eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d

Analysis

max time kernel
149s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trojan-leaks-main/Antivirus_Installer.exe
Size

89KB
MD5

70ec6f9bec87d67c435a2b8505a72629
SHA1

8dae4c1727c73b3c1135b633e4db69e60ed522f1
SHA256

1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8
SHA512

4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c
SSDEEP

1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e0e6af2f-9eac-4916-8d36-a190c00a59ed.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230509212536.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 978466.crdownload:SmartScreen msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 978466.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5524	msedge.exe
5524	msedge.exe
5444	msedge.exe
5444	msedge.exe
5480	msedge.exe
5480	msedge.exe
5576	msedge.exe
5576	msedge.exe
5540	msedge.exe
5540	msedge.exe
5464	msedge.exe
5464	msedge.exe
5672	msedge.exe
5672	msedge.exe
5764	msedge.exe
5764	msedge.exe
5772	msedge.exe
5772	msedge.exe
4024	msedge.exe
4024	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
7380	identity_helper.exe
7380	identity_helper.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
3380	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe
5604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe
4024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Antivirus_Installer.execmd.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	pid	process	target process
PID 208 wrote to memory of 4284	208	Antivirus_Installer.exe	cmd.exe
PID 208 wrote to memory of 4284	208	Antivirus_Installer.exe	cmd.exe
PID 4284 wrote to memory of 4244	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 4244	4284	cmd.exe	msedge.exe
PID 4244 wrote to memory of 1552	4244	msedge.exe	msedge.exe
PID 4244 wrote to memory of 1552	4244	msedge.exe	msedge.exe
PID 4284 wrote to memory of 2968	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 2968	4284	cmd.exe	msedge.exe
PID 2968 wrote to memory of 4328	2968	msedge.exe	msedge.exe
PID 2968 wrote to memory of 4328	2968	msedge.exe	msedge.exe
PID 4284 wrote to memory of 4024	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 4024	4284	cmd.exe	msedge.exe
PID 4024 wrote to memory of 3380	4024	msedge.exe	msedge.exe
PID 4024 wrote to memory of 3380	4024	msedge.exe	msedge.exe
PID 4284 wrote to memory of 1632	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 1632	4284	cmd.exe	msedge.exe
PID 1632 wrote to memory of 4340	1632	msedge.exe	msedge.exe
PID 1632 wrote to memory of 4340	1632	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3572	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 3572	4284	cmd.exe	msedge.exe
PID 3572 wrote to memory of 2808	3572	msedge.exe	msedge.exe
PID 3572 wrote to memory of 2808	3572	msedge.exe	msedge.exe
PID 4284 wrote to memory of 4348	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 4348	4284	cmd.exe	msedge.exe
PID 4348 wrote to memory of 1260	4348	msedge.exe	msedge.exe
PID 4348 wrote to memory of 1260	4348	msedge.exe	msedge.exe
PID 4284 wrote to memory of 4276	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 4276	4284	cmd.exe	msedge.exe
PID 4276 wrote to memory of 4888	4276	msedge.exe	msedge.exe
PID 4276 wrote to memory of 4888	4276	msedge.exe	msedge.exe
PID 4284 wrote to memory of 1468	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 1468	4284	cmd.exe	msedge.exe
PID 1468 wrote to memory of 700	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 700	1468	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3332	4284	cmd.exe	msedge.exe
PID 4284 wrote to memory of 3332	4284	cmd.exe	msedge.exe
PID 3332 wrote to memory of 4804	3332	msedge.exe	msedge.exe
PID 3332 wrote to memory of 4804	3332	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe
PID 1468 wrote to memory of 5428	1468	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Antivirus_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Antivirus_Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:208
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\87C.tmp\87D.tmp\87E.bat C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Antivirus_Installer.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=oAkRBqxm8tM
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:1552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12065660383220787958,2825330165133243237,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12065660383220787958,2825330165133243237,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
      4⤵
      PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lPySS7mt4eo
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:4328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7458647170480876728,43726701070125051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7458647170480876728,43726701070125051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://custom-gwent.com/cardsBg/1efae8b0c69810654f16b400426049fd.jpeg
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      PID:3380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
      4⤵
      PID:5516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
      4⤵
      PID:5820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:6900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:6872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
      4⤵
      PID:5296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
      4⤵
      PID:5840
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
      4⤵
      PID:6432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
      4⤵
      PID:5676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
      4⤵
      PID:6988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
      4⤵
      PID:7076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
      4⤵
      PID:7036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
      4⤵
      PID:7024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
      4⤵
      PID:7416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
      4⤵
      PID:7440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
      4⤵
      PID:7672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
      4⤵
      PID:7372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7328 /prefetch:8
      4⤵
      PID:7360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7556 /prefetch:8
      4⤵
      PID:7620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
      4⤵
      PID:7680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
      4⤵
      PID:7540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8008 /prefetch:8
      4⤵
      PID:6236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7520a5460,0x7ff7520a5470,0x7ff7520a5480
        5⤵
        
        PID:4424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8008 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
      4⤵
      PID:1432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
      4⤵
      PID:6680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,13437557349845713513,13254151780861947840,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.protegent360.com/softwares/PAVSetup.exe
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:4340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14775035434645904565,17673131856769085515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14775035434645904565,17673131856769085515,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
      4⤵
      PID:5472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ymbw2R3uIqc
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:2808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17778216056081404071,1520775058799452217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17778216056081404071,1520775058799452217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
      4⤵
      PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.fm/f/hfkwsdkmj
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:1260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1444,5643269053400305208,4999105842624976922,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
      4⤵
      PID:5456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,5643269053400305208,4999105842624976922,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://download2389.mediafire.com/xzhsf9dl17ng/9f8fds9s3efg7so/WannaCry+by+Rafael.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:4888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3965426248805749282,6463021597912085046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
      4⤵
      PID:5560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3965426248805749282,6463021597912085046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7083553022658862535,13802726829524842468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7083553022658862535,13802726829524842468,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
      4⤵
      PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84fe646f8,0x7ff84fe64708,0x7ff84fe64718
      4⤵
      PID:4804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1977805142898888483,4568972875912332442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:5496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1977805142898888483,4568972875912332442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6512

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
98ed6b58078114eb5943a11f5e26b54f

SHA1
e4eb80508132637884f684d5d109a94cdf931392

SHA256
19d9aa8f132be062c349f512de937f9c9c6af8d695ea2d3f1dc120b9ad66a5e4

SHA512
947f55370c865e57d0d7e6558c81354038f346c493ab24141b6c546b0c245060a597125d6c81ed9ec9ed31feeb7d27bdec5db53c03be7ef1cc3663746d2ec0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\72975ab5-4b10-4084-9b66-0eba2521c520.tmp

Filesize
2KB

MD5
a184a8fec66a4681c7c76f484da9cf78

SHA1
57a948690146beced9892c0b7106f2ef6d68c66e

SHA256
bce41de48e848a3ceb7d5e6de55caaea9a33caa4f8899c5e217da88364f640d3

SHA512
1aee79180d87c7de1e07b247b1cd809fd5fff1de27dbdaeff2447ded204a33141311fabe7f09fecc2396bb2bda9864b74b107f9121b0a86acf896f9e99e40c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8222ad76-bf3a-448a-b57d-f8dec038338d.tmp

Filesize
2KB

MD5
b554dd13611fd77399cfb3d244070ea3

SHA1
8516b1aa0c77edf857bec3e62afae34c9d8be035

SHA256
838bc5a02ba735baaa18cabaec3a78fc7675db652a6feaec5485633746882144

SHA512
c65c7a3fd7feabc0b0d57ec2093e37a532788f0a75ad1feb1be65d158d180cbcecb1d9e18a9967ce12fbfbf7b95a6a21ff8f460b2e53bc5046f1f7ec2e7f5a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\eab066b0-fd08-491d-a7dd-a03c981c1446.dmp

Filesize
4.2MB

MD5
60908fa1ef316e8a9b20d2387bd9d93a

SHA1
27f445ca88b3f0e20146873c370ca09baddd7b80

SHA256
db0e4fd2f393edb61b70de60a02a884f16a9c85e516399ad091174c552981b7c

SHA512
33d74a0326fee6548245f4025b2b5a7852c004b383aaf199482261614f29f05c3b019e3aa7cf5b01c9cc8790aaa01389d2b5dd2caba92f1bbe5ba911038b6667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50c4ad0f-e41e-4cac-b6e4-3af110550b52.tmp

Filesize
1KB

MD5
57418e03a598c1621eddd0d92d5350b5

SHA1
1be58a2379073e63002ab478bb1f5504a7c434e3

SHA256
53f6724aeb3cfddbdb6ba1b03a4a930e7ebbf796946e7f932945bf12022a4636

SHA512
98e07768b3ba7cda2087ca85bfa7f4dc5bf8cdae2fc524b0dfbed8c50c96f9e9ba5bff485e33424d3237adb3e3b2366a5111ce904b9ebf8bc6efb06adc48b2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
47KB

MD5
b76305a3195a2b17053c2e38a8d957d3

SHA1
16dac0d2ba3f6f8c2056a09dd76298c75d093c24

SHA256
913f002e9c004a2a8ab88454ca408d76d15346c544593d6883b5dcf24c4aafc4

SHA512
a8153834112da8164b9d7f0f2dea038ca160cbe17769db34b1ea7527729e87ca82da0ad95290a2d44f95d020e6f57c6d1632c4aa85f4146243ef355d3727da47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
22KB

MD5
9f1c899a371951195b4dedabf8fc4588

SHA1
7abeeee04287a2633f5d2fa32d09c4c12e76051b

SHA256
ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7

SHA512
86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
27KB

MD5
e7208f9716e97d80b5ccac41f514f449

SHA1
0230aeb7d8087f8c2b0dccb5e63af6eb5c538490

SHA256
f345147854faaca5a712aaf083c52465fb2b5953685e264c8a0544fd2aab2475

SHA512
701d075aa2e7401a9cd22528764df71b6a14d6a8814001e199230ecfaa9c64a5edd494f2e4f5fdce5f40d09e2e4b793a45a473d682d43e433c4381087441cf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
32KB

MD5
6623147e3400c2c5f18507216679973e

SHA1
48d117319ac326595ee527a2f171167db402698d

SHA256
e3abe48686cc19ad5584bf4b0321d1acf288d6393711c8b726ec94b52075b144

SHA512
31c68606d9836926d92a3af99176f56ec918907124afe4e7c00d35095053342afed9fe0543bd4ae2782e82e9db315d0aa3d2fedf52255a4dde23b4eef1c611b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0c8c36f959c673afcf8298707ac0ceec

SHA1
b3dd588b5e1b7fcd6117f9e0db61c8b2f69eceda

SHA256
5d46969b85ffa7bb33de2d65e8beed92781466b41bfe259f994069f65efc26fb

SHA512
12a66f6c7870e83c20ee126b162a15859e4e97be45769bf6ecc0f9bdd234327650dfb844832d02bec1c05c0286829634166089e89cbcbeccc03ca9611bab07d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581b43.TMP

Filesize
48B

MD5
42cf3aac3804079838507bd729462d82

SHA1
d52a5513186dd10849216f2a138e21817db64be8

SHA256
16132cf230341c104074be5f708fde4f53661f99d163f6b2ee78fbcea77c31d0

SHA512
22611b56c72c17f05c91816317a4b2004d2725bf8fabb3aa0536376bead34556d84acbe546deec3ea17a19e0acb878b51c1d43bd914365e5ec09403b8923f1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
99b7686cb24170580124b5a725d5920c

SHA1
253228dcb566bae3bcf98c0220c0046d29521777

SHA256
c91da0a6f33edeb433715edf2c96c99dce519ad6f44ea9f65915c3da304bf421

SHA512
fea41ac466b6b2b76f266b77379b9aa4fde993b38761f28854f8a060924f98abc62baa3dad132f27e439160deb167a499e740b4c529f37f5fcfa625d88da3a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7bc70de3059d1dcc124454a7ae09fcf1

SHA1
d81c4325da8f0ee0670ff8e9e60ab4ff394f6718

SHA256
d5428be34470abcdb8c8a2916a1e7e4f171eba5d35843cf087c648624f4eabb9

SHA512
ceb6b68ad22bb516a5a6bd3ad89d85c52dffe760500bcddd2d661dd2548d74bbdf38407f3d33f58ecd7eb96191a9bd0b96ad1f84d77e8601426b3c7eff57eab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e6a4114f450b755e930d4d68f9d94b81

SHA1
3c674ad6fb34b932d3245b78178eaf520dbe24a9

SHA256
7ad9da12c66f38bfbdd25563b65b6e3400cd4db9e1ca36e376f0fdd2b827d4ac

SHA512
6f4ec18de158c09ca8c7314c34778a4377a4e3f6ac5d8e80c61779f747e7f829f15d3d62f52728d106072923ca9d10366eaad59224244a4f0f16f5c373e3b622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
416a784ec5401a9f79738501121e3aaf

SHA1
5a255415249c843db5742e9a42cf9637de281ba3

SHA256
538f94eeba4ff93ba1078cb25c8e1f5ed2a15cb7bc0ccf6cea63e682beeb5297

SHA512
5ef1bb8953237f5870ac54ea8cd5b0953abff215c05e903c506c843415290349c3b1d8f09d3d380ff3daea5091bdab60c12a7d1e2d51bb8698bc9ab8c9d5c95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
558b88b3fc709e1217fc7d8f96d82872

SHA1
f4cc4906ec818636eb7b9c4135c3e10f20b8acad

SHA256
cd0cbb875be16a4da32ff8fdb8766890f3cf1dd4e86d1c150e4ed7ccf0eab036

SHA512
7253297d78218ec76b2f83328842916c1fa30fbdccec5d9d727366a7378116377fae93f667686f60f354d4ee46d6c5dfb3f086c6400bebabfc53ec18a0af5775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b66f16800c810429704526128296c57a

SHA1
1338765c729f2e1150afac84ccbfdffe30fd9dbc

SHA256
e78bb8b383f60ddd366ca6a0fa1247c0e65325fb5965102094c352eb2a3190a5

SHA512
af04d23e40666d840f23540a9c9e4a6e958c52afa9e1eebc2e0e77077e7d44243a7f3055450d13fd96e98c569692160132a49d4c4504a1b7c2c4059d70b4463b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8da6a6572713eedb70974285399e09d

SHA1
c7c0203da9631d695c41ef630e6a9a12e0a6b6bf

SHA256
14df9af9045d39e1076d7e04d89f15d54b00cb652a43eecc9adaf4714ef97c1a

SHA512
7e4e0adc1f33d9b148cd886c15878e9eff4a5fe417377213ca2567e581187ec2768d57cc0d0cd71b3a4625f04447d3b9cf35e108886b25c437b318f7405d939e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3966348bbd403f0d73c498b32b42c474

SHA1
e831a80dc7540db9afced875d230530380ec5119

SHA256
85295f1484a81c8e36f1287dbb3d8c2ff4f80a5b2dc0985b88abcf49850d7542

SHA512
75a7fe567b809507d121ecfccd5cb85d7dc8e64609f916a450345a1ba959f7535767619970de25f9474c498666ad1b08250697222d5696f7a589f663a035c41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da531666-f531-4e09-8122-110ffc7b664a\2f5c28c984820850_0

Filesize
404KB

MD5
0cca7acb81b1b466019615997e7b5b1e

SHA1
9d8900da2b993e69ce1f86376f171b7fd6c092b7

SHA256
26736816b2a61afd6079339561ceaecfd904642d57733bbe93aa4d55b1192b0f

SHA512
05c8b7882296e030786caba0c275ef1c336c2501afca632a34175e21f76ad8a176b151ec127a4505cb3918abb1740bc4a31ec09eeb8581ce62b00bed6859e69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da531666-f531-4e09-8122-110ffc7b664a\index-dir\the-real-index

Filesize
624B

MD5
db07023509fd9a9fb632be87f0e0490f

SHA1
b3a9470b10c90ed67f341427fafa7ee2497678ae

SHA256
908280a1a0e41872bf5f24e026234124e473e96356a2a9434a6ac2d9a5e5ba41

SHA512
00690ff61cf1922d1fcca0c5e734ec8e2836a81eeb776e4ec267fa8c264f8f7aa389729f74d39364548e3f0daf433a02e3ec2a40ef0f27370b500fe9237059b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\da531666-f531-4e09-8122-110ffc7b664a\index-dir\the-real-index~RFe5828c1.TMP

Filesize
48B

MD5
0165f8b57a057243aa8cb2f38653988a

SHA1
aa62452cdc440989dc4dfead15a49dd50d3d8140

SHA256
2e96cbb5e91573ce572f9272de324f76851304e5954a3f1118bf2cf57e2a32ce

SHA512
4b31d0dded37639c9c0bd31c1d42047f129486016a4be2698689f29ad921624cdd92c2948a903b9dca4144bf6a59697cb2283b95958e71796af0b476dbb7db79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
99B

MD5
7fe1ef4fa82d96b338182120755b9a6b

SHA1
09587b050330ab29c68ad99bb2d5fec2cd0199dd

SHA256
f0f35c98f7635ca0be3c91cf74edcbac904b6cd8ed58f47bfb6f429344fb679d

SHA512
02fe798505af86855f85276e7499cd6c20ff9c06627c39b8071011cf474f182c2b45348f038c795533e0631b4e1a354427fa876cb67377642dd829afb2b14989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
132b97ee93ab76c02b2753c591859520

SHA1
0b99ec343e25766ce5394eab96ac6fcc79a2dca2

SHA256
e9e84c064db8d956ca7b24d41cc91c3cfc5c8cc6eb751805e4d7a3bd2b4f65de

SHA512
f49b7314fb11f8052d978ba83579c9d2ee24a0c424e2a0364d2cdc63345fd28fd2acb985623b8b31bcec3078607381a84742621a347c88985409a6681677bef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
95B

MD5
a19c52fcbb8be2960a922bab1575031a

SHA1
ec561031368d86b5b91a7196632b4fcb2898c335

SHA256
50bfd4ac081c957f0e2d0a84fc0860cc2b6c4a3a031a38162e411b0d8508f786

SHA512
65e5d1084c3a52136d4c0a046cb9a41dc1e2a48af1ca5f1bdcb4f1f85721c596b54b5cf50386f533ce8658c414e3c2c32ab1b78f200d359210f7ee5821f2ea11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578e17.TMP

Filesize
90B

MD5
bb09b1fd7498524703a24496b42b1780

SHA1
debb249991c85de8179cb12b8190a6693977bbbd

SHA256
ca455ee69aeaecdc1d845a2ccff67eb35354816cb4e74b3d544414dba97b4110

SHA512
35aafb714f8fbc19a2755e711cb5e9c048a3e18d0056996f235e8d4057ac42cee6b70e83d49b1a2a74e5e161903b3b582d2f39c202fc46b5fc8b8be178e630dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
72fe7f1f74e47cf8f8ab9a05e3817fee

SHA1
ca0b4335c6abeef975298969189f851ebee7706b

SHA256
4f696f3337dfdfc47981b6dc210a229171d0b56053e59d62e88a8dab36a16669

SHA512
7dd07be6bdb5663220540e733c53349fff07ea084bd82695960cc91ee50450c09abb79555a0b2b6c86bcb47f53ff42d729715e91bb0599721eb6c68ae92794b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581fd7.TMP

Filesize
48B

MD5
e93397a3dc5c365776174fcab7275c21

SHA1
219ac368b96040b8f9fb28186a7943406bad4473

SHA256
a38bc74dbd1359f35814193e921064b4ac444d115638c4d8456d33c1acd62774

SHA512
9ca37796729aad7913e14cb4e37f5dc3a2ebb9f7fb395d76e38630511e34ac4fe2a4b853614adb8ae16a3dd2c93189afac773afc98882f17b042e650fce71806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f95a39838fdeb0fe424dd46b3dca8d8c

SHA1
62699e7e4fbbff4cd2297aed5a4fef34d1229e00

SHA256
313a8d3cfb147c64ae98f5679e062fed40e36ed0c530e2207b78538e5213b061

SHA512
9682ee4770540d2ec7dee9228e7a02090cd4a3bd7814e69b2a75fe0b09e21c1cd02125790a3838d78b139d03106c021df1eb6a734badd972407252133fedb52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f1bf0983fa9613b4ed10f055dd8bd2e

SHA1
b45683843158a88805b90a8766fa05d520bd1410

SHA256
5502abdbfe90c8520476e5d9ce673f067f0b45d5a862e08d4c60df3fbafddaac

SHA512
9cf4a2f77a4e5d50b86fc1f91b000e4ec3d7a12c447eb8d658b592972bdf6e345fed5465438d6c48537a575e13b35cfec36f91171927b76132388be5ab8495e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ac167e70c40a12f3e7da1e7ae21bc5f

SHA1
0545806b16002fb5428effc1a3ef31d1fef39cd2

SHA256
c22fb593bd14ca1ca5e056d7c2477ac74c55d72b3ce183c3e556495ec6d2e032

SHA512
d32378bc6cf45c3e42b7c1cd26ee30bd29289312d27d19ea2a806b6a745c710413ca48085ebbb263d06b96cab336b3abe54b2f9a7e7fb79a5fc441b4dc3c91c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57802c.TMP

Filesize
1KB

MD5
53a22b32d29f0f4d610ec8139955cc17

SHA1
a70fac6549a78eaf3630871e3ce7cf0bdde9e4e8

SHA256
910409c9742f031bc8afc703a237f049a3effc5916067ec1767fc2c491559daa

SHA512
541dd04947e6ca148145d08751962da1495d23a38580669250c9dccf207c019f3ee1a4881c41f98b141bddaf4d50b0d951c30c206ef999aedb85735f275b5305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b554dd13611fd77399cfb3d244070ea3

SHA1
8516b1aa0c77edf857bec3e62afae34c9d8be035

SHA256
838bc5a02ba735baaa18cabaec3a78fc7675db652a6feaec5485633746882144

SHA512
c65c7a3fd7feabc0b0d57ec2093e37a532788f0a75ad1feb1be65d158d180cbcecb1d9e18a9967ce12fbfbf7b95a6a21ff8f460b2e53bc5046f1f7ec2e7f5a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
ce4c2ee8a88f4fb1d1ce2f4bd0879503

SHA1
d4b87b0d3b9030bde1bca5d11b38f14d014c8ade

SHA256
aac21f8af466ed6deedb6eaeda1d360a3d1b9787ddfe832a217113dfa6b25e52

SHA512
12df02a5643e2c51ba4548f8d6ca8b47354e14424359496aa97a949bec93a4d8548df5c7817eaf885e618880b3bb90041285b57726f1eb87c2a9f620c8ffb76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
ce4c2ee8a88f4fb1d1ce2f4bd0879503

SHA1
d4b87b0d3b9030bde1bca5d11b38f14d014c8ade

SHA256
aac21f8af466ed6deedb6eaeda1d360a3d1b9787ddfe832a217113dfa6b25e52

SHA512
12df02a5643e2c51ba4548f8d6ca8b47354e14424359496aa97a949bec93a4d8548df5c7817eaf885e618880b3bb90041285b57726f1eb87c2a9f620c8ffb76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a184a8fec66a4681c7c76f484da9cf78

SHA1
57a948690146beced9892c0b7106f2ef6d68c66e

SHA256
bce41de48e848a3ceb7d5e6de55caaea9a33caa4f8899c5e217da88364f640d3

SHA512
1aee79180d87c7de1e07b247b1cd809fd5fff1de27dbdaeff2447ded204a33141311fabe7f09fecc2396bb2bda9864b74b107f9121b0a86acf896f9e99e40c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
960ef4320a42eab7e9d7bc7c9045e1e2

SHA1
78cdfdc66414eb29adcc945a9305e0bc2819310e

SHA256
70235f45d82dbd9d71afa5431dcb1336b0e48d9daddf3fab30ce24c1a45d93df

SHA512
2b5d8d68b4e3cdce343131940978f7222f75c56ebb35073bf53f585d5d560a50408959fd79463fed5fd718e5513a45e8e9a91d390a57b659e259978c43b46dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a184a8fec66a4681c7c76f484da9cf78

SHA1
57a948690146beced9892c0b7106f2ef6d68c66e

SHA256
bce41de48e848a3ceb7d5e6de55caaea9a33caa4f8899c5e217da88364f640d3

SHA512
1aee79180d87c7de1e07b247b1cd809fd5fff1de27dbdaeff2447ded204a33141311fabe7f09fecc2396bb2bda9864b74b107f9121b0a86acf896f9e99e40c3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6c55b03d96fd8641d3f6aefc4680650d

SHA1
71acbfede23334051ff4fe1d0792fa5e4b15b72f

SHA256
9dff7eced24befd18a26003e0f48427b38d1729b5868d50bb54e76e3611ed763

SHA512
837589e2481232b3cdcc744a53740de83341a345252abc0c228ae48eef0f2f31457a906608e4f335bcf9d9455cb85acca774fc9b4fa6d58a9f973ebc5c540ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
045b15266bfb6448e8298746f1224e04

SHA1
bd8f73cb38bf585b1e7ad026bee23aff205a83cf

SHA256
39c1f6b4f38f6d5a47d95ba6e25d7dc0b2ac5468f4d809b2285fb97c2f45bf3b

SHA512
b29aeccb45e5b6ad13da8e9b5d7e5efb63400e8d3188e8542dee7fdebfe6ac446537009128fec50094aef38664badf2bbe5622b0b7b995f4b2da207fbb67b7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
0e6379f70214ceb3226c9e9ebe0a6057

SHA1
0f9bb47f0d157ed59e4b011ac3badf5bb6b328e5

SHA256
c6fc731bedc88a05c2322420a82adb0bc8e497d7d548e5251af9e8dd1c00adc5

SHA512
612a9e0c68b69e8f1d98c61967a7d2d5b6ce4a8a86c61ec84e8e0ed780aabdc570469e113f3adb7f86a1fd97b1654f3db1cee479f034097b10fc2a3896311e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fa9ab2c03b6a744f4e22aee892c6ab53

SHA1
67862c51850800ed875e5ddfe49000747f0b0ee2

SHA256
3a1a8f0d3dcad3d00f768caf84078962a82366305b630c1b5471f946f6109fcb

SHA512
3da4170493f70d5f7b7885439b826b97ad0deba1f00999102dcfad7910e4efa6127987b88a2bf34bba32b4a030e06f62899e7d7106c12433bbb48027af1a1aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
5fa8c12f890689f33e2a2b2c4057a80b

SHA1
247348f30a74a585f80c3d792a1873c15ff00444

SHA256
f5ea99032cba2457cda50e103891fa474947d19cd00797c588dd4321f0360ad0

SHA512
349e54cdcd048152e6b7f4d88c93622d0ceb5bb042596cac6d7a955c99e90d2cd8231802ebafe3fab81c96efa3745d580df99d82a7520ab49ffd8b22caccfe35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6c55b03d96fd8641d3f6aefc4680650d

SHA1
71acbfede23334051ff4fe1d0792fa5e4b15b72f

SHA256
9dff7eced24befd18a26003e0f48427b38d1729b5868d50bb54e76e3611ed763

SHA512
837589e2481232b3cdcc744a53740de83341a345252abc0c228ae48eef0f2f31457a906608e4f335bcf9d9455cb85acca774fc9b4fa6d58a9f973ebc5c540ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b554dd13611fd77399cfb3d244070ea3

SHA1
8516b1aa0c77edf857bec3e62afae34c9d8be035

SHA256
838bc5a02ba735baaa18cabaec3a78fc7675db652a6feaec5485633746882144

SHA512
c65c7a3fd7feabc0b0d57ec2093e37a532788f0a75ad1feb1be65d158d180cbcecb1d9e18a9967ce12fbfbf7b95a6a21ff8f460b2e53bc5046f1f7ec2e7f5a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
045b15266bfb6448e8298746f1224e04

SHA1
bd8f73cb38bf585b1e7ad026bee23aff205a83cf

SHA256
39c1f6b4f38f6d5a47d95ba6e25d7dc0b2ac5468f4d809b2285fb97c2f45bf3b

SHA512
b29aeccb45e5b6ad13da8e9b5d7e5efb63400e8d3188e8542dee7fdebfe6ac446537009128fec50094aef38664badf2bbe5622b0b7b995f4b2da207fbb67b7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6a8ccbb7aaffc28b9b4e8ea8a9ccefc9

SHA1
3e22318f6ccf201e00aa7621d47e6ba368b81322

SHA256
decc489acacfe07a414aed24ada29eddb93d8e77cc96aec6b069d11a9039497f

SHA512
f40d3b00e3d817c0c07f97302005c1df5b367171156920a4c8d251a8ecbcc395a23f08a2eba320e7609a0f2e8ddf9489cda25cb3f3ea17d11ac3038ad40537cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6a8ccbb7aaffc28b9b4e8ea8a9ccefc9

SHA1
3e22318f6ccf201e00aa7621d47e6ba368b81322

SHA256
decc489acacfe07a414aed24ada29eddb93d8e77cc96aec6b069d11a9039497f

SHA512
f40d3b00e3d817c0c07f97302005c1df5b367171156920a4c8d251a8ecbcc395a23f08a2eba320e7609a0f2e8ddf9489cda25cb3f3ea17d11ac3038ad40537cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
960ef4320a42eab7e9d7bc7c9045e1e2

SHA1
78cdfdc66414eb29adcc945a9305e0bc2819310e

SHA256
70235f45d82dbd9d71afa5431dcb1336b0e48d9daddf3fab30ce24c1a45d93df

SHA512
2b5d8d68b4e3cdce343131940978f7222f75c56ebb35073bf53f585d5d560a50408959fd79463fed5fd718e5513a45e8e9a91d390a57b659e259978c43b46dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
ce4c2ee8a88f4fb1d1ce2f4bd0879503

SHA1
d4b87b0d3b9030bde1bca5d11b38f14d014c8ade

SHA256
aac21f8af466ed6deedb6eaeda1d360a3d1b9787ddfe832a217113dfa6b25e52

SHA512
12df02a5643e2c51ba4548f8d6ca8b47354e14424359496aa97a949bec93a4d8548df5c7817eaf885e618880b3bb90041285b57726f1eb87c2a9f620c8ffb76f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b459b100-791b-4f57-ba27-f143cef464c7.tmp

Filesize
2KB

MD5
045b15266bfb6448e8298746f1224e04

SHA1
bd8f73cb38bf585b1e7ad026bee23aff205a83cf

SHA256
39c1f6b4f38f6d5a47d95ba6e25d7dc0b2ac5468f4d809b2285fb97c2f45bf3b

SHA512
b29aeccb45e5b6ad13da8e9b5d7e5efb63400e8d3188e8542dee7fdebfe6ac446537009128fec50094aef38664badf2bbe5622b0b7b995f4b2da207fbb67b7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b9bb1989-9ade-4d0f-90b8-2c85cffd3e9f.tmp

Filesize
2KB

MD5
5fa8c12f890689f33e2a2b2c4057a80b

SHA1
247348f30a74a585f80c3d792a1873c15ff00444

SHA256
f5ea99032cba2457cda50e103891fa474947d19cd00797c588dd4321f0360ad0

SHA512
349e54cdcd048152e6b7f4d88c93622d0ceb5bb042596cac6d7a955c99e90d2cd8231802ebafe3fab81c96efa3745d580df99d82a7520ab49ffd8b22caccfe35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e78290c0-a3d4-415f-a9ea-43f4e8a5781e.tmp

Filesize
2KB

MD5
6a8ccbb7aaffc28b9b4e8ea8a9ccefc9

SHA1
3e22318f6ccf201e00aa7621d47e6ba368b81322

SHA256
decc489acacfe07a414aed24ada29eddb93d8e77cc96aec6b069d11a9039497f

SHA512
f40d3b00e3d817c0c07f97302005c1df5b367171156920a4c8d251a8ecbcc395a23f08a2eba320e7609a0f2e8ddf9489cda25cb3f3ea17d11ac3038ad40537cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e9412668-9215-4da4-ab47-af57ae3f6c56.tmp

Filesize
2KB

MD5
960ef4320a42eab7e9d7bc7c9045e1e2

SHA1
78cdfdc66414eb29adcc945a9305e0bc2819310e

SHA256
70235f45d82dbd9d71afa5431dcb1336b0e48d9daddf3fab30ce24c1a45d93df

SHA512
2b5d8d68b4e3cdce343131940978f7222f75c56ebb35073bf53f585d5d560a50408959fd79463fed5fd718e5513a45e8e9a91d390a57b659e259978c43b46dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fbd4637e-1e7f-4b4a-8254-8960b0aec78b.tmp

Filesize
2KB

MD5
6c55b03d96fd8641d3f6aefc4680650d

SHA1
71acbfede23334051ff4fe1d0792fa5e4b15b72f

SHA256
9dff7eced24befd18a26003e0f48427b38d1729b5868d50bb54e76e3611ed763

SHA512
837589e2481232b3cdcc744a53740de83341a345252abc0c228ae48eef0f2f31457a906608e4f335bcf9d9455cb85acca774fc9b4fa6d58a9f973ebc5c540ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\87C.tmp\87D.tmp\87E.bat

Filesize
725B

MD5
6882363dd125a39e084667ddd43532a4

SHA1
a5b6e74b292d96424d7b39ee9f71e98701f4548d

SHA256
b998f488ff63337265c33a7e298e85679393d54e6094d223cd97e549a17078ba

SHA512
7bec550ded2c532f279638050638db8abe48f7a31f1175a8caf34dd6ff4ccddfc01331211088ab0b2e3fe980846657f609a897be88eace28c0347f56d7b91a19

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
54489c13851ea926199b859107ad8e56

SHA1
ae47c63d046426966ca02ac452732be6c20b8a84

SHA256
7e0d3fc0d7ad0bfdc0fd6237000222671a369aadafe69cd2f50ba8bfc9e3b5c2

SHA512
827196a4597eba296e8063add43fea47c947cce964538570b6d89e54e6889ddf88448d5d959416b7cb14e6d002efaab862bae15395bed4c72541d94883b35743

Download Submit
\??\pipe\LOCAL\crashpad_1632_JFTSBULVWTOSEMJY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_2968_LKPERZMUYKSCJLLR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3332_QCALHRMEQTKQWHHK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3572_CXDFBZPEAIGCJYHG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4024_NEMMHGLGJDTNAPSY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4244_HLZNURHKOFTYXHTU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4276_BFTIIXRGDWYXPWXK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4348_UTAATEPQZYJISJRH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit