discordrat | 44b43816c2a2e8c8d7d25f89a89cf4a4d58edc256c9259c4abd10c714581171f

Analysis

max time kernel
268s
max time network
279s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
12/04/2025, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

59a0375a686303ecbcd2c954a4ed463a
SHA1

9aa598dd766664fad17cc7314781b2fd51d9b6e5
SHA256

44b43816c2a2e8c8d7d25f89a89cf4a4d58edc256c9259c4abd10c714581171f
SHA512

c8c2930d096b8d1db626edcf5826236e98c0b86e548682940948789a394e20c906ba90ba7957a4dee03bac10b171df3208864b18d1e26944b26c98fd9dd22687
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+hPIC:5Zv5PDwbjNrmAE+xIC

Score

10^/10

discordrat discovery persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTM1ODQ4Njg2NDg5NzYzODQ1MQ.GUbuHC.IO97xYxK3Oc5MyDbEWeaZtVghGPnaKrlJTzPtU
server_id
1360692353114964131

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 25 IoCs

Web Service

T1102

flow	ioc
6	discord.com
7	discord.com
10	discord.com
94	discord.com
153	discord.com
175	raw.githubusercontent.com
176	discord.com
9	discord.com
81	raw.githubusercontent.com
154	discord.com
155	discord.com
170	discord.com
171	discord.com
172	raw.githubusercontent.com
177	discord.com
3	discord.com
173	discord.com
174	discord.com
178	discord.com
4	discord.com
8	discord.com
12	discord.com
13	discord.com
14	discord.com
96	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2211465213-323295031-1970282057-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp180D.tmp.png"	Client-built.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-IT	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-NL	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1302704176\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-RU	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-ZH	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1302704176\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1302704176\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Filtering Rules	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-FR	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1302704176\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1302704176\deny_etld1_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-DE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\adblock_snippet.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Filtering Rules-AA	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Filtering Rules-CA	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\Part-ES	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133889586747773921"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2211465213-323295031-1970282057-1000\{F945DB42-CC91-489A-80DD-8310B51611F7}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2211465213-323295031-1970282057-1000\{6D46EDCE-47C0-46EC-A84C-DDC089DE2872}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
5860	msedge.exe
5860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
5124	msedge.exe
5124	msedge.exe
5124	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5420	Client-built.exe
Token: 33	860	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	860	AUDIODG.EXE
Token: SeShutdownPrivilege	5420	Client-built.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5124	msedge.exe
5124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5420 wrote to memory of 5124	5420	Client-built.exe	78
PID 5420 wrote to memory of 5124	5420	Client-built.exe	78
PID 5124 wrote to memory of 3760	5124	msedge.exe	79
PID 5124 wrote to memory of 3760	5124	msedge.exe	79
PID 5124 wrote to memory of 4908	5124	msedge.exe	80
PID 5124 wrote to memory of 4908	5124	msedge.exe	80
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5324	5124	msedge.exe	81
PID 5124 wrote to memory of 5280	5124	msedge.exe	83
PID 5124 wrote to memory of 5280	5124	msedge.exe	83
PID 5124 wrote to memory of 5280	5124	msedge.exe	83
PID 5124 wrote to memory of 5280	5124	msedge.exe	83
PID 5124 wrote to memory of 5280	5124	msedge.exe	83
PID 5124 wrote to memory of 5280	5124	msedge.exe	83
PID 5124 wrote to memory of 5280	5124	msedge.exe	83

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x344,0x7ffc2b10f208,0x7ffc2b10f214,0x7ffc2b10f220
    3⤵
    PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1868,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:11
    3⤵
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2204,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:2
    3⤵
    PID:5324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:13
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3420,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3428,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:5320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3408,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:1
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3380,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:14
    3⤵
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4756,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:14
    3⤵
    PID:1904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4640,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:14
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:14
    3⤵
    PID:4248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
      cookie_exporter.exe --cookie-json=1128
      4⤵
      PID:3204
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5884,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:14
    3⤵
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5884,i,7133304307691323002,11551150309425905023,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:14
    3⤵
    PID:3300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7ffc2b10f208,0x7ffc2b10f214,0x7ffc2b10f220
      4⤵
      PID:5048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2116,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:2
      4⤵
      PID:4492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=2168 /prefetch:11
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:13
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:14
      4⤵
      PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:14
      4⤵
      PID:5412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4464,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:14
      4⤵
      PID:3500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4536,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:1
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:14
      4⤵
      PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4480,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:14
      4⤵
      PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5376,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:1
      4⤵
      PID:1380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4412,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:14
      4⤵
      PID:3804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4408,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:14
      4⤵
      PID:244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4364,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=6120 /prefetch:14
      4⤵
      PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5260,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:14
      4⤵
      PID:5984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5904,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:14
      4⤵
      PID:5532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5308,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:14
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5688,i,9923309682312186068,3710599111253523115,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:10
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:860

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\431e3470-8e10-4bea-b262-cd937d9e7522.tmp

Filesize
41KB

MD5
1dcb8ed8362f780a5b8064ca1f6846fb

SHA1
bc5f800a91ddeb50c2bdb86a3d5ca8404bd93607

SHA256
e2f58604cd015c85989b61e0d249fef84b7d93f57691acce9a504aaf5c7a7306

SHA512
f4141c3483b423ad5cf2f13aa7c1b29e745117ab5f63627c133d5d6b692357d93cea72e0080b1b3cf0ed9e84b751746b06180e7dd307496b02f7e00174a6ddba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fa5bc1297e8d76bd37a0a63bbbd70ed2

SHA1
5a2fe5a9d826e1b3d308e82101ddfb5e5d719abf

SHA256
fd6457360464b8c99b4cde26e09a25b1c27adc9b87063734da4206dad7007d22

SHA512
847db0ccfee4266a84e9ea35294350465f04768a81bf2ca9fd641291440d2d7c6e5e0daba9a36988aee0d5b5c931f789899be52b8fb6aa85f07418797859d3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
980ca401937931ba8f2a65555dcbc914

SHA1
a16b893b96a0f1eba0e571a936cbc7da181ff35e

SHA256
9af46be3e4f9f4ed0d8645a0e3e05d8bcce4148d740c8bc1781e6b015e12649f

SHA512
a742965cefddec0f7a20caf7015bc058f3a37d00328cfa0dc423df33994c62faf65a2744d62a4ef22fa20202cfa3bbc723b88242bb9443049b4548b71ecb59db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8d2ed893b8f4cbb961b95d3b6d85fc8f

SHA1
31a5e1b42d9877104791e080f9451d390187e3f8

SHA256
3db222709159cb9ec0a71fd06952b307f12fff6cb15611e69d43f0e3806aaf8d

SHA512
047a327e135e31b1d6019bef4178514fbbde7d94a7f89afd1ba54c6e31975d8bfbd701474748ea075ca582164ee646aa80ab248d5ee7bdcb1281437c940582a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3f50359e7f4ae7766a8ec1ca386534cb

SHA1
4830d02bfc1f7da80385ba1df4bbc8d5eb08d841

SHA256
37522358d6ac61863f322af05eee0bdc893101dd4a242cc3f52e5c9b8edc5568

SHA512
e2cfcbe26963ebb3df5863f4003f8cd9a1655ca1479ed14510bf7a8559268c8eb570fa1b1559df9f9e5821e689a1e6ff7182f9300d0e8f6aceba636eace52e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
17769f7c0a22c65cf82865767a569eaa

SHA1
6c48bc5f2a580dc6dabef48123d6430c92c7ce2d

SHA256
d7f17c44b138302f89293f146506774af6ded95d285496a632ffefc4300c1e5c

SHA512
9524bb4e92232befd2b9c2bba891574a7b5a4d1f43223da42e183941067699a49d67e4845187c4c1c74b0f0fdef8b175be3fb96532780b2ac6a30c79612cc8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
28KB

MD5
a0accabe047e77519330a2ae010ae161

SHA1
7d4f2fd1bcbedd986b7b1fc42a00459d0ce457f7

SHA256
36f3da9486e1a088f88a4a61af7c87d1d7e561cc79882b5d359cac235f121c4a

SHA512
9131a74fbffa0a89254de0004edb141eda82ab488d3224e8cf5f0f36a919301b8c1a352ab56b04812a5e05d46c328ce7f16eab44d9e3297b681214eb96a62d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
67KB

MD5
b1e9d892a1f778d8063ef33ca0a2bc77

SHA1
86206ae5a62feb00b0b4e9576039ec4f364f0e7c

SHA256
1272475057684447f04f181092cda6052746d2af0ee608ca76893817b358ccab

SHA512
5686ca1320ff2222ca2940b6be18bf765e8c7d3683702fa619f576be7241aff75c586545b65ec0130b253020b00f7d4a59cfd7319d9db6dc3c8e5f5cce7af0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000097

Filesize
28KB

MD5
73d5813f04c49ee648b52489198081a5

SHA1
c001304c3ef52d772ef5a725df2e35bbd8b307e7

SHA256
9c5b35be532129f045ba7335f0e572a1643733cdae1a7ad6438d8189060c8531

SHA512
d2551bc8d0c6f4ba487fd1b650378eece6b2dd04229b95477658e738f44caee94f01ba023fceebdc37db89d182602c230d0dee7c1b56ba1af9a90c4b737141fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
36KB

MD5
28afe735c8cf73a6c88376fbd85508c1

SHA1
34fdee7096fb2cb28594ce2d5ff63e41f09c22cd

SHA256
22de5e30581bae29ba36f0a045e9901d996880838619b2af86d16a9a2c055111

SHA512
4b64d34859ebd25287e5d15ad2e622abe7222c38200f34f9e46b6e0673982a6f7384cba8353fcfe55f4ce7370f0ac4fd6126f4acfc5d42c7ddb0ca306dfad250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000099

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
98KB

MD5
00538d1a70b3d8941a4448aeb282088a

SHA1
c334f858356e474e096948af9adaacb5baac985b

SHA256
b111eb749ffb3b00944902d9be10014121d51977bffcb914af12a7a7f439a7dc

SHA512
2bc4a8d1bf35fcab4f87f1294ff2d31a63fd32b5c3db395493545c7f10a06a2085869ca2d062a361c568f4746f26fdfd9601d8157af30268f35984c5940a4d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
16KB

MD5
9b672f8be08fb3cfe49e353b062ce853

SHA1
b4d6be97d80ec65924b4757608bd7a8d95b0cfdc

SHA256
970160c369b70457921bb5e343111667b7e73137ceb961854ebc71a62244e9ef

SHA512
72583b642f935a089a18dd6f095426d9307c9dac2d86a34144e939cd0019432009d2f2814ccbc081f76b5a432996f74fc0df4163d1248f0fce63d26eacde575a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
16KB

MD5
31b185b67b182bc5f259a8f6cd1d5c88

SHA1
47ab4e212ecdc3a78b027d43a1f3d87209fbf32d

SHA256
f2e6ae87d8247e4a7e9dda325e85d3cb87c4a16e357e83f59ab43f00312e7296

SHA512
8fcf66c3c26105bf212c49561c37573c20a4f7dd9267f1d2f7a9190a8033f883e42f579058415d558e1d3ef6143a4d3b88e1080e9c251cd7a488a6c4468eabcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
20KB

MD5
2afa710cb87b11ee86fdd6035903f20f

SHA1
3420a0f169b77eb4282da9468720a0c78ae6d388

SHA256
1b8779d980ebf3bf167c1f4541898b9bb8ea3a9aabcadde1149bdb5ab5c68dd1

SHA512
c34b099db9590fc401f14eecf6d322a7bd8b1b8d0e703e1d57aa4800eaae666b1b16a384793884ffa179b854ee709cd82bec4b25d64b0735813c321ca9d2bac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
17KB

MD5
c9ddc0e99787f1c71ad4d0318ebaa271

SHA1
130f778257c7092a980bb3060a3a62c2df9e2e52

SHA256
ae020341ceb7890eee7d802ca61235455470edb114bc3dc6d9e956996f1d418d

SHA512
680ba60e72aa4381f38fd374e8b4e5aeb386ca1658c3be5ae63c22b044da687597b5044fa4cf47e7bf0d77b77a99f3b91cfab8c5fc08e177f00e97d20d5bdd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
25KB

MD5
97813a266a7572f0eb1363779dd96b92

SHA1
3d3ade54559d42cfb385f3d6e616f4849d94abf1

SHA256
121169dae7f07a1c12ce8920223dbac5b93aabece177e7d9b4780e620f90b3ea

SHA512
bd9bed3b0583d898e1c501249261d289148afde3e15dbfc38b07fc63574c7dada8348d5319d630dabcbdc91d631c0f2ec6dd9e3eb185e14f3779c464d95c1f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
16KB

MD5
6d783b8d6511c4fc96031df75b4c0a86

SHA1
0401394b47d54c4bbe7c7940219181b4761ede1d

SHA256
6a58e255d6b4d0c6224fe882b866f8734a2618e31e14f3f74637ac1fc5e384ea

SHA512
942544d57a1b5d8598fd327551c9ff6bda3349a272c183cd471145dec07fe9c331df45bc05c497003ecf8ba7d59867ca1efe032d3030aa85dbe80d69c2a2b33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
19KB

MD5
1a2fdb42829f02f3e35f81b6034a557e

SHA1
ed783495f4bc785904c6acc196f9b8d5d16c93bd

SHA256
dc348a361a39dce8134a76a6670b2373aca8514a2dc14f39e2ef9abbf4ee2b23

SHA512
532cca08a0c6490cbb3e2eb2ad5c7eb24a06b31ec6b7b75cfca049ad1c50d7b093da5431114d9e6ebaf5320316323549b714963a3b2469733beb7c2297a905bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a2

Filesize
22KB

MD5
2428669f77099716af81ced9ffd678cb

SHA1
1a1dea20137c894b177f49f6f06044196802a450

SHA256
6700ae5b2ec506f67331ccab0edb3d4a3ec8778ad9f424c24627675d44c8c5b9

SHA512
0e84bf3a62068e0088c187f4ecc616b919087b10cb197035b42348ba967b2cc260bb58245572596c9a3e72836d9936ea45be6721c9c73de43d558cc93610af55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a3

Filesize
16KB

MD5
660dc4c1597bee8dffc1e09d4c551705

SHA1
bc2882f4f25817913f4b763ad0707d2861541a5d

SHA256
7f3337db044c97b58c0bcb4c81f213ac6930db0e64f06b11f40fbeac2398342c

SHA512
399babb6a27a198c217c4475f145a90a663ced9836889363471f3e3d67e4194888a85d94b139f3c6ded150d8beecbf0e0f0dd95fa95172b6a452a697c5ebd1d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a4

Filesize
31KB

MD5
c846403819b57d4cf94cb1275a286db2

SHA1
116a902bfc9839f98ffb580db2bbe67328561075

SHA256
2adf9f48113d062efa5ba42c87b7f8ce6fee0d15e05ce609895a4037afdce722

SHA512
7efdff434bc625230106d626e372f4feee3c44fc45c7087d97b070e236b0a655ddf773f6d8b3725896b25c5cd07952694d8530056dd97fe20c79ce74ddf20f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a5

Filesize
17KB

MD5
f769fc145c0d5d2fa1bc57b2217886e7

SHA1
63889a112a0340d2525ea9bad8943409cc44acae

SHA256
7bcc70afe714cf717173db14195b545196a107836cac258364b634e20ad59597

SHA512
4d42250f56e1107601254cedabf665d9708339b9337b7209bfff02aeb8308a36dd17756cac3c495805355f67b24720625efe77767269a82675f3e85a08565ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a6

Filesize
32KB

MD5
92be11ce7e8afce00c682b3f158719bc

SHA1
c8b4c5b585b097435761876a9825eabb0cb2cd9a

SHA256
3d6db15cbf5ba88046d1d8824ffdc9e64820b86f550271d6c4b4de95f3cacdd0

SHA512
fee78f2ee8f47001c608ff90b9973f51716a756f64a3109b56103bd1005f4f340e51e82bf3c3b27d88222c46a3ffce67171a7658b62f818e6379e8aa6306ea40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a7

Filesize
120KB

MD5
5e47a8cb32c2700702df5fb698abc377

SHA1
d4ddeb56513d4667a4097ca5461f4ec0a3e81310

SHA256
115162f0bd221360232bbb8aa2a35b0ef1adf5173fc2ba7eda1432ae7becd15d

SHA512
41bdc5483cacbf3c62f2198fa3f15246c53a3e9a8e057ea7f98b5dad89ba9111219c6beccff7541b5f64c7628cf55ee61edac1d67c3c68d9817d00827ea0af45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
21KB

MD5
03163fcd6ecb30ab27376b013e6c97db

SHA1
95769b765e20972c2fca92014080015344c2aa8c

SHA256
abdc09e9ac4eb90d79736e000ef002f78e8fb7c9bc6caf9bc23fc5a236111292

SHA512
5525d8fa8d85f1a44b9c44f4f041135b2ef450474981eecf1e21a0262d0be71edf84cccee49bf91237bad655e1368d9d5e607076631db545e582ea2b7b0dd51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a9

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000aa

Filesize
60KB

MD5
5d061b791a1d025de117a04d1a88f391

SHA1
22bf0eac711cb8a1748a6f68b30e0b9e50ea3d69

SHA256
4b285731dab9dd9e7e3b0c694653a6a74bccc16fe34c96d0516bf8960b5689bc

SHA512
1ff46597d3f01cd28aa8539f2bc2871746485de11f5d7995c90014e0b0ad647fb402a54f835db9a90f29c3446171a6870c24f44fb8bbb1f85b88e3ade9e0360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
7df6434f680c29ff1425b094c3041ea6

SHA1
5c9d30b0fac090ba5cfab967e1107b8b514f0dd5

SHA256
8f6dc0d5692a59f8d79a01bec14e81625b7021e5d5e15f2d33e6abedddb8886b

SHA512
5e4a81cda9459cbb947a633feebc26184a7950657c16f34392c495d3912f33491a6db96b8e331bfa30db2c492c81ff9d0e1c76d138154a2ac273a5a6ffe67332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dffc449e0f79021335caa15fc7e93bb7

SHA1
37188ebfa8deb0c98590dba6ee589eb7c331d5b3

SHA256
4982f79a05a8a29bba147251d37db9d2a42d6618b30a896952a321e750012880

SHA512
33b9840a1eba6313f3f0a8a0f6ce5d0da0d235c40bf5fd1fdfe25ffd9320b2f77d9d968a8184216a295c2c6e740a384f4380ce4b005e301b3ff2e69e46c4b027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59773a.TMP

Filesize
4KB

MD5
0c2c9189f9ceb17f47de1080fbe1265d

SHA1
f1a0a573ea38432b9db2949425254190ba032cb6

SHA256
783d2123c14108a38ba7ccfb12e176b2395e6ff144973e634eed474042d736a0

SHA512
6af5dc1b2c729c3ad67bfaa99e1ab489111154d002410a3ffaa3e4189a6e068d128a8d45c43525b85666d4d5a5c099f8522b3330e893c70ef379cbe909fe35ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
f015fe9309b4bf0aa8e42feb031f3551

SHA1
0276cb8cd1dbbb2eeb8de5b9787015e5f10ce579

SHA256
5456b493d6c2aa794c4ee472a98f32809826c519da90ca7dde910d8dd8a85ebb

SHA512
d8854ad477db466977fb43bff7e02025f234b864a160f19368eed960dc8bd9937b6d5eb54d13ea38a7598f897700012bb7eb8dbbdfb6ee82e119b98389f8e87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
bf7d2b010977729fb937a54b7b634218

SHA1
168f89f41366269d4d4d2d1063e92509fd4975cb

SHA256
31e298907dd1a458ee628f8b6a14b8e4d6e4a046f27b8bc0e505a77ec2cca45a

SHA512
123492ca148c530e22471a7988f6d80d8c0b331d9494fe21985379f465fa8f286386fea73366954756165342bd0d1b3def4037da49eceb7a075521fbbe04f2cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
737ed70873d69ec93fac1b2992d948b6

SHA1
cf24acede1ab2cc077455a3dee185e4da7bc1410

SHA256
326f42b844af4828b05f86a8dd64a4a5816b1b0133c3005062453290819c8a12

SHA512
5154fb36ab68c29fc2568e490aa4edb4e86c356f8ed1981ee30d17d4c8e832fd91d8e5ffd084d2c6384a95c12e67b7d071b2400ae0e4e55e16c6821c9624f292

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
4e251b96d51c0054e0156030956fdd3a

SHA1
b748906879ffb3d1da3548b88e29a398bec8dbb6

SHA256
17a58255ededd6a7109eb50fd1d3aa63fb3c8cfdc2c4f35e1c5a8c0bed52781e

SHA512
86ab32109ff9e12acb500a7edc706be1c42494b4c90a10f4ccc847000e48edde59c520cbdef1766e91bc2cb78df1fa2efcd708fa89b04b9abbf734ddb51b2da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
735df1143b5bab57aaecb0032d239394

SHA1
318d1d5ff943132fe0d08c3ad12d6b6e21bdf203

SHA256
78758bb19c22a839e2bbede72bc9744de1d879b9422f9fb8ce3385a93a22c6d7

SHA512
f6e66713b334238abf8fb031bb6ebdb2cc4357ccc5b24cc3d5962de503a52c03ff2e35dc01b125905d39dca5242e183317495a9587c9704764043e54ba328014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9c3497f1354e1c637d6c36a472ac53bb

SHA1
3966a1e6ba47b37d3ab3732125d4e422b3d9bae8

SHA256
7eaf334871f09f653328fc85d59b0c0708d96b2ebf50e92cd48afca5d04ee37b

SHA512
daf1652f7a6183aa905cc711d6a4ecb35a0ffe6c976d1ac641f0ffd3eb088383b3f589b7f808b392ed54443bb4d9e84fe8d64ff1b8e5440ba813ea937db29f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
355B

MD5
2161806a4414853d749fb819e0959683

SHA1
04412750d2657d43bd52d2cc904a8debac94d1ab

SHA256
5452b7bcfd4e5b19f2d13f7c56a6dba804a54ba1a64cc488c800870583f4d176

SHA512
4d017d989ad6d147ba5f0a9dfa68f038bb9bdfa23b634729fbc650efe67454a6d620f4b166fe0fa758477eca4f1ba12795dc2b6aab6816fbc732e4fac81f7e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
12f6f7909c821e288721edf30864ba83

SHA1
b055f1423537394d9494810897c33a9f5d50dc29

SHA256
b666c51b9b8b31bcfb0f6327d0680f0ec26aa91de345e9abb77585c871bc769e

SHA512
fad354213898b373b92bf097c43bff7c697ab0ac63047f177722a975f98974de7199d9588c9a2e4ab34bcbd28fcd819d2db1c3cd7d10297bea7878f0b4ce10ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
bb04e8a2342e83e27affef3b3991b155

SHA1
82f034b130cfbccf47c951e8396561372ebd5085

SHA256
9c14c9e3f03b09f2e2026d2bbe2315e1539a28062a161cda23de42ebf448b379

SHA512
04d426a37af9616cbfa05ae49f1aa15f65ed7c75d204a137b35e56ba60c98d6d40b224d35ecff0e51d443629ffa778d2b24b60fe537f37c262cef7f6bd0e3cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
955101be1c9c3459e5d8e4df23508e66

SHA1
13380e87e8125af6b010ea83c101fcf52598ab74

SHA256
eac53fad0294cd0cf2c422cbfa8ab90c3ee2bea554dda96bcf57559c3d5a02ee

SHA512
fdc0c77dc9f465890f3fdfdaaf1b6f3e446d7089ede6dfd98b5f09274935beb3cbe63cf807c425381dd0ca0cc9d349280c58c2f7a6def3fcbd6917fedcf6ce57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a1055725-fae1-48c8-bdd9-38e1b5bb4dd9\index-dir\the-real-index

Filesize
2KB

MD5
d227bc2e2a1543da56336ca65deef471

SHA1
ed6241c0eb2501258c89f44f63a10ef360630953

SHA256
29d35de045a69f36e2dd9e6d7f6681a17a8988f9fef5b178aeb954722b841ff0

SHA512
39dc06a88140aad558849ddd245957b03da4465c961f010a2215ad2eb2a675e2a0d5e8e4a60126d4f966d1791e47bd6c8736ee733777ce8be2536aeee27c44d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a1055725-fae1-48c8-bdd9-38e1b5bb4dd9\index-dir\the-real-index

Filesize
2KB

MD5
7cad8978ee442a02f25721738734010d

SHA1
bd843d146ee0fb6a723bc776e05d5a2e67f2a165

SHA256
54044e5ad338063970fafc47ec4a6d8542f0520952cd6051193b73602cf0d8b1

SHA512
65670ba80a93b69e9df76f08abbe558479329498d3f1fd6da274e6d7848f52353e376bd0e26cdd3dfac85607f32ee95db038c8ee7914985860815b7773224b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a1055725-fae1-48c8-bdd9-38e1b5bb4dd9\index-dir\the-real-index~RFe598023.TMP

Filesize
2KB

MD5
d5901fb28575781a2fcb3dafd7ce7cde

SHA1
c296373194d8a78fb777df6c6946c35c1aa24be1

SHA256
76ee12e754f6b1ffe5494f11b561e0349d6569d5340b1a67c073de4ee347c582

SHA512
548b81b8cbf4d756d3234629df1bb26d03b53bee07cc3e24bf0b4fba8446296afe91a2c0d2ea67dbae87d1635983df845e639c478ba2f389c2058ef888249f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
caaf44347c9850702c15e1502a74229c

SHA1
bde8b5d924c2207789f7849f45c4eac3c336afac

SHA256
ded82c2c9ff2adb5e745dbd1bd1fbf76a20fa6bf9795980d361e96019e891dc3

SHA512
ee4e4abedece63191e83596ce08811ad7c6b908ef88566d6c121a0be08e3776548b1e2c062a93efe891bc9e1f392a50a147e9e1df9f575d5fde7a64c2a5e2830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
1KB

MD5
f82ab80633cdb46bbc1fb43cea850205

SHA1
4ee35f9bdd4e707c94e22ea98368db901999e9e8

SHA256
c867a124d376ea64c02faf3a08e8a651497cc89a91b220bc9685b7ea50419424

SHA512
1da9eea3a7fd6563c4ac948f5b107f77d1129157a72b20d58988b6b044ec323c89b54d998d6466add7f50869d9501ce76e4f492535cbebd72a7366e7331280df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
5ecf0c6b3a2f0cd0dbccbb0558b534a5

SHA1
f3a0dc807fbfcb49b2d1b866c30c1c416c8e2f12

SHA256
692eee88beba11e7c7da9210b1be263f3fa1c28af849622b2d5966ef9ce319c5

SHA512
e80c5e340a0c64492225a912b2253750a40219fe47c05470946a8504b08cb25923a05558ef92184b9623452f5ba58662726d724eb4d90fdf782e6da340330aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
7ed08e8dd79bf07a7063eee042763f90

SHA1
937ec0111e68c9861c5de97a9ac8e302753042c1

SHA256
59d59824c1581850643757a34a9569219244316da0e067f0cdbd4b616839ed9e

SHA512
9e8ca0ef7b41c630a09ae74ec3f1a3fa79c8b6b9af5d85c50b6447ae6793c245ea06353b54f5afc61f050b8833dcad242b5753fceefc6ba71ff27ede5a3f5455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
055e745e9e985bc133627c6a1a1e8d0c

SHA1
0bb6e6541755988fa2818bfa03626010d2d7f409

SHA256
c2790af6dde2e381c1bf15fb4447075859ebf3446dc98468730726eab872dec7

SHA512
5826f0cc34b47dad60a9eb30c5688bac00c17144b3ad5fd79a076857ff2b5022a499847e33a9c0b90a2210db1b0825560fda607e44849239c15dd7bb5e4af84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59772a.TMP

Filesize
48B

MD5
1e41efa57a712c6eb4f847a9dae4307b

SHA1
f5e1c52355c20c4f1936acefd92e383b637603e1

SHA256
3df4e13d6d5cb6b7abc5918012244a13ade5b5018a6c04fd8bf5b383e799d921

SHA512
29362565625bbbee9d81aa9a6e54e8d3b00d6e77e8da07feb166af5b0fdce5f843ebcc87fe84edb5329b7bef412d2fc4230464aca5124eca27ac3df3e80957a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
f3945c2cbcf5d8723af2c792c3de7daa

SHA1
79ac82d5266dfc29c5299a1ab297ed7cc8242078

SHA256
a26de9d924b336869a7f16910fb28225ee3f24004f8da5fe9f21a45eea1c99de

SHA512
bb75c351a53e8788b9b5a13e66835cf61ef80edb8c474ac0d4329ac90846374f3524a297e4d901621ee5ce6edfc50dd7ccebd6f04bc9b51478478b36bebbf932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
ee80d9e6f19ea12f1ac25385c2a12a30

SHA1
14290f1fe1d23063bd99573b1bbac6c258ed39fb

SHA256
8eed260c82de3ce04ef5ec864df047b05f164ed4be126ff8ec67edfadb52930f

SHA512
e5c38413fb204ac25150e4b4f42e6bd745dea9b4a68a020d70fded17b99b7d76bbc3c714c6b1f29c6d1b2b40bc1b6c2c29b02237f5ed537371f5f26f5b13963c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
79eac5bfa88dd7f4b922b74893b51276

SHA1
38f59bfcc0351981ea6a2832ee1cf0c9fc531dc4

SHA256
0cd786ff4751172e8da76bf3bec44ca09f6f7e1ee1f50862265af87d7b09febc

SHA512
e1f7a93509da8f636414cd6c1691f4b35cf416159b36c061dbacc90f36de140f6a93d528b360881fd152ff8b2a0e778f69db5e854fe2056bd90b987c9eb368d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
1b812a44d8e1252f9683f5d91adec33c

SHA1
c3ed1076e79567bade659f1a4d27f52fd263533f

SHA256
5f381d24b582dea2d6d72662cfe9a90b34e2f9617cc1451489bb57f13ee5b104

SHA512
f052a3baf895e20ccd7ff9de96851ec7c263576832c61b84dabc5a3531e747c07466503148fc34f1dbb088852b7c6e6a15882c52f4903429ced182b1dc550034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
60cc88d9ff1340af1572314bb71f989d

SHA1
9ca7fe073e539cb6aa99f39a974faff2bedbc391

SHA256
3914dff41be8c95fbe2cdfc5e8eb2e6ed41fc795eb22f3b672f5f5ec97b49bda

SHA512
3f1cf2f57dedd51b22600ed04ec0b1ae5d683d8a03f0edd36384be76d571327ea30523f2a548c214d8e0ac01c85b4ace9f986f38bf0fded27279f54b94a8567f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
3d5d15e2e51f2bc69201c6ac3d493faf

SHA1
bf547cb979861bbd862f7492c9177fbbf0a553a8

SHA256
682ea79adcc7d589dafaaa2022b47434bcf04b45fd63ff1cc13deeb5bd9c665a

SHA512
6f65184ff1ab433af72797a656262505d808e12382b4d79aa8bacc676609f7c022ec0fff022ad1b3b5eedf591c979b5182d169be3260dd42ba06b94e48507bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
51ebf8581ad6fd79aa3a1da92c97f30b

SHA1
cc562d5150f9bd48015a8226a14cac315154d82b

SHA256
082b4eec48047ae55ecf0bed07f2a509ed368b7b4f7200b3d2d1ea18815c99f6

SHA512
aed10a88d7b7e47be96c817b40eda0292231d8483d29be544c1b2ba1fb9a58597121bd51fc804848f844fbde222c518dad3b02f81b1b71326193ec59cd35f868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
eac880d2626c856218d8b27c1e210347

SHA1
dfdfd6942ba21c8530562fc71173f380ee68d970

SHA256
efff9a7cbea9b8cf603bbbf1f712b5063d7349b40a19c6895b4a5bfe5ca607cf

SHA512
dc42ef09578ea37258f6d045790d724af02519b7fe038803d8f62965a7ae22467782e8ef01c1e2042d499dc3289ba3d6d7c3cc1f4189d719e8c63c9a3d36eea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
798ed8a56c1dd23b718af167e0564f56

SHA1
2134f6f59369b9f023b72e7cab0b313329e8ddfc

SHA256
4357e70a4fb14c2eb41f1fcb842a4f91195f66ce901f3f4bc752ef75f8a52b6d

SHA512
036460d88e423ebdef6dfe87ea956bebd9c79f1d28ebc406443c5f67fe312c7815ea21102525391e00d091f3c758a73570014bc21df9840fad2440448b8f3e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
964c570701fc72f46bfb2adb377364a8

SHA1
383e643a566a48c212937269790fb983cc0a127b

SHA256
58755619d49b1311f6aef9bf081c80493bfe0681ce2289d0d250823272523456

SHA512
86d61a3bbf9fd4582f16cb2cc2e119be796a80fe89b4b50700dd4ae899dd98b4c9354f48ea14878f69128d43a408a543325a0066b2c05acef4fd6ba6a0475d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
a8a8d6e42a1cf1d89a646dc198badf3b

SHA1
0b087040dbfbfe1b0786c07c8f795c78351dcf6a

SHA256
a5e013726076d341f5a1a518004326178db882b8fa3a79fcc47f88f7a647bee1

SHA512
954a2a9a31f0fc986cd20a30718c9ad899bb642468ba4d50ac14f152de6d3ce0778b690a6ce5b737682ace612aa67c2d2ec95f547ae9fdc3468de125914789a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
e61cf247ae14af57cece386c761cd650

SHA1
5d8b6fb3f7625c58dd8cf148683da21e85a9489f

SHA256
b00cfa212f2ef4b52974cad8186f593916c966a92a9a93d0a63de211224438c6

SHA512
90a723c6be06bc2079a5149617fae52dedafb6379837ceb216c33034258fa51b91a0e80049c12d86e5f7cedd911709684e2627f44ea972b57cf35056d225c2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
114fdd93e80de8813950ca2525a83972

SHA1
10c4c45c5b188a1913002ee68ff54ac4bd4e63ab

SHA256
4e2c5ff6d455c5b5470e31b03dc2664c9017e39e7c76ae660902e37ca5e9e1fe

SHA512
43a4fadd50bec80feadbe150f90af7c5bfd7029057841e06eb6bdd26ced3251257816b27eb4db778597d355a917ae3f19e1b37eaf02be17e3c3563daa2c2e569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
204825de08206d402c279eaa87bc10c1

SHA1
6120fb0fb3f5151d52fbb7ef3cbe95c4e74e54f2

SHA256
65112e1b16cc29c2d075f7b7ca7c610f9ce0634087813a7a6c38f004ea10217f

SHA512
b283dfcdd54205c1124a659dadff3edcbe0d2170a0f6d4bd95f9e55e4763af59b76b6c42cf3d8610384a0ce54395c9d5d47686855920795e090889ea449665fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
c916006d0ffa21d40fc81d94bbe02f0d

SHA1
2f28e55efa5367856c0778823aafac26e8c6c076

SHA256
ebeabe85b28ca29b8688aa1d09be717a2806529bce72f31c503005c4d4bc3801

SHA512
3fd623b54e0cb47a0e501c011c4ddaa887fdb2e3ef714bae7b7dcceeb5a93ed3e23f3d7c7d48e8401b47090b96faa91a8f6c35e85892a46c54b56552c0dae636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
a0cf44518c0cb618dad51e435d10f403

SHA1
2be6b48d75bbd40c9322265ded053815d0e44d49

SHA256
9288802426770a612a11d38e8d8b186fe6d4c2eec2ed01fc0e84a98d6b2e98cc

SHA512
5b88ec6b480811c9af55b44191be39c09555275628d8fe6588bbebe190177fdd9cc2ffb6f04898c659eb11615026caa8dccde709624704c4ce8f12ecbf88e499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
5acfb4735374c569c1064a0f2ba0d468

SHA1
3390fbb193124946656d8ed38637b29e58caf655

SHA256
dca39473122f2a38f14fe6ce9f9d54d4e69e8ef21aa3dfcdbcd2d01749dc792e

SHA512
01d7d947c024a5ee9ca89b4d8e4798024b27b8beccfaf5cb5f39cc1946c50eafebcedaf8ab801be628e6146d35fa60d72289ad79ec106db05466e518ca020b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
29431550a78369e5f44e6d18800ae06f

SHA1
f210fe535bb77a5e3ec9bd2315a08921933d9d24

SHA256
484b83c2c83acffb3305f69a480822442a52b574d31bc5f0b07645e5fc1b00d0

SHA512
c169992cbd1e3edec37109e93b5dca882ad6b1fa5aa83676584a2cc94e60c64e3aca15ef383e0fa3ac6899270bc5441a3bd80ea9d4b2eea04cbaa0ea3dd0614f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1002406b3b4b4e759ed8ee65dce0c1ec

SHA1
265ff7dc6642da8909d020ac10e3d6beb82284c9

SHA256
b5fad17055bfe3d52d3b5a1fd9ab49f0dfad5e555aeca759b5b5d4f6169a242b

SHA512
15c3cc7dca70ffad293df9d89f3c03e2c692084d2a9708b254971713622522db9974e8dafed738f434fe573217c6247870b29f2be81a2a1733f1fe42d14f6202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1009108119\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_1302704176\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4304_44861692\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
memory/5420-2-0x0000025D1E350000-0x0000025D1E512000-memory.dmp

Filesize
1.8MB

Download
memory/5420-1-0x0000025D03DA0000-0x0000025D03DB8000-memory.dmp

Filesize
96KB

Download
memory/5420-0-0x00007FFC2C633000-0x00007FFC2C635000-memory.dmp

Filesize
8KB

Download
memory/5420-6-0x00007FFC2C630000-0x00007FFC2D0F2000-memory.dmp

Filesize
10.8MB

Download
memory/5420-1252-0x0000025D1EFD0000-0x0000025D1F29A000-memory.dmp

Filesize
2.8MB

Download
memory/5420-1253-0x0000025D21630000-0x0000025D216A6000-memory.dmp

Filesize
472KB

Download
memory/5420-1254-0x0000025D1F2A0000-0x0000025D1F2B2000-memory.dmp

Filesize
72KB

Download
memory/5420-1255-0x0000025D1F2D0000-0x0000025D1F2EE000-memory.dmp

Filesize
120KB

Download
memory/5420-3-0x00007FFC2C630000-0x00007FFC2D0F2000-memory.dmp

Filesize
10.8MB

Download
memory/5420-5-0x00007FFC2C633000-0x00007FFC2C635000-memory.dmp

Filesize
8KB

Download
memory/5420-4-0x0000025D1F4F0000-0x0000025D1FA18000-memory.dmp

Filesize
5.2MB

Download
memory/5420-1340-0x0000025D217D0000-0x0000025D2187A000-memory.dmp

Filesize
680KB

Download