8f85c8e9d1ab8f9bf

SHA512
de1417f288e96e8aead0957acc64e13e6d813baa806d3784ad4e234f9ed661fe40dfa949cf34a9ce9b73b2eae58b44e00b37a6be513a34748adc2d8addcd3e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
878B

MD5
d477a16f701d1e435f208fc34540d748

SHA1
4d7b3654e50ddf5f5f90dfcb598a84f9ed51e122

SHA256
4ca4f06f7f0c05e5609d7b75be613ad8aed69803c53c1f13146153a1be2e2415

SHA512
3c695e06acdcc651a0157b1195e91d6bc8032b88409f281f992d3de7acffa71d832e50e6c765b7414900dab1aafe1223a8c2956ca8cd826d2101f907206b3b08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe5918ed.TMP

Filesize
467B

MD5
a0a01873588b254d028b1c4cdf45f112

SHA1
cb6c784d2cad501361c473c7f602998238b6ebba

SHA256
94bec34b1879df233a1230c8492b8afd7639795a9e537f56f2bb877e0b972a07

SHA512
d30b1a8f2d07a9d9152ada2322a4ce1a114fe2d524a26edb0522dc05a1b3e30a700eb004dbf34bb0098b2901e8a62d25de3522dcaefed91feb5955c8ced87f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\c3a592ff-d955-4614-bd91-b568e7883431.tmp

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
6f005797478942a7d117d98d6561a23d

SHA1
47e6053af211908a38cae7adc14cb1eed4d748f4

SHA256
5122b3790dc5a3776492245ea0c4883c636a8939c2f2854197796a8ed905fade

SHA512
15cdb893da40f9285485c4545ad253f2e2781547f90159f88182dacc9de88948e4b77e190744ca8e502acaeba66eb79aca6a62ae86f6e37a3a652cb45cadbe0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
37a7313d12ca8ef5ded7f52abe608440

SHA1
50d61fcd7e0c52267ef7e1c0ea76b61600106d83

SHA256
512b1b21ea839639a37b16de32b4f09aab1c6b9750f04265dd69b0dcb63578af

SHA512
d7aacaee9860d6b223d030f30d2e5533067b86aeeaefab9cac0c7c04124b09f22349160b8869225f0db5382363f30fdecf5513fdddbd2a4b55a6845138873e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
45fb9a2ce0e57d7aabd628b2e997a578

SHA1
41957a1b5524ffb173323d1f3a0247a96f715247

SHA256
53ffc0056cec094077a163d240f61f93e0c478e73ec84091470f6bb8dcd43ea3

SHA512
1f9167b4997c0a2b8467c1413ca3f5371237cae4c1d11520f90d2a9ec69d525d2ee3a25b569f3ad1f14b3e9013955d3b0009220a7948cdff4da5a37d53b3d42e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
5c6067f60c7660c9951d10d915986b32

SHA1
4bc4e88c50ebd8175389611ebd3db4489b7b0acc

SHA256
5ee3bb0d4aac50cd3216f8383803ccc8f10686ed207c85b5f40359fb9101e677

SHA512
a21f9c593e7d86869eb5b235794a840ec62f8c6d6d44603848624ce8679a37d5a3b154839423c8dab3d1946a5abae646ba1800b8951e1951bd2d8573e77ca47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
e13ab55d8d5bb64d7fd4220645000a6e

SHA1
6b1c740918a5bb29b33b81e7d1f63c4dafbb8a55

SHA256
99f1fbb1a91700d75b0cb5b96ad21cd4833cd421cb6d74603ee1a78fe73453e0

SHA512
7d358750229ff941be2db76815c08cb4db46940b34c6a107c472e47a2c21008d777d6d994869a563a85ad9e98d0cd452c468717992211ab43422cec114b3da17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
20a819d44e9c824d19ee9d3ace74ff55

SHA1
20b73c5544d47b27dcc04d2478bddb4a35e1f6f8

SHA256
c0c4b8fb1aae90a97194721bebf4604550ddb25256abdf0fdc7fae71ad5cdbef

SHA512
673c56b6f5c665122b601f8b7cec78331a2057aa982ffa88afc297d6649ad587150f44827febef5e5393c0cf28b6a6b8789d2129b38d989aef529d755c022a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe582342.TMP

Filesize
392B

MD5
396db09432b72244c0d1832883acc097

SHA1
3624b491aba8919a35138088eecbcf81e40f806a

SHA256
9d7a3da136e2ecd36912100852014514e710227edc42e8ae03469fb3d3995ef4

SHA512
ee8ecc00d89153c8cc3a271b5235e70a063260122ce0d13784ae1bbd2e55f563e45fb03f19ed9b2905357986d93a2638aaa6ac636130c36cf2153013b23ee1e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
a2389b4e8368c6cc6552dbaa1e0939de

SHA1
6035763e731ef153f1a27244a8ab969edef8e2c5

SHA256
fd2890ebdbb5dfaaac0d91f87b0b3db5283b90cd15781beb66aa920f18516136

SHA512
179190ec269d5ba194e25e9a03bab3f6b33d6224c819f254882a33c54918e247d229d039e73c72786095938c9f5dc4bf2df761ab8a1f5907bb5333ad7f9d731d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f0d33e4b-c0da-49e2-a92a-dd4f1b4f1b34.tmp

Filesize
37KB

MD5
b70308c722ca8dd5510356a27d34565c

SHA1
02c6a51a71b7dde46636fe08cf060bcb3a6c9a49

SHA256
ec691bf94e65fd8b15ff14172e59896e0b77aa95c859c21a2a44d05e31d33f2c

SHA512
1fdf1fc7ba0bd13bee89720c503f351b6e87de526ad8fd744325e491cc25be0536b66d12e9f7636ce8a4d24491fc853f32832669111e8b89dcf0eae781cc4285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
927407e0011ab4e08b8ac73372bcab40

SHA1
81d548ebc9ced9a32dca3aac973a5953c9d7687f

SHA256
637e88452cd3dc741bea493b40b6e6d79985604eabce9bf3f85e97d6f25931dd

SHA512
dbdf1922ab2016de789c7843e7e974f093c073c179d91af6487f6533727d2ca04859d1e94f5b80d08621e3d953b43365c70f610bc8a932e95892aa38a853130d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2113d301-3cf0-49e0-af3b-6b7f4f112253.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\665b74a2-07db-464f-8579-ea4614abcdc0.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4136_533928391\c0ff0f27-5bc7-44b1-a515-e23f16faf7a3.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4136_714918609\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4136_714918609\CRX_INSTALL\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\carryon.aspx

Filesize
931KB

MD5
2c513ce20b7c60597112d4fde89974f7

SHA1
064055239f662a483ff15ec17074ab462d17a325

SHA256
96335863584f848a33915247a93aa458aac5841361b6337e8e52a272bbaf6620

SHA512
32e8191697f6346a63978fbeed7f0819661ec4ef7d3d961563cd9a39a74581575934201a1c3b928d28dfdcf3b0b69e0b0b1a89713e24191d281e9e2242303c4a

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\jpeg8.dll

Filesize
684KB

MD5
e4e335ea9f7d5824a1aa3abcbc5f7dc9

SHA1
2c840163497d6db2ad9aa0cf92fe990d8b7f8074

SHA256
66c5fddaf6af0c0ecd0ce6923010c9d4f5eab184e6b6cb3f5453d405281366a4

SHA512
082550fe52adb0a1a25809484e95c02b175c63c8b03dc68655a331d2369c4b79276a4338571a605814862ede8a6673ad781ea3f0c9b5372e0df60f07b3205587

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\lib-strings.dll

Filesize
125KB

MD5
5ae0bda29f1387fbb266c12daea57d03

SHA1
154c999a371af12b80782e3012934f1f1edbf80b

SHA256
762620c3e241e8da462311bec8ae87c9a01089ac028f77384a8ea2ba3854dac1

SHA512
063cb0ab3a29c73be01fd07070e27613b185c0b67ede20f3df1e5c63a3e9ce2a9996eb7864e6f13e7088339d9dd162b2a19c44d4b761711051961424c9e49930

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\libpng16.dll

Filesize
216KB

MD5
7895937099678ccf369519179b223016

SHA1
d08fee6de6e04e9a6df35e64de0082d6dbd4ff6f

SHA256
c162ed44fe43320ebeea325eb25c6b33d5411dfba9a260d186ebcb95478ef13c

SHA512
e51c717529b289e4af7bfe0ff0036f2d17ebc21678d3f8231e976a07de1a1d03b6b183a7544a562cedbf609b188e707264ff38d4307755a9c5f5e4510eb6a57c

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\msvcp140.dll

Filesize
439KB

MD5
4d157073a891d0832b9b05fb8aca73a8

SHA1
551efcdd93ecafc6b54ebb6f8f38c505d42d61ca

SHA256
718812adb0d669eea9606432202371e358c7de6cdeafeddad222c36ae0d3f263

SHA512
141563450e4cdf44315270360414f339fc3c96ebdaa46e28a1f673237c30f5e94e6da271db67547499c14dc3bd10e39767c3b6a2a3c9cec0a64a11f0263e0c5d

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\pyjama.log

Filesize
57KB

MD5
ca3b4303b1fc32f8b79c88b41b1fe5a0

SHA1
12beed6d0b67dd1b3f1053d8f319dce4827d28d1

SHA256
f58d07cafa6957644c8bf567f0a4f1aa52be699d097a4a5482d166c3a2239a24

SHA512
09d75114dd938cd1a50ca24a989d281c08a8fe80f0ce3fa16c564a261c1e15a223185971752bae602855a933ea6b886c894ac1b96aaa64d9f3b888785aed320b

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\vcruntime140.dll

Filesize
88KB

MD5
e4ed441f0f6afb0d8d55af87900ec48f

SHA1
ac5bd77fd06ed29bebceb65371387555658870d9

SHA256
09d1e604e8cdd06176fcc3d3698861be20638a4391f9f2d9e23f868c1576ca94

SHA512
dec6d693aa2d6c043ef8ae35f7f613cf9366aeb8a5903e8e0c54644f799262229b91953c65d39f8535ce464c75bf34b3b23ddb50a9fc5f171d36d6bfa1e4d7dd

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\wxbase313u_vc_custom.dll

Filesize
3.3MB

MD5
c8387768960f1fbbec655a37213e8e08

SHA1
cd3bc4da7a6cdabad3cef44e4fe69f1f554bcd95

SHA256
f4f837de4b1fff88dfe7ab0bf1190c76d63c8a864ff6f12c3a26f21ce0e5e0db

SHA512
9fd39da83c1fe4fd2ceb65dfb4959bb5ac09f2d00820638fbed18a96d58227a3681fb20909f316f1d15d83db79ac208787472acfe772d689e0e9d1c5dbff9143

Download Submit
C:\Users\Admin\AppData\Roaming\lEC64\zlib1.dll

Filesize
109KB

MD5
dfd95d4f4160f0756f2898144ba9e300

SHA1
f6b426ce6f17255956637834105af3a403eda36c

SHA256
964cbd05e4e8cfc1ba7f1fa17625b1ce7e539e519f725f8cb7f2f342641bf03d

SHA512
d414ec8a53f972ef2fb5f2b94a4cf417ceefba9a09a4677de6c376f3a27e435cf57e8c997695971d6d99c4ef705eb803994426d3da81ef6061a276bd4b762d4f

Download Submit
memory/648-1801-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/648-1788-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/960-1972-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/960-1961-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/960-1960-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/2220-1995-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/2220-1996-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/2424-1774-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/2424-1775-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/2424-1786-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/2636-1998-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/2636-1999-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/2912-1886-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1891-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1885-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1881-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1880-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1879-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1890-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1887-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1888-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2912-1889-0x000001C28FB30000-0x000001C28FB31000-memory.dmp

Filesize
4KB

Download
memory/2972-1815-0x0000000000820000-0x000000000082E000-memory.dmp

Filesize
56KB

Download
memory/2972-1814-0x0000000000DA0000-0x0000000000E1E000-memory.dmp

Filesize
504KB

Download
memory/2972-1813-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/3456-1871-0x00007FF99E620000-0x00007FF99E7F3000-memory.dmp

Filesize
1.8MB

Download
memory/3456-1862-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3980-1860-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/3980-1859-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/4428-1802-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/4428-1789-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/4428-1790-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5028-1990-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5636-2006-0x0000000000820000-0x000000000082E000-memory.dmp

Filesize
56KB

Download
memory/5636-2004-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5636-2005-0x00000000008C0000-0x000000000093E000-memory.dmp

Filesize
504KB

Download
memory/5636-2003-0x00000000008C0000-0x000000000093E000-memory.dmp

Filesize
504KB

Download
memory/5740-1807-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5748-1975-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/5748-1976-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5748-1987-0x0000000073280000-0x00000000733FB000-memory.dmp

Filesize
1.5MB

Download
memory/5760-1858-0x0000000000820000-0x000000000082E000-memory.dmp

Filesize
56KB

Download
memory/5760-1857-0x0000000000380000-0x00000000003FE000-memory.dmp

Filesize
504KB

Download
memory/5760-1808-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5884-1974-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5928-1994-0x00007FF9BEFF0000-0x00007FF9BF1E5000-memory.dmp

Filesize
2.0MB

Download
memory/5928-2030-0x0000000000820000-0x000000000082E000-memory.dmp

Filesize
56KB

Download
memory/5928-2029-0x00000000000B0000-0x000000000012E000-memory.dmp

Filesize
504KB

Download