eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

max time kernel
153s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2023, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trojan-leaks-main/Antivirus_Installer.exe
Size

89KB
MD5

70ec6f9bec87d67c435a2b8505a72629
SHA1

8dae4c1727c73b3c1135b633e4db69e60ed522f1
SHA256

1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8
SHA512

4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c
SSDEEP

1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230509213607.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\33a40fa0-0b80-4cb6-b909-163ef14c900a.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 347123.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5152	msedge.exe
5152	msedge.exe
5184	msedge.exe
5184	msedge.exe
2708	msedge.exe
2708	msedge.exe
5240	msedge.exe
5240	msedge.exe
5144	msedge.exe
5144	msedge.exe
5192	msedge.exe
5192	msedge.exe
5252	msedge.exe
5252	msedge.exe
5228	msedge.exe
5228	msedge.exe
5740	msedge.exe
5740	msedge.exe
4428	msedge.exe
4428	msedge.exe
6560	identity_helper.exe
6560	identity_helper.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2192	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2192	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 3252	3376	Antivirus_Installer.exe	82
PID 3376 wrote to memory of 3252	3376	Antivirus_Installer.exe	82
PID 3252 wrote to memory of 4168	3252	cmd.exe	83
PID 3252 wrote to memory of 4168	3252	cmd.exe	83
PID 4168 wrote to memory of 5060	4168	msedge.exe	85
PID 4168 wrote to memory of 5060	4168	msedge.exe	85
PID 3252 wrote to memory of 1464	3252	cmd.exe	86
PID 3252 wrote to memory of 1464	3252	cmd.exe	86
PID 1464 wrote to memory of 2660	1464	msedge.exe	87
PID 1464 wrote to memory of 2660	1464	msedge.exe	87
PID 3252 wrote to memory of 4428	3252	cmd.exe	88
PID 3252 wrote to memory of 4428	3252	cmd.exe	88
PID 4428 wrote to memory of 828	4428	msedge.exe	89
PID 4428 wrote to memory of 828	4428	msedge.exe	89
PID 3252 wrote to memory of 4016	3252	cmd.exe	90
PID 3252 wrote to memory of 4016	3252	cmd.exe	90
PID 4016 wrote to memory of 3388	4016	msedge.exe	91
PID 4016 wrote to memory of 3388	4016	msedge.exe	91
PID 3252 wrote to memory of 4148	3252	cmd.exe	92
PID 3252 wrote to memory of 4148	3252	cmd.exe	92
PID 4148 wrote to memory of 3880	4148	msedge.exe	93
PID 4148 wrote to memory of 3880	4148	msedge.exe	93
PID 3252 wrote to memory of 3432	3252	cmd.exe	94
PID 3252 wrote to memory of 3432	3252	cmd.exe	94
PID 3432 wrote to memory of 4376	3432	msedge.exe	95
PID 3432 wrote to memory of 4376	3432	msedge.exe	95
PID 3252 wrote to memory of 1912	3252	cmd.exe	96
PID 3252 wrote to memory of 1912	3252	cmd.exe	96
PID 1912 wrote to memory of 1468	1912	msedge.exe	97
PID 1912 wrote to memory of 1468	1912	msedge.exe	97
PID 3252 wrote to memory of 3520	3252	cmd.exe	98
PID 3252 wrote to memory of 3520	3252	cmd.exe	98
PID 3520 wrote to memory of 3260	3520	msedge.exe	99
PID 3520 wrote to memory of 3260	3520	msedge.exe	99
PID 3252 wrote to memory of 4700	3252	cmd.exe	100
PID 3252 wrote to memory of 4700	3252	cmd.exe	100
PID 4700 wrote to memory of 4388	4700	msedge.exe	101
PID 4700 wrote to memory of 4388	4700	msedge.exe	101
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123
PID 4016 wrote to memory of 4520	4016	msedge.exe	123

C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Antivirus_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Antivirus_Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\E525.tmp\E526.tmp\E527.bat C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Antivirus_Installer.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=oAkRBqxm8tM
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:5060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10947807349163701414,14492136123490809223,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10947807349163701414,14492136123490809223,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:5136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lPySS7mt4eo
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,16670799545534244569,1306913076469872372,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,16670799545534244569,1306913076469872372,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
      4⤵
      PID:5424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://custom-gwent.com/cardsBg/1efae8b0c69810654f16b400426049fd.jpeg
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
      4⤵
      PID:5284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
      4⤵
      PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:6500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:6540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
      4⤵
      PID:7000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
      4⤵
      PID:7016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
      4⤵
      PID:5924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
      4⤵
      PID:3508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
      4⤵
      PID:6156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:6168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
      4⤵
      PID:6612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
      4⤵
      PID:6508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
      4⤵
      PID:6380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
      4⤵
      PID:6336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
      4⤵
      PID:6376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
      4⤵
      PID:6536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
      4⤵
      PID:6068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
      4⤵
      PID:5636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4752 /prefetch:8
      4⤵
      PID:5620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5652 /prefetch:8
      4⤵
      PID:1236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8412 /prefetch:8
      4⤵
      PID:972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
      4⤵
      PID:4064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1
      4⤵
      PID:3196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
      4⤵
      PID:2800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:2576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7d35e5460,0x7ff7d35e5470,0x7ff7d35e5480
        5⤵
        
        PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
      4⤵
      PID:6292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
      4⤵
      PID:4856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
      4⤵
      PID:4920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
      4⤵
      PID:5136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
      4⤵
      PID:4224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1
      4⤵
      PID:5372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2802855190218502044,4058784212426087725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5860 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.protegent360.com/softwares/PAVSetup.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:3388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,6650694017134645523,9660246829331875316,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,6650694017134645523,9660246829331875316,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
      4⤵
      PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ymbw2R3uIqc
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:3880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7808334637345254924,12588753483057115536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7808334637345254924,12588753483057115536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.fm/f/hfkwsdkmj
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:4376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,277401305631302343,6478025506288191529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
      4⤵
      PID:5212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,277401305631302343,6478025506288191529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://download2389.mediafire.com/xzhsf9dl17ng/9f8fds9s3efg7so/WannaCry+by+Rafael.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:1468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,12541440144777027054,14120766381058389793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,12541440144777027054,14120766381058389793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
      4⤵
      PID:5200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,8441343753815671133,872778727537914868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,8441343753815671133,872778727537914868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
      4⤵
      PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb370d46f8,0x7ffb370d4708,0x7ffb370d4718
      4⤵
      PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,257944040535310575,7156249706070782497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,257944040535310575,7156249706070782497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1188

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6340

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\106458e2-0f86-498c-bc1a-d3deffd81d56.tmp

Filesize
2KB

MD5
755146fa3f8e048416d0d135ee60d024

SHA1
da908d641bad3e545c8a0c9282f7a805aa75c30a

SHA256
eadc4698e2289ba061c6ad192bf5f9b113575b4a9ca3b39e2a089bf61e841242

SHA512
126163485c3430196f410a203a41fa827cd9fd95e9f07272947ebf7d5b11791a42cb65dd41e5200e563556115756adc05df154efc69da1882eedb734f7aeff79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
47KB

MD5
b76305a3195a2b17053c2e38a8d957d3

SHA1
16dac0d2ba3f6f8c2056a09dd76298c75d093c24

SHA256
913f002e9c004a2a8ab88454ca408d76d15346c544593d6883b5dcf24c4aafc4

SHA512
a8153834112da8164b9d7f0f2dea038ca160cbe17769db34b1ea7527729e87ca82da0ad95290a2d44f95d020e6f57c6d1632c4aa85f4146243ef355d3727da47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
22KB

MD5
9f1c899a371951195b4dedabf8fc4588

SHA1
7abeeee04287a2633f5d2fa32d09c4c12e76051b

SHA256
ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7

SHA512
86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
35583176d0c7438c90c9aa93c01aa45f

SHA1
6055e49146b5092689a74d40fe6d0d13c8390414

SHA256
2bf1f064d467bf58d1841f4681ac9905ef433edd0a2cfad9819fb7286f7d7260

SHA512
94111a327b9720f3fcc561e960dc6f4b2032e1b92615cf7dc56ad01fd91e848c40d83b5826b42a50f21cd918dd542cd742849d4663669def6d3cedda1da0403e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08b3aeb69bce8e731d52f19bdb08e911

SHA1
b552a38fb5ee0f59eca2d8eb8ff41b7e57d3e261

SHA256
5a2d5fa20dda61cb68e61a57fa89a41369b0102a00b557e2784723c4206620d8

SHA512
8d27d02eba320f0b10e414623285dafdb12144a67199731c498ad030696a0ec24492651adab61fc188e5fe5d50bc3a48a9126a61e4d81fe3642b40888de2d48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
a1d1528d1e2aee93e0b40ec157c92888

SHA1
889a54c08e504d58cd506226585489f27b485f3a

SHA256
aeafcf598dd0770e9e38fe9bcf14325b067a9331beb8244c042690ce00c9e4b8

SHA512
7a7044f7711fe0094177efd63c0fb8ea4ff48a951899ffa8754f928f725496277c85292a9808bfb0b45518e6cc36e38152602f711a7c48fb4548c35a6e6bb921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
d669b5b8c3789d069b9f6bf989f51a66

SHA1
4767d53a54352c32a3ee870284c7d5ee2b729fbb

SHA256
e52a0b90fe355539aa2652924ebbd9cdf588754e6ec888661dd186b94da576c9

SHA512
498d4b748bb4635d5a10584a1ddd991e41551f47f89e79cc75585ed22bbcd9c3186db500dd9d6fbdf0074503c4a7f0fbda75e4435a9b244291e7a54b0d13f028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
7ec1b2e68073ba86fade3b0affb8644c

SHA1
35fde325dcdf204554cabf8fa59b3024c6a6f4a1

SHA256
f82d0bc8cd154f48aad4795ee7286d8b0c59ef96e5d2f54f5339ccef8e8dee69

SHA512
feeaf7c5e34218bd00c9386ed2fd36a0c6ee481e6d05649c66451ad63629c49ebf7500b45be1bd282a691fdf103ee0606608813b23fe8d448461a21aa4303876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d5a1650cdad7a3e8bb8e9525202be2dc

SHA1
692df9a51ce2354e9020f0a9e1f3d1713139ef2d

SHA256
17d9c363d08cb23a54bd01dbfddc806b3fdbfc85b1f662c26b900204d49da980

SHA512
190d98377d3e4f313b21957c5c46451f3654792f44720658a17d0bbef1818afbd96d8ab897d20c5c08697b9b49352c9514d93717c0e47b3edfdc774e86e2fad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d9df8f85719279c9aa9c919649429d5e

SHA1
049b353b82fc7190dae26c3d85cfffcf7827a7b2

SHA256
a431d902634b4a7fcdf9077372eb41096b33f2259b5bf045bb6c7a0747a2d18e

SHA512
065dc4152d65b29412a7fabb5a028825c5411d14a27966188d0043d0a387b922cc1d5373765b57051708ccb8c09f591d9c6095699c245bb4fe2cdbbbc83f9acf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d679f6249408e67d423e51e7f2bdd22a

SHA1
b536a276e100dc029963b6f41a80c914f835deca

SHA256
fe3ae8073cf45724ee3413bbf16b928026af3c0ee325e6f4635fcdb3135f0483

SHA512
a574969798f832a4249d1c0ef837c023ce4d3e7a90df83e32e20b89a62aa4f235974cea4a57e422aeb215c85f24841471fdacc1929d066442f916dcb7f17bba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
62271470d2d0032cca51bc42c1e68d8a

SHA1
4fdd6025f77cff1b4be890f5c550cadbeb715e4a

SHA256
4d6107686b6d614ee03abfc3a6aa5f56626f254c48a38af14ea9f4d378f0723d

SHA512
430674b12232cd7c8d1f4b956b792951cff4e972e7c953adbea2544e269dec88a6e1c28c56a45253840d4a4fa078f7445f009d654b676452ff931dfa8dbb4693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4da89694-190d-4dc0-a637-984ce9094d36\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dc36d0c5-0d6b-4165-9654-58a9fdd51807\index-dir\the-real-index

Filesize
624B

MD5
f17d4da56c1efd6dbb1169102899f803

SHA1
93d71edeebf86838a3c657cd16d138f1659e70d7

SHA256
6386d8ad9315ada770a51078978b7915c0617b93bdb141c92f7dc61edcb8acaf

SHA512
e31317978bea56cc642791271a85c59a3be0257e30557e6c164fb76ecce23c62b28b8039977954bbf2fca42054a4a765d505c14217e8e9bf02fafd95607e0fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dc36d0c5-0d6b-4165-9654-58a9fdd51807\index-dir\the-real-index~RFe57735b.TMP

Filesize
48B

MD5
be4f6ca54c4b2ad1317688dafbc61c20

SHA1
308ea2a4dec52e8ea92e0a8448ef487b9a46bb9a

SHA256
b94a6ea82734bfe7e23664599434d972a0ffd23082d4614bff29920aa474559c

SHA512
9de7f0173f82b0b6085c841447572aa702716514cd3240f93358df85bf6427703dd4c3775c408809090ace99622bf0ba29a23d85bc2dce78ee43732781067de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
99B

MD5
2fff01b925f92a1a62ae32063be05752

SHA1
d485d8acfd7ddff18ef3fe7a39e9c4a1cc540f58

SHA256
06ee2b77fa7bf8bfdfc04dce8cd548ff7b5f7d25e82933098ab2c9ca713305fb

SHA512
a6530c1a797e4c29ebcb011cccb364e1f1e50192f5a6bd0232c0c4c70c8cfd8fba94b105729c6a7689552804cf827bcf498fe81df1c4483cd3bf0e5593fc9d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
159B

MD5
2638f0eb8b8a49688fba0efe5920afe7

SHA1
0e04c44af98fd73a65058b9537b77fdc663cb689

SHA256
a1c0cf2473938b4109dd49b93d1f8d918ff082c92d58d298b0faca4016187f6e

SHA512
bd13659de8b646fa3963c8676f3cd5c8a57a094262c1efe950ce3dc0e833343065f392297f7d17987e7d5d54b4006e2bc6d2535e5c5364290a680f65571a6d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
159B

MD5
6ef070cbedd0079d2616c70d64cf1123

SHA1
9ea4d457f31d851878dad9072ae14aefb31301fe

SHA256
2feef9f7c881948ead0913916353ebe624f2926ef9b65bfbb2cd710d37e65394

SHA512
177bf68b49191a402b968172d900aee2a5b2219e92951b8196f8d2b01c6101019b1a596087c5380857e36c2ac1e2774c1dc15e8268dfbd8a9bafa252213e49b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
95B

MD5
9fb0127a2b20558f2b7945e9d23f92fc

SHA1
a057202dc093c4adf2f0b6868fc020d999ba528c

SHA256
281231815bff8732da48fbce6e733fd76e8c0ad79e0290f243a2c6653916064b

SHA512
00e2b1f4b29eeba60ebea634a3d27b5bf663b70a554ba0a98222d5fdc061b25401c297a3cc88a42a5863c61b7af8823a349f4d226537fe6c8f96be5cc92cac84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57178f.TMP

Filesize
90B

MD5
d426a9c9d1a13969a60c24ef435504d5

SHA1
e92f88d741c5e4676cdc84abdf2f77b7f0836b2e

SHA256
fbba8bdc31eb1ef9678fcbf21555584b4cd427dc079803ffbfb6401aa6c84e8a

SHA512
d31cb35abfa00e3643ba0693da7308a98bb26854787693752bd8a5fa360837e7869c1c18202d8f513c912052b75d1cbb4c560ab60d035a07ab20d6493c8cf7b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
b86b539ebcb4cc24cf6c39e9578c8fd8

SHA1
f93596b33817382a3a1dee129c386229938ac55d

SHA256
741aa318c1c5cc02b396ca7d4f093ee1cb802355e6bc6171ae0684b4ab2bbb46

SHA512
2691ccca3da422b305b8ef289b5681c5a751d878790d528251febba090ecb8374e244ce4f597e2f41309c3ad728e2b52dcc2e59daeafa63a2d93dae62c84f6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5766e8.TMP

Filesize
48B

MD5
e698abf48924c954db7ba6844cdfebb1

SHA1
0618ad09db343e8ca5daf494634ea5d4b87406eb

SHA256
a1d7e3f09ae37b75f277af5e32abe2fcd20331d3e7519f22f4a21ba0a1293a1f

SHA512
a7d76f0850890ac9c4267d90ad94aadb51a453f214157e98a982e480ba1b82315abddd4934a9a7d869f27ce89bfa38dc35915a449c2dc14efc90613575a92165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0b0fac411ae2c0cf2071f63e646317ab

SHA1
57a8a78b693add32bf15bc5cfadc082a5e220d1b

SHA256
0e5930dcaec072a2694de9fbc840b3c7ece97e75fe98795ff85b37c9c69e9586

SHA512
83b91cc886469f75984ed105ce4b8764a6ab4cabb8d0312af6d5e33e432453869e30cc621739ea33de11496e7990f6145ea031c592ed6d3b85e8c7755ecd02c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ee1b49e4d09a4fb3997d77d98ca9a62b

SHA1
08b1cf55bd5516703abfac16c3bc9ec4c244a3f9

SHA256
07114260361e3c0d77585efa846aebdecdbe2ce252a57c4303638e724478f144

SHA512
1ece022dd542510bc5b98c06fbdf1e1fa28b1ec6d38d4fa21fbd457edbf1b27ad924635e206e32a98afd84f05bf0fcab655b49ab937022d2fb7e8d00a23f552c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
30fbf9567f035705e4b514940a92a15a

SHA1
ab084b1c01e6fd4f0c013a73c6b8812bf6f42f38

SHA256
d088f02196efcb99ae6372f3246dfaf23df8d5ef25502d9a7ad5e6e2c2259304

SHA512
da5d80980ccf87825744e5714c2cceb6827d788fc8d21d46b3925c16d6dc35756aed8ed5387d3af622c0abaf8a5de6189947c3f1fd704dc1e6f998b024279a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe575813.TMP

Filesize
1KB

MD5
d15083baa03af3f60fd623b6e1ffb877

SHA1
b6c76471d7cb0d37095b0ef9bfc884b7dd05189d

SHA256
025759204b99f95b960703fddcd7f5b7b3fdb2a945c89e63978ee711a3a0c870

SHA512
d63e697e9ecd2f55d2a60f8bc446c7ab29f2fa74e6a0c91598a15e0547bc3dd91b92a9588398af8cb702fde06ca2a5c939557e5d23f1c6864b47853c8d16a1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a771128b30d84c1595df85f5598a1cff

SHA1
92d11218c1f621556a878d909b91321cd5bc54ec

SHA256
dd5de8113c1e7d1c3886d450bb336f650b6fbd91d5cd9db3f9a9a61af5e04ec3

SHA512
000e8872ce19ce835f5673649c109ed032a70e690c0790d5e80400baa176f5bd122bda536be8a34fdec63bed8455fda2c307896dd619e4638dd290309a7f374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e82d184c4a69e82a84dd09d5b957ed28

SHA1
9005cf9f177ba6cca0bf55f2ee2ad4b4181800c4

SHA256
e026a4758f9d32078e478ee6ae51bc77638060ce692dacc160db9f998aecec8a

SHA512
c7fca89f4d3a293647a73116ee08260b20efef41c281572b25020b53a730503d34adb2fd97cc08066c6d619e53a6102e462e4566ccdd68b2d3a7cf46855468fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e82d184c4a69e82a84dd09d5b957ed28

SHA1
9005cf9f177ba6cca0bf55f2ee2ad4b4181800c4

SHA256
e026a4758f9d32078e478ee6ae51bc77638060ce692dacc160db9f998aecec8a

SHA512
c7fca89f4d3a293647a73116ee08260b20efef41c281572b25020b53a730503d34adb2fd97cc08066c6d619e53a6102e462e4566ccdd68b2d3a7cf46855468fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
98884c99e79cc4aee39d92e9653b4593

SHA1
87e752e3447d2c0d99c79cec99b5b6bb2a454366

SHA256
a3b0b966e1457b61f09a6efbbf276bfd966f6868d84b92bdcc519137fa999b90

SHA512
42a08e6daa2c0964cf044feffbf9c32d6d9321a9b5d544d64b0c4d8c58da80d22dbccc55cfd04fb46ab557517add1b6b7eed9f04704ffcdd45b4d1a265751a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bbe3ee455e96fe596ba4d1a04f2e00ba

SHA1
ff02805319b94ed1ac7af3bb5a4af7f648e9cbc6

SHA256
bd16afefba0d26087d6305045167e8153f407d1612e84005fc0f614c26380588

SHA512
29d03abee17836cf950d6eb0d22d374a4819cfcbb28ba609c4379cbc65e12964caba0f707d876234ecb2628f90418b7c342d0b726b5ddff1c42aef9aa9851617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bbe3ee455e96fe596ba4d1a04f2e00ba

SHA1
ff02805319b94ed1ac7af3bb5a4af7f648e9cbc6

SHA256
bd16afefba0d26087d6305045167e8153f407d1612e84005fc0f614c26380588

SHA512
29d03abee17836cf950d6eb0d22d374a4819cfcbb28ba609c4379cbc65e12964caba0f707d876234ecb2628f90418b7c342d0b726b5ddff1c42aef9aa9851617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
755146fa3f8e048416d0d135ee60d024

SHA1
da908d641bad3e545c8a0c9282f7a805aa75c30a

SHA256
eadc4698e2289ba061c6ad192bf5f9b113575b4a9ca3b39e2a089bf61e841242

SHA512
126163485c3430196f410a203a41fa827cd9fd95e9f07272947ebf7d5b11791a42cb65dd41e5200e563556115756adc05df154efc69da1882eedb734f7aeff79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
55c5ffbd83e67885a9dfa1dbc6f31863

SHA1
c4f1c0b22ec36b9c07074c1c97b1ab2773d0005a

SHA256
c7d6281c28d993e98508cb5340b70cf50ec7d64ce4c9d98516d7cb4e2dd30a87

SHA512
a7ce4fe9c63b6dfe36d2df22a98aa6b631cf952bfa1a778e190d0a7d89d607e3491f827d3e876d38f58b49c0f3c152dd8b06de3a04c1d111d02d975f6da2cef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e57c32fd2f83afab8440a5b25e7c4ae4

SHA1
c94915ebc0510f3cbaa1d1eace15f418a79fc42e

SHA256
6a556863d9f5f16ce5359d8d2e8c0274c237a00d29a709f249366bb35bedf6a5

SHA512
8b442f923f16d85fc954b6694be71660b630be2dd9ef738cd3aab4a384cecb98ccbe8a33ec80397f4fca455a51bba89fb66983a4f8a96bc1ed460ea998ba1a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e57c32fd2f83afab8440a5b25e7c4ae4

SHA1
c94915ebc0510f3cbaa1d1eace15f418a79fc42e

SHA256
6a556863d9f5f16ce5359d8d2e8c0274c237a00d29a709f249366bb35bedf6a5

SHA512
8b442f923f16d85fc954b6694be71660b630be2dd9ef738cd3aab4a384cecb98ccbe8a33ec80397f4fca455a51bba89fb66983a4f8a96bc1ed460ea998ba1a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4205ade54be39196c40c15bb315e1532

SHA1
9315a3d8ce479f5d64dde790e3615b3d286b5c13

SHA256
4d9d66c1e2326c7d41bf618983432b2ebe6eedf3f9894f4cd1754563faee83b7

SHA512
f5b8bac869a2a9f2d38f5cb2d149802af2708949817f3de19050f5367d32db8b84a70b73a9145f9198bdbb390f0aab5d95317946f0014ce5751a4c42b1391db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4205ade54be39196c40c15bb315e1532

SHA1
9315a3d8ce479f5d64dde790e3615b3d286b5c13

SHA256
4d9d66c1e2326c7d41bf618983432b2ebe6eedf3f9894f4cd1754563faee83b7

SHA512
f5b8bac869a2a9f2d38f5cb2d149802af2708949817f3de19050f5367d32db8b84a70b73a9145f9198bdbb390f0aab5d95317946f0014ce5751a4c42b1391db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
755146fa3f8e048416d0d135ee60d024

SHA1
da908d641bad3e545c8a0c9282f7a805aa75c30a

SHA256
eadc4698e2289ba061c6ad192bf5f9b113575b4a9ca3b39e2a089bf61e841242

SHA512
126163485c3430196f410a203a41fa827cd9fd95e9f07272947ebf7d5b11791a42cb65dd41e5200e563556115756adc05df154efc69da1882eedb734f7aeff79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e82d184c4a69e82a84dd09d5b957ed28

SHA1
9005cf9f177ba6cca0bf55f2ee2ad4b4181800c4

SHA256
e026a4758f9d32078e478ee6ae51bc77638060ce692dacc160db9f998aecec8a

SHA512
c7fca89f4d3a293647a73116ee08260b20efef41c281572b25020b53a730503d34adb2fd97cc08066c6d619e53a6102e462e4566ccdd68b2d3a7cf46855468fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e57c32fd2f83afab8440a5b25e7c4ae4

SHA1
c94915ebc0510f3cbaa1d1eace15f418a79fc42e

SHA256
6a556863d9f5f16ce5359d8d2e8c0274c237a00d29a709f249366bb35bedf6a5

SHA512
8b442f923f16d85fc954b6694be71660b630be2dd9ef738cd3aab4a384cecb98ccbe8a33ec80397f4fca455a51bba89fb66983a4f8a96bc1ed460ea998ba1a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bbe3ee455e96fe596ba4d1a04f2e00ba

SHA1
ff02805319b94ed1ac7af3bb5a4af7f648e9cbc6

SHA256
bd16afefba0d26087d6305045167e8153f407d1612e84005fc0f614c26380588

SHA512
29d03abee17836cf950d6eb0d22d374a4819cfcbb28ba609c4379cbc65e12964caba0f707d876234ecb2628f90418b7c342d0b726b5ddff1c42aef9aa9851617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a771128b30d84c1595df85f5598a1cff

SHA1
92d11218c1f621556a878d909b91321cd5bc54ec

SHA256
dd5de8113c1e7d1c3886d450bb336f650b6fbd91d5cd9db3f9a9a61af5e04ec3

SHA512
000e8872ce19ce835f5673649c109ed032a70e690c0790d5e80400baa176f5bd122bda536be8a34fdec63bed8455fda2c307896dd619e4638dd290309a7f374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4205ade54be39196c40c15bb315e1532

SHA1
9315a3d8ce479f5d64dde790e3615b3d286b5c13

SHA256
4d9d66c1e2326c7d41bf618983432b2ebe6eedf3f9894f4cd1754563faee83b7

SHA512
f5b8bac869a2a9f2d38f5cb2d149802af2708949817f3de19050f5367d32db8b84a70b73a9145f9198bdbb390f0aab5d95317946f0014ce5751a4c42b1391db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
98884c99e79cc4aee39d92e9653b4593

SHA1
87e752e3447d2c0d99c79cec99b5b6bb2a454366

SHA256
a3b0b966e1457b61f09a6efbbf276bfd966f6868d84b92bdcc519137fa999b90

SHA512
42a08e6daa2c0964cf044feffbf9c32d6d9321a9b5d544d64b0c4d8c58da80d22dbccc55cfd04fb46ab557517add1b6b7eed9f04704ffcdd45b4d1a265751a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
39e0e8d7b9d2be88167e9b1246c96b33

SHA1
b0aabbffa10a409e36678db87efc36d64e9a6146

SHA256
5754b2096defbfe71c3930bb16d15bcfd24b5df0bc68cfa0330662db93ce376c

SHA512
c923253d50f6a02c04fef326123a2b6aceadba9314a16dda8328c929ebb2352f4b0c5d9b4c346e3b8d5110d65d326eb393f3959c604852f7affd9d9c92ff75d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7eff2b45d8d338a03a5201c4d54af348

SHA1
8041d13f31d6704060250a645501d84193cb8cc4

SHA256
4f58074ff5c4e8ee139465f15896b3c78717af41159cc2f2b025347789f3d484

SHA512
9e950510790d64609ddc98c2a70da43793d8c4700d9c290ad15c8d69f7c719c0eb675d9aba852f3dd32f04f9b21e0ed99ef7a1445d6768f10c120a77f1bebaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d009b19f-e456-4cf2-8120-d646efe4dc42.tmp

Filesize
2KB

MD5
98884c99e79cc4aee39d92e9653b4593

SHA1
87e752e3447d2c0d99c79cec99b5b6bb2a454366

SHA256
a3b0b966e1457b61f09a6efbbf276bfd966f6868d84b92bdcc519137fa999b90

SHA512
42a08e6daa2c0964cf044feffbf9c32d6d9321a9b5d544d64b0c4d8c58da80d22dbccc55cfd04fb46ab557517add1b6b7eed9f04704ffcdd45b4d1a265751a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e76cf706-62dc-4657-be94-6b5c6afc591a.tmp

Filesize
2KB

MD5
a771128b30d84c1595df85f5598a1cff

SHA1
92d11218c1f621556a878d909b91321cd5bc54ec

SHA256
dd5de8113c1e7d1c3886d450bb336f650b6fbd91d5cd9db3f9a9a61af5e04ec3

SHA512
000e8872ce19ce835f5673649c109ed032a70e690c0790d5e80400baa176f5bd122bda536be8a34fdec63bed8455fda2c307896dd619e4638dd290309a7f374b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e8714633-7f1f-4f56-97b9-7087f390698c.tmp

Filesize
2KB

MD5
55c5ffbd83e67885a9dfa1dbc6f31863

SHA1
c4f1c0b22ec36b9c07074c1c97b1ab2773d0005a

SHA256
c7d6281c28d993e98508cb5340b70cf50ec7d64ce4c9d98516d7cb4e2dd30a87

SHA512
a7ce4fe9c63b6dfe36d2df22a98aa6b631cf952bfa1a778e190d0a7d89d607e3491f827d3e876d38f58b49c0f3c152dd8b06de3a04c1d111d02d975f6da2cef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\E525.tmp\E526.tmp\E527.bat

Filesize
725B

MD5
6882363dd125a39e084667ddd43532a4

SHA1
a5b6e74b292d96424d7b39ee9f71e98701f4548d

SHA256
b998f488ff63337265c33a7e298e85679393d54e6094d223cd97e549a17078ba

SHA512
7bec550ded2c532f279638050638db8abe48f7a31f1175a8caf34dd6ff4ccddfc01331211088ab0b2e3fe980846657f609a897be88eace28c0347f56d7b91a19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c3e9b3d21252b5345051e90b371092f2

SHA1
a1f23fcaed5049ba95809be013714759a8e730e6

SHA256
7e91658994784ca9d6113c96813dd81ec3cd9a45c7ee3d1c539d4c312d494cdb

SHA512
478eed32d6fc456ca544d7bd24a94c7c041b8c5bc6f6b808ee63f8826564c358c76961dd3bfe0b1c30facec9c860ce538707efb52401bfb045a713f06255ca87

Download Submit