589a9ca041b51e4fbe847619f741e02aaef9018eee8279b91225ad59eaa03d6c

Analysis

max time kernel
1791s
max time network
1690s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2023, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9dfd9-hello-kitty-png-2.webp
Size

20KB
MD5

f288af48b1dd0738b448d4a451eec95a
SHA1

6affc75a8cd40c38068b99d7da284f9a59a71b06
SHA256

589a9ca041b51e4fbe847619f741e02aaef9018eee8279b91225ad59eaa03d6c
SHA512

52ab86d6932c8a0b2d808d6ddd6c0b871227e235b220f2b61131c9c047c1d2cb16de91aad6b166b5734b45f6c80dc8af3e41903b34798c834312ee288722f53d
SSDEEP

384:sL/vDstglzOKDqAC0nLBuJ/vrptAq4Dyaqy0xygWIAwCHygUbCzvzE:Kst1KDqAer/Aq4Dya0W8yygXzvI

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230524203124.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4764d3b4-be55-4d9a-b75f-371b649cd6e0.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 109367.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 899696.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2836	msedge.exe
2836	msedge.exe
4956	msedge.exe
4956	msedge.exe
3512	identity_helper.exe
3512	identity_helper.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4208	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4208	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 4956	5084	cmd.exe	83
PID 5084 wrote to memory of 4956	5084	cmd.exe	83
PID 4956 wrote to memory of 4132	4956	msedge.exe	85
PID 4956 wrote to memory of 4132	4956	msedge.exe	85
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 1724	4956	msedge.exe	86
PID 4956 wrote to memory of 2836	4956	msedge.exe	87
PID 4956 wrote to memory of 2836	4956	msedge.exe	87
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88
PID 4956 wrote to memory of 3216	4956	msedge.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\9dfd9-hello-kitty-png-2.webp
1⤵
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9dfd9-hello-kitty-png-2.webp
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc472346f8,0x7ffc47234708,0x7ffc47234718
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:1724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:1916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
    3⤵
    PID:1736
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6d1585460,0x7ff6d1585470,0x7ff6d1585480
      4⤵
      PID:244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
    3⤵
    PID:2968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
    3⤵
    PID:5048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
    3⤵
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:3520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
    3⤵
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:4072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4168 /prefetch:8
    3⤵
    PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    PID:2252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
    3⤵
    PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:3012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:2292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
    3⤵
    PID:2804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
    3⤵
    PID:1076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5448 /prefetch:8
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
    3⤵
    PID:548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
    3⤵
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:4644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
    3⤵
    PID:4264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6244 /prefetch:8
    3⤵
    PID:1904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
    3⤵
    PID:4432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
    3⤵
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
    3⤵
    PID:5008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
    3⤵
    PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:1020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
    3⤵
    PID:4248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
    3⤵
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
    3⤵
    PID:3696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
    3⤵
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
    3⤵
    PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
    3⤵
    PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
    3⤵
    PID:4072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
    3⤵
    PID:4752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10004329155820502819,1492201151710762426,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2c65ccf1085f2a624551421576a3ee

SHA1
f1dea6ccfbd7803cc4489b9260758b8ad053e08e

SHA256
49bfbbfbdb367d1c91863108c87b4f2f2cfffbbbb5e9c1256344bc7f52038c54

SHA512
3abbfbb4804c6b1d1a579e56a04057f5d9c52cfd48ecbae42d919398f70da2eacd5a35cb3c3d0a559ad3515fadb1734b0d47be48dce0fdd9fd11578948a6c7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c3770be634be8da92e71a3f9f76d79d3

SHA1
f4538b79d313dd46e55d1fd3e6ca3d4681fe4c3f

SHA256
23549094c00feed7abf21e56caae3c8b22a7bd89cfc2f5ea369cf13259273432

SHA512
09c1a087be6dcb49fd0725936571946266f31298f8ae141d59b9ac60f3f0fe8e7d964f661818d72682633845b48dbb906d8c89bb33bd2060bb4971b3e14fc4a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2b4fa8c3-783f-4011-a56b-157f3b336ab8.tmp

Filesize
24KB

MD5
cfd585ce0db9a1484f8223dc2cfce2f8

SHA1
4e5e287160c05ecdff8acdfa0899faa5bad4de82

SHA256
0bcae3ddcadfadb917e4f910daefde07af8d2708b7795f3a1146102dcf6cf445

SHA512
b45dd6c3231a79155508d807d4b6f839d49e6120841c4f31147a83039515d3358822fa1fa4ae6f770b4369b96f221326c0b80dc2f0cd99d605440b12c93fb648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
c9389ff6d79f00929167e86d94179cb8

SHA1
b6e823153c057862a3a74cfabfabd18f2a4c7cf5

SHA256
fecb5956c58223de433b74014e619273315976357495cce4b5adddcc46d73ecb

SHA512
cc836895114300b244308636a2d5069f9d1aca0b77eeded381960207c000e583dbc3a3de0a3f428e5fc331696fc6a780a6d404c61676a79d73608fe95e8ec421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
87KB

MD5
3c57b7f2cb0d057fcc4738684f20736c

SHA1
d4aae3861d8bc401290a065dc1dfa06f0a6aab96

SHA256
4408d6e4a2e8e3a301a710895c44177ac8db2baba572eaf3acd9ced75c6ddf29

SHA512
7ba4797eaebdc9d5f5eb53486028c899c1fd910db3f1af8be88f218215148f984ff0443c8bf8cf43e0d148fab4ac6a0b8688b43ea303d9932f21287da908d824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
38KB

MD5
e4c780a544249a7967b82f07268ef432

SHA1
64b38d103f06b8de4241c62835f67b28a96d286c

SHA256
4d2dc675ba41d56f2aa6cc1286f3f127590c9748f7b4e0bf4c79b0b4bd620a9a

SHA512
74b9135f09dffd7a081889235d2f4c7a343291a4c4458ac69754cdd5790b455b9b98a128561d516202549e83671de13cc4e4b9cfb3ff195dc3d23b42885edf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
995KB

MD5
67d4241279a97df7fa3a57482114254f

SHA1
95c3d6c539c5332e372459bf1fee5b01738dc586

SHA256
35b03f9c9b41cbfebec25a77b782ebf145ce61bbb18e3ada0789e8bded766f32

SHA512
a87d7f9b9cf0ad29ecfbb6ca36b9db0d7581fe792521bff7d3c1f0a414a0623547dfb85b287138fb5f9ce418dddfd43ff05b082107ea98e32a89b1063a386a33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
78KB

MD5
1227deb8aa67f2fd1410d1ba887fa7cd

SHA1
6d88c9075932bdbd64514d309d38245669449e97

SHA256
453a015a2914543862048537739b3f170487f34505e55722d29fed64886ce9e0

SHA512
3172b90ee36da5c737c89330c575e146d1146cf286fbb70ee5069da286092f8716a34cfeb4f4d3213f861731757bb7b542bf369c7fbd1d9eb869fe5bc2dbd6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
45KB

MD5
ed41906b0ddc2618580f06d717a3d285

SHA1
54fa871fc6dfa89e1da0e7d81df893e9f45f037d

SHA256
a491fbd67ddab379a67223dc67f3ad88da3b4bdc472b83db0d98eeb1245fef7e

SHA512
a9fe8bd101bc4bd217378f3a5525d27ef7c21d2365cd43110e63632906ba0df0dc7cf9f9976d98b20c38e016657d30e4370be070c4f17a4ed62a5dc85e511124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
97KB

MD5
34b97f8b9e4296af5238fc8f67586b72

SHA1
e6c4b92901c1a9d8aa6a7247143c2560a90efaba

SHA256
70c158c98bf7abf5e0bb3167edf6ed0d378f9380fabcf281cf0fe59623a0c774

SHA512
0df677459ce64c61aa109aeabcf8f91e5a19a98ddc3426818d5cb256e05abab604b2455296e83fd4687798f6f241d470af431ac9e153df95283186c28c3ab4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
49KB

MD5
6983568534e8cd4d346a2638a0892bf2

SHA1
2df1d616ae8f4989dbe9427848e5974b195e0a5a

SHA256
02043e5d2b23f9582ee2645e55ac26e556496bf25f15d146eda049af1f8553b6

SHA512
11a02ae3e51eea6768f8274178feae2da5398e6c5f62a5d34146ca7edbdd484ff85e59a2e1c61a8c0e1a1eda8af8f9fe9d5470cd357c2b424719b41eb7effce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc

Filesize
1024KB

MD5
b07da0da89c28caac5b8190f198eddc1

SHA1
29998e9dd32873e180d3825e605e0e3513996eb7

SHA256
466b925fcd27659abf5bd3b792d6820482886b9eb37fb772b3e289df53f82f6d

SHA512
89d8222b452506fe569e11102d03eb4d940801862c4623489b2c4982bd52e843a6d85d90e2275098c32414567d36b7832e253cc157af87529312d01f863d94c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ed

Filesize
31KB

MD5
da272a36301202f3bf22f02c888431d6

SHA1
1cbf62379daee7fdebca18b1e7be3c61328fad93

SHA256
b55ce4ab298ace2ae7b9754428d2437a1772755cf44d59d8c2af985deefd55b2

SHA512
8d4845c892f081759e452f43432016f593dec6eabcd3189110d6da98d919e9e8300eb2ea1451b7645e5e43e451994a082a1e639215da75264c51e0522724d960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
20KB

MD5
39307e27138b106e53f1a4af27d63094

SHA1
9c2fbfb3f19bf72a282a101d1c802c287dbb5fab

SHA256
07c09b206faa8934e6b12c518a4f834d8bd5b2bbe92a07a4f169173ab620b464

SHA512
8e48c468cceab8dfb296c62c2fcf4e82adde92fc06e3b14418a4cc08dea5712aaa7f61eb5421b9d5fbc0803b1b8f2b05a344a2e3db7831212af9e2579972bc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

Filesize
24KB

MD5
744362b44620b160105aa7b2c82bfe14

SHA1
e83b19e12201af4e7cd89c585c25a8f9233d429f

SHA256
db224dee9270b3ef7d63de8863e1df0cfe81de1c74634afe65d1977020cf4c2a

SHA512
cecec24b23fdf98ca34073ff6c7f50e1842fc0a7c7c9866cffc609cf9ee84b7c1bba7c016348a8779b44836270f6bf0d8770fdf3e27eaa8ba52ed8c1ab66a98f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011e

Filesize
120KB

MD5
074e510d7454fd63a69a029e09e3ab5f

SHA1
821d72314ea22817234d03af64d76f20b6f8f4e7

SHA256
a1962c3a6f572943c1dfe6ff4ef48fed1fac8444267d03287692341081f61fd0

SHA512
e0a8d955eb759e38b41ca14248a883618e7cc78db772f372d0b809aabf8471c1b6683dd29f5ae510048a881d5441f00418d9630c97a920c2b4ad56fb823e3723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67f7b4134b0b8c43_0

Filesize
7KB

MD5
5814ca385252500acfa0aa900b0a749a

SHA1
adf331d00fed30a987696b5d404069802fc8ba61

SHA256
f57351329ee7cf41c5ec522587a739272bfc1be8bf767838850723dd3868a1c6

SHA512
a4b9ba44e886863348504887578d62f88ac2b085309b2e3406bb33e899d98762dd18864b9a7e2517e0ef2a5374fe9fa8c0d0f96e3ba2c2433f4be3b79a9b684b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc04d2919ec076f1_0

Filesize
3KB

MD5
8c363ebee762e1c9e2e5bfb3d650d2e9

SHA1
41bb64efad0c054713cff18e0c10387ee362daca

SHA256
7e6cc8b4e6462b9764b3fb1496aa369e0e6bdeddba19f1e5ea13e32aed34fe6a

SHA512
4b5a8b27037a5068c205a340d4aa1381c360304ddd51959e8eff595c90d13b2bb9a3a38d3ad4a38fc5d0f3019237d26747f677d19c3e22a5d0932c7eda2ad6ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
cedd5f2d8d6a4b16d4b263802f3ad2da

SHA1
015f0317ef2a3011db8a9ea1431c9be74f594657

SHA256
59c0eca0efd7d9acacb5323ee77bd1f9d85dca0ada537a26abc5b40babc768f8

SHA512
cb8e453254366e40cfe3b16813454c5e2df59d67765f8d73b959380fb287ddee08c7d335936bbdaa46daddb15f037ce6001f3e218af2b65ec327b68f573ed460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e44f9a3c08b1655fef66d21b1bbb9c3b

SHA1
821f0332a3fa5c1c52cadb4ba642dbe12672401f

SHA256
400a0990cd7fce56e4b3b187c411f216e2198da73224aa95b2dd5b05672692ee

SHA512
6af2f077937b786bb6c9368e0884dff33b24d7159abc26e4eb39e3ad11906821c2fe6485c384ea45907c224d8eda4931341efec070cebc6fb17067dd0c7e704a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
88f591bb872de8e3d1bc85aae16a38f4

SHA1
31198b8722193ac085be28ee872badc415c0d14a

SHA256
c51d90ef794bd75bb39415ea4260a6056ea15484d516ff033b82c030aa6816f7

SHA512
176cb88740b869d79d094da1c642e512937652c6b1d1f07f1d016e50b19fc709961864137b588c6dc3b0fa78e873bee13d992471583e00805fda23554da23df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
218120c633983915b767b1d27c1758a7

SHA1
d68b8b5ec4b0ab5052664545bcc153f91db6284e

SHA256
8b5877a75672764a12cf8d14193692fcc6b67c6f74e3f1d182346b3b9d8ff672

SHA512
75905ae39db746c350726343151b963ba016f341e956e6f298811dd18291ffe9063490f3449cec547d280a68557edde4aedfe5dfbf307a8ecf868f5270f60fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
eeb974a0db97ed16065107e048d267fe

SHA1
110265c4dfa2e9b84cc66b604d7144ceeb5084e5

SHA256
c390fc6719c46ed58c37b81f54e067ffaa4377aa65843038985845e3c13935e9

SHA512
c097fa8ad681729421a85423bc0090fe970208f534647b9f44b949caed5632899d98638e29b2319826f7603aa30b25b20811246c7f9d3f65da7a970b9717023c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
66b550df3269da69e9ad28ad69e91d5b

SHA1
f49acd4353272925ca45ab1b86a367fbee1091f7

SHA256
e6047c0d3542b2f6a5392e565c52563b756308591a3b990e2b5917647166d9dd

SHA512
9dc0e578fe8c75ffa92f8a9e906e5f82804fb4f00393c9c4511255808f8747ba51e56273c937a5e4c0d0b9dbdf664e37958a76a086d4ae07e9bd8a3fe0f7ad94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
873ce3eb247e15c3f6ff37ab36cebdb9

SHA1
11fed8df9b572aaf0354471193c7524d1adfb23a

SHA256
63caef0367859e8e3c79cf6d918306abf41e65245c320f9d837922a21747e416

SHA512
5b9dc473600ee8181448fb37dd04775eaaddcbe7be55e4a7bdf5f1a64fb46aea18027c05d294b3d9680952a12df9879aa200dafd970ebd0aa85dc17fcab83cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
4a9bcb7053389c9fbfa372c699032167

SHA1
dc2583c86458d3644be7fa8dcd292115384dec90

SHA256
0fcb63964d3d2d9edfcec1c3e11d1c29d81441faca4abba35a3a789c62ce3094

SHA512
ddbddf739f2ff2fbbcb7538ac183da9ffd323a15aa9f598e4cba5d3e9661d3f72e33219de87284b2e3fe8fc67ccdc721ee7eaa34af65f6e49c7e479aeaaefa83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
9aa75f0dc8e8d5edd1288f0804a432a6

SHA1
842507cfd54921135957e281d5be00f327b9345d

SHA256
feddcce4c3a4c319810fac40a2d5102e2b00a79eccafb3854b1aff75132a5a37

SHA512
c18efcae2f7cee98948e8829c57a0a0c95013a58eb238a93a66ff40d247d380bcc423795fb5c43702171219fd16d8e503a0836d53eeea21a147b602069dce7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
85a302ef76b10f167caa1cf1687a0198

SHA1
abea1e5e0ce9c21a0720cace32dda76fecea9277

SHA256
d622501eee1c669bd8bdb57e1d5a455f519a17dad2172e8b25d3c5f99d884e33

SHA512
5f545d1f855d0eead6e83cee1d2515e77adabf6c4b4617973a91b9805eca91ca715d30b0ddf2797cb092f43b45c855d9fbd224b7d192bfde1b0b49207d12e1f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_web.roblox.com_0.indexeddb.leveldb\LOG.old~RFe59e2a6.TMP

Filesize
349B

MD5
8534e3c2fcc7431637ba05557e9dc878

SHA1
92ecee805717f7ddfe03e43088b8fb3a431cb669

SHA256
f11440359c21c60c893a08fa516e46b65b93eea2e591aefb0a89fc6b9652b5fd

SHA512
916aa8ecb24b5ab45d61d67cbbb084be44e5c118a3de8f7c4667cc7cab845aeebf35c6f9e83611d87f725f615c4f9f76691c337e682e5a5640ddc05fa343a5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
c7ca80f6948e1946a33d8cde12f8bdac

SHA1
662487ae54cfc6e788542f8fb017330e8a99136e

SHA256
e886a999ee6979c22b1fef73a83e5222238ed4cb7ac1aec5747ba4500a4c6d5a

SHA512
6fdbae93b49e078cf62862a183a2f40122104fcf32c525bd3e46c75e2891e193eecee57c4050c02ab76821880df0b514eb42447292cf2758896de224fa9c6392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e6d1a07fd07bbe7c933a50f46e9ac451

SHA1
ecda3a1e5463e774979c90c0d752f61531ca00de

SHA256
77e2714a44b8f5259e968f4f516ad065da987eb06c250b7925d333903a9f2f5d

SHA512
3534c97342a96c720d13ce7270c9a51113c44cbc4bafadb7702e3fca2e7a09cce2866338911c28e4d73849b9d4a98c0e003ac49b2b3a4762a0710930d6ac93ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
fa3f89d66a2d853001f9c8edfebb91ca

SHA1
744d846c1f974c7a802ac35f300928ad1a0d6f74

SHA256
fb05a56c50ca7825dad4ff19f96fb14bd1796341ccb23fc10fa4b1dd6873a6b1

SHA512
25030f3208f7ad3babb75cfb6eb7a2a701b1e4f9311cfb2af0e7e36e87b0674f9e06a7bb3a1ac589c47e3e4a836918caa1f34b99d572feebd74a00dd1dfc1b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b392503d44d40ab2d84fa4f468ed022b

SHA1
3a55feea4ae4a03c049df5f07f49188c574a27a7

SHA256
f1156cc7f6a957b8d04894a628ee8c0433370c952c216dd0d3ea3283d01bf84e

SHA512
8614e9f1f14996464cabddadf1a97903c71e9322a32f060d9bc3aa0083ad68aa4a2d82503d15ccf1bd2f374c7563a6a2ef4b86dfe9882fdbc5d670716c75bda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
227417520d1ce97d029e7ba8b4a0ce92

SHA1
a09d4018c8027d8a426b154a8d9710e9f69784a9

SHA256
a65dfd46163eee86559e971a89a961637161989cd7ce632fec87c1f66edf9656

SHA512
e3cc130cdb7e0886f8b50b5932534b37e5bfeddbf0de9f34cd04f33b644835b00a972eb64cb848e5bfa4b43b7ec738190b95babffa94c9c19fda8f83e22dee42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6efc500fdd136cc91eced6ff077dc2d7

SHA1
14e927fa4b0703c9060cab5976699f18686eecfe

SHA256
85f3d67f1939b33f8ecd3aad99c3b71894e3a86ae6081e0dd31a2b2b8507db82

SHA512
78e07990b2bfb67780aab8c9a21ca752417a502589db858717e59f7aff905ea0b4c84fa8311541d41a17b23eea6e56c3c6c9d4e2d2ed056e582acada40022e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
3f79b36f48d21b6ef4f545915c3fb571

SHA1
584c8ff6de933bfdefe1ff0edc6862ce20128663

SHA256
7b11fa3f2ff301f63933967d35eb019d4588e2f462d1cdf2e7b51779490e69f7

SHA512
7d90289b6822bf258300c7bf551ec4ac50f773aeef68e63c654ab5955f5a7817b5dfa716c60b6dd61dcbd5cfc0e6082d23a63ef6bd22f864a12c42d325b8a672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
969f8e28691229d481282d978471ae71

SHA1
4b804ac0ebb39397bad0d82495aa28e6800480df

SHA256
98e2622e4617c445d8a11b1f200dfb73f31e83649ffe5dde783fe81587e91816

SHA512
1943a8f4805dadb515cc9774451d218fda2f050b975a5b5b384e04bb67ba0b45166106e54a2cb5defdcbb98d4e52bed22d40025c9e8a0c76e323042b2ccb842d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ccf716001f3b931c70eae03361e7dcd

SHA1
d3132939696869328ed1f3bcdb251646291f3c6c

SHA256
6a5064c12d18233f20c37c7559184cbc60a088c59f13da5d8149ac8499221f19

SHA512
9091c64822df374ffd717dbdca93eb5fa25d4f639f6b3ccff95194c89cc61aba0a8a3e230cb4142f61ad0a6acabf0ce8d3e78b9433fd3e53871769bf24ff9512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd9210ec1ac07aaca008de7f5a08794a

SHA1
1406de0945e98463e44307615bfcd4ef0c08e844

SHA256
e7c30a6cdcbce056018e43690f1723a1058221137b4974ea7fedecfbdd0d5628

SHA512
4fa52bc3e98ec6e199acd162a5fe1db2bc40bbdfd0a8a08cd8e804a5c193903295d77d26095b30ab69325e3a87fb28e985e1b2282fa5e44c6b19102bb55d8c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64223a72dfd5fe383bcea0b9f5aa5b07

SHA1
1168496e4991aae8af3a30290962421739d5002f

SHA256
4434a047d7d6384c0e48b0d2fa17fde26ed5eef8e57237ff41e6370a8fc88e36

SHA512
ad823856d5f77683222ced8deb4eb8f53f7f89e76192ff11c3286f1ce0840ade31a7f5c9373bd4ac0fb3bccea2cdcc44c52151af919634307ca3deaba91f422d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
0455a8d541801405b32d228dc26e3972

SHA1
1083c55a4fbd7bb94bb6c9c821b1875c7ea71c55

SHA256
21d7d0aaa96e833c4d7db5e8b8e42dc005c571c46740dcebc973f6d944a82442

SHA512
3d3cb770f5219ad907812229db59e89f856b9b75936f77bff6b68b409027d3dcd64aa9a5453c34d85d7d14d9e6304434e6cb7dbdd6ca53536703103a760bcf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f8073d6799391649b8287369eb8984f9

SHA1
8f6815cfa94a70aec1ca584b43d56dbcc6cb5125

SHA256
a46a24f8a4b2937c80ff7b944d91d97bf084059ab920d3e34e301ab596ecb5e5

SHA512
e55166c3c3db65e89a10309980e1456a96677d766b5f370de01f87ddf45995f67d10ddad6139ebd6998890c6070c1cf5b58fa2749665d18c0d16bb9e0deef0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d586a28235cc34d38d293b3f34af4e13

SHA1
45418bd45ac8555b00fe908eccbcd5f57a064b93

SHA256
9344ef9052250580846df39159ced921e0d8f3bb7274720f100f8e0b37cf869d

SHA512
0c5bc325eedffbb65302223a22a9236e03e1c8682f34c16305fe5e5516a1c144711d02f5f04d064a068ef27c65c604d66969afb472a2c546c968389036e280bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
cbd3cf6653a408a93819034b86e27fcd

SHA1
db343705a2b340b14e28e2ae0b1f0291cba5b5a4

SHA256
862d82ae3fa30c8b5d9b394fa5fbba4790c7b1c5bbf37f70e2d984d642d4f0bd

SHA512
95df86006fabb76aec067abff4b07e174ce46bf103896aea1ab713811ccbcb5196eaa8fc64a4b0e727e11653cfd15b6a1104d73fa0867465f78720f6e6e50d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
b59f24766d651bc6d947eabc733eddc5

SHA1
7252ec7e64aa71de63bf9204bc1d0bdc8ccafc80

SHA256
be9cc4dd9a960fd2742ca9f8d8e3c4eebf559f6b29a30d98ec38633e202a3391

SHA512
77b2c6c721e36b58fc8c62718c92c3df3c0a2ea4bef5af09fd2374344a160ac3d8470e395c52543709b62518c6bf4cb49d605c8c4e5965a0be40030b5fdad22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
217339322d3bc1ddf39436da9ef850ed

SHA1
80d37c4db640fbadc4d9be1765dc4361430d2df1

SHA256
20a39ca1c39888a1c8832fc8a35d1a4c7d993215829f2ec661a907cd406719f2

SHA512
eedf44dbf3eb3831194f0992cba12e471038a6ab8e72eeb6b3f651bf91fab7423a3830924964e2d8015293650c0e5762125c3e33f7ef022ae201eb2fc55c147a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54ed710cbc8345a9b835d569b550af55

SHA1
bcb6c3efbf5f1debd393aadf55e1acc081e7b274

SHA256
3c4e23d4463cdb66101aedb9de664d08f19a1b164f58f6408656f0914f2f23a0

SHA512
3137de4b49618409232016cb99f29ba496f7a223978d87885d8f66cdd6b0e5d3384a13880cc20e4c9ddec255366d124070e73b0657270fbaf67807bded87e889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
959f36209adf01b56d69bee23957421d

SHA1
7853fb57578cf40dd0c6044b467a7f7bc6abbfb4

SHA256
14ce2b10d484d704044d7d4a06779481ab9dea6cd38b52201b73a7f76997527c

SHA512
d9c6cb5d374265ce6952573663750d6a8dd268d4446bbbb8e192c327f3fb6a46a8f8ce729b68669c7ccf5c8fde81f9b580c25569e107eaf7423cdf96799417ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
afd96ca1676f508dd800cf5168ccdb79

SHA1
0f01b6fb1573777f30525fea7905a39773e39cfa

SHA256
ea89536fb5e442ce4f145afae8cae940ee4114581da90fbc9264154ae83eaee3

SHA512
b95381f2358a3334a44f9a60c55eb2b23d2024311997c11f481150a5d61e04cc3591918710362ffff7c846777efaec069032eb718a5c268277f1f1fc025ead08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d1344975b258c83c342a06ba3b8a0e63

SHA1
2c155f07547db7fc5eef4ed5290938401ee17c86

SHA256
d621cd215ffbfbc060e77870da82f1f8eec5eb8655a48564c67b50397ac43b6a

SHA512
7ee7f8bf2b78c2eea7f22957c880282ac7629497ab475dc6cae4c275801736794e032c375205fc75a95e58431feb15967d96e589c514859b81415994825d4755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c4c29c574b980e708bd6486e8dc2c585

SHA1
a08f76cc7a2c9052d75bb699c108ff677f70e601

SHA256
2a0318a1452aaec948dca6fa1b02ceea8d4e59e66ba03f39c163099b31d9e539

SHA512
ae7a1f23aaf6d23d5d93e949b06ec4633a4ea4b75aa145ebd005cd8920ff911984a5bc5e3cf81aa0b912908105a4a5fd0520834e39d55a55861a79f508ac07f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17cc8d82fa961e7d7a0c3ec2457136fe

SHA1
a859fb6626f38cc07758f36b554b208732c062a1

SHA256
58a5148759436d34191a5560df7f01bd0699326562dca9063f14d2a39828fc3b

SHA512
23a39c8d08ac67feca59931868ed1c5700e45f7279b64ac256c3c85827172b2e787ca7c96609dcfb5f6d016faf2fde532b6221aa023d05a6213b300694d522ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b3fbb8a02260d5e41407a7e1af3ee2f6

SHA1
9180c8b9593405936b0fe52272571b63829525d4

SHA256
8c1434a31409aa606a51bdae37e0853597cb408a2cf199f05e02705df3fc15de

SHA512
8a6ec40722054025a8969a80e795b026fc806a0710eb2f9e016feb68cc09a19333404a8a62910e9b0335729fd64e8e1b6250513ffc334dc8d669d96de62eb5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
327e870d37db4ecf42f76a13dd9c9d9a

SHA1
cef52637664a6cdf5315bfe308c94ccdae6ef8ea

SHA256
83167006fc8ba1cb144213474f437331aa0c26494d49ea15ec5216d10363fd18

SHA512
3d8206e8c55fb47999c127cd07387910dbdb4370d0243e86d7919681d6d073efc4e5c771600d9f3183014a3afed09bc63e0922641c1c3d880a1c0f2c5245f819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c7d75.TMP

Filesize
48B

MD5
20e6c85bac2721aad628d89a90a4ac05

SHA1
a6b4f312e7f53b8abea6a99649671ef96a50d1b3

SHA256
19938910d879588c69f8a622afc6107264247df2f79fbefeb22eff329b23f024

SHA512
faf87f65afaf2b974899618f956db23f1a074c7edb415969e4a99b9358a076c2456e64cae04c3281c3dfd0bb3b7650fe8e092bc299a30f1a08270613f2e59014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
ebaefb823c82127272546da34b9aeafa

SHA1
6c42958ff352bd37ace39e37a352fedee7a285fd

SHA256
ed7ec7e9c91563a44168629433f243f782f4941bc459f17b4172488f7036d528

SHA512
46dd2048d796784139655374736297e625cd6f5716f5eea4a5ed580218086e6c4ce0a62b50b846c7bb6cce7dfaa1da47ddf7c356d8983fe573cb6f5fceeef744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e13b248d780b60cff331b8335bc4b6a1

SHA1
40e69e6e7623875e133c950dd8d779ad686613d2

SHA256
497161e60656b475c97b3540f80c18acc979b0ecc085f16a82541cec9206cda5

SHA512
719bad5ffa14ad2de1a5396cb9acef37426c2647f81dde6e16b8b38588c012f71d9f89c858bfd37ae256d91a82ebd89595f1db6bcd4ba76a8b56f3053854c9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a58fb49dd058b0e828aab386687529ca

SHA1
0014c97eb6084e56c4d6289288ee8c20118498e9

SHA256
3d98bd5b7408eaa8ab4e32728e882e018eeaf88fc3638b5bbf09c7a4721ab55b

SHA512
611a1bc70afc3a234f0a560a392f3a42bf4b893b75af7c3637099b5dd1bbbd34a35900542a63991667bf2fa99e64b487bba621117525218f8b86f9635faf164f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7d0794786767cb55dbf1c71335d4022e

SHA1
11fb6f089f0d1280d45ca6cda5e1726a201699fb

SHA256
662912208d58e694c7dee589b1f7dfd5ef33b1596d7779b34e234cb04ab4cb4c

SHA512
e54a4555b58f9b0862a304e526720e0a051053be7aef1e1131d5403a790e02eae94cdca2ed862347b3e0ff30658e4292e297152b1c46b2ee75ecfb40fa41bbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4ac0ff5e2ababc1de11f9db4b6d1ad95

SHA1
b9d837e017cbe1002169b091ab88dc826d218fc9

SHA256
a409d236b996a373c4d4d7cba470f0575a82fdc1a8fdd333e44bf0aa5acdb628

SHA512
971ecacd216697e0c206b89e41bf82f7d218ee5f3d75ee7e8a265b054a01a9d113b34dfe4baefbc96acd5a9e98ffb63803649b4d72278d8a5799b82f4fd6d343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f9a0b44fd7254cbab13e4a08a0a0a9d7

SHA1
f7d8801c6119b0843cb21b25534f116b1fe53b8b

SHA256
af43048cd1538d30f85c79f96a90c28fa6050db9063a6eca9c82abf744eff309

SHA512
4ee03d0f2472c14031cb770b5f5f3ba0e5ba80d6d102ed133a692deb0ff0513dcc5e5bb35dd31c85a5eb89a2802041cd909272f97a971d45d14aad40ff4b76e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
28c050d44e207f1452e8e58f5a3ac5a4

SHA1
1e2f97a4dd25516554b386cbb480a214a94dd856

SHA256
308f42c6eb667ca7b21596ec15a9db25b4c1130de8f30f9d538427a0e496cbe3

SHA512
c697158cd2d7b7e02fd90859559a4e012173a6edf800b312e9c2408b23581e27522defed288aca9dfecd3ab2c1f149c750a66ff358229a42f898e4b25e5d3cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
bca797a697904ae8e9e72a7d27f11e2a

SHA1
a15710665e19e83f74a2940357081405b02abbc0

SHA256
8c74e0070321982ffb0c8af5dbda85d140215feb5c446ad7e164ed85c1eaa9c5

SHA512
ebdddddcb6d61c63b10519e297651a9c73857e6c13ef9b496955f8b0332b06af59f605f0a36d6f89afc95511f821eb6f7d295f5b24824619712ec54374fd350b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9e357b43ad7198afa36f1d2cec5fd0d9

SHA1
7ee462aa08e3fadb61e28f4c9b1185b95310eb95

SHA256
c6f7e69e6129fcee63b083c96e116263d2ba2ac9e881449a2eb3d80b35335874

SHA512
f87be6f7f4cdc04088daf8cde909cf599ebb1ce6913ffb8bfa99b768e460a578d1fedac46053067c0a635d490065e94e0518ccd9c98d3d9098baff1e79f22301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7ec3281cec7075112b77b625e3a4b589

SHA1
f0c38a5f2644ac8c541b23ba42e7ffae7074fcd2

SHA256
97d378a0196555ddad6261abbe468c2e249753431b20a9071fd6f8c6cf42c643

SHA512
29800e0c798a8af298f18075338faa57f471c7262109a03e42062bcead9eb88ffd76b60dbd3af3826f389e34bc0946c1dcf1a6607e4db80c5a69abcb6f6fbfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bea8e85e1d0c8f0af80aa27b03b6567a

SHA1
4b1ea0c737ea81fc4f06fc8ad7439c0ae274938d

SHA256
e2927fc50a7e60aa213241107e758e10172f04b19c1607f8d6b8718d11d82a72

SHA512
17ef5503eebc95ec9d4e6425989898b6ccb0f0feb8cef5c379e0ce140dcbd530aa5b95e973e1a896e113ab31b1757ca350c4a281b41e3c0c32a996e23aef746b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
9e720d0ecb562ab4d9f77547d1d74dca

SHA1
b1895d337c2c48098093f292e5f7f46bd80128b9

SHA256
8dee0c13506a2ba23cb9d1022ee0301912c31211aa72a92eddc8eed78b0c5859

SHA512
becb4d2f8afd1129da791e93b9073478852e2168d0741a117a9102a9ba02c0f6eb86ef1945ada51ff017fb21ae3b6e7a46aafed4a936d09034d507e54bbe5d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
262d762d6844669d34a4b7ac772ddd20

SHA1
8ad50ace5329c172fa3a7b8dd8a3e2ec91cd8942

SHA256
8831a9b3bca38ed71f2f500ceb13b7dc0ea43a2b35e141ae2c79fad0656bcf3b

SHA512
e512567e18c931cee615261dbd1bfab3cc2d7e3eec72d8b86a1a985095252a56bb5d7b449c91c5cec1304a5eebae701a5ce38a0c34c6b8cf016cf260b1c43ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
05c55e71cea9aede0daa1a3fe9d1be04

SHA1
c9e0300e648313e6657bfb539e2334e4cc8f045e

SHA256
a9fc4dc89f946ba4010e451b684622c183879ae07f74793e7a788e71f26531ee

SHA512
dbc3f44f3006dd87d2090d6e9fcf63c8977d0f25395994f054d29f41244c5ff5cdc20f29d50a77e31cf0987d8fc425380b73d4be9081274c99ec6307e90dd953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8b9dad0d136c6b20d56e172de7e65257

SHA1
5d79f2a9891eae7f7605b22d9a8a4e9e73afe1bd

SHA256
dff3ae31d0bfc6f82f9f46efdc8c2bc4faa0b34eb455024219d1df2f7a0fbbd4

SHA512
df06208eb730b517ee9a370585b3d90b01a9634831dcce5ab1d7262ff39de0d42e46cc2e85ccebb1cbeaf9cba87ddb0612f8e4c974203c4a682867ac5fc71bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8be1d1241aeaa1f694ef90da134c721f

SHA1
daeea06b19427338bdf9484bda537007c92bf53b

SHA256
9a10e95a8b5449d1c933c87ccbae4a4ab676fcfc7c5eab378100e58dc8bb9c2d

SHA512
b63bfb5b80bd006acafa6600a406b2d6a12a0df12c49236768d1a39a85d735f8d7d169aaf6fbf29bfbbc7466da4860276e243f5ddd20ce98c0406ad1d00699a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
e11ec22e3845769c576f69c511c613da

SHA1
3d47b536db7021a677ce97072af058b11614b477

SHA256
29c591eebf435123cbbd0a2f8b0a17e168e271cd0d22457166b545a0ddb15cec

SHA512
70109372b1c6c037c2a486e85bb843e8dd9c7720abd8f94f7567d03f64f9b6d7bf6e7ff813ddb2258e39e42d3a492d0beff7d1852dfaa7bd861dbbb6e1e679f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
4193b82100f155103818cb3a4ad2b556

SHA1
edd4bc24aae0fa2ee5791958451b070d7faccf79

SHA256
fb1e29823be23b66b3f68610b4f48ed33bac72ea46765b6dd25f02213cfc808b

SHA512
1fc8c1784a59a9883012375fb849b5063f7d7581076b771b8161aaa1d507ce21c9bfa2ac4b2f811bbfda7ae605cbd6b0e46caf6a1af6e9430173e7a75e57f6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
c034c9ff30a37cc8bd22549907cdfb29

SHA1
228a8a749c4916ccdab146e4e6f2ce995e9dbfad

SHA256
1e2840db3e0688809cb746b418622914b776523b9fe62d0200c271b4b6b1f85e

SHA512
e9375a352d4031bc818ace8605e9d957780774f14856bb189d1662ae215b0246a9c15c163b8ec2360d41a0356e3803967244fa8c12cf448eb6db54a8b640b875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d66a.TMP

Filesize
536B

MD5
51100f94cfe49cfb93fde6274fe98e79

SHA1
d2df79ab94bacbe793bbb42c642815d315b24b94

SHA256
3d3221fc1b3f8f584bd4e4d0a3a279228f421d515f54690e036407b3f1b019e9

SHA512
cc6577ecdcef52d1a46c576b70cd9daf23118780f34acd4534025cc74f782a2f38712b608b9c912cbd26ca86f81a30e74c635ef6d7de3a770b339c4389e9c669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a499c386-f531-4c59-b9a5-a3bb68ce6db0.tmp

Filesize
6KB

MD5
3b8be5d20af958525cc8625d166c97d6

SHA1
f6df5d5f83d264e193c510894202134f9b11cd30

SHA256
0afd058002a8d229620d0ba7da5e1832d3d5d1d43e10e89e91357196c10e3217

SHA512
f0d8732484a2fd10434987c8c27f58b61034ded1d954db2c15bb22d23a1a6bf3cdb2aa8affb6a01d9b9cb46d7bb82a0a537c10abb749c1a98e8f3460308379b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
351641e47e18976450dce62f3b8ff77e

SHA1
2cc33a501450fbbf36825c3944f27455f5bb793e

SHA256
b4ce32d33faf055694166f69550883993a45ae1011e1b946affb421852ef792a

SHA512
a5d942c0148b26043a4a3d7d2d0fd8451f2b4ac974bbb84d73e03e95dd87cae726612b3bc6d4d6fa7ad3c6753b3a6d346e98048b9c68bad6314923ea864d24dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4b353810276e6403f94fa4c4bf362acd

SHA1
8170b693314193046ce34ecc20138ac4ff986207

SHA256
f04ea622d70d7d57d65005bf53991fc85ac13b7c41ef80b3303c8120c3a69557

SHA512
9dacdc5e02389c182477be54eb7727a50ecdf25a130d5e3a0d21fe2cb6a2e1a0540accae64f462d28fb5ebdd26e2cb508b14fd2329135f1975c9cf0c375391ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
f657d24dab4c9446175678d0b1cc5db2

SHA1
df8d4e592a5d31afd5205125b0298687cb48e46b

SHA256
5f196997ff8aecb0c622f956de9227d1a921c0f3bdf27f03e9df5ae3846eadf6

SHA512
66745d23b30d277ce305507b8f29ed9fe4e43ec2155968c5886c001b286e44281b64b37c3143615c48a2babba82feaed2d703564a6d5d537b478e0feba8dfdd0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9b241421e3f685fb0498fe5d07bee402

SHA1
1cb26202fc6e6234f7a63e85aa0bdcace8ea4101

SHA256
54c8951238c63ca4051c0285f545579303dcad207455b4a5e429c3e82e0f41a8

SHA512
d062efa7341f6c1144550e92f7c2a57c08128c4c82c4856e1faab217f1a584959e7ef0b765ba6b1a68268d9f27e211b440c3cd0dde9e2489a47a4d5fad2c4cbb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
eb27c23d4e05c7cc976d8cc44203837d

SHA1
7e0871aefc909add2f7cdf72e40c7ad0be2c4ab0

SHA256
046a3eb83ca341e76eb86ce973674d9a841ed4a100d555056bdb35c35a4dc5d3

SHA512
794859d149bcef70187ef2ae81f4e2f6d2577b796d9b1f6dde58dcdb18060192c843d1eaf2ac3ee5a44583c3ad15d9131ba8e3ac60fe9dc514eadb706954140a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 899696.crdownload

Filesize
2.0MB

MD5
887656edb673a92d3b798590ee11b6e4

SHA1
daf8f9655ed4d95a4811e42a2583880563fedffc

SHA256
5a14cf941720fbf0dc0a5f739e8735a1ed05d91b69fe8f97cd9c38cbc2fb110e

SHA512
028829272596ca050aa78e426875eb318a2576b50a5468d7eca294437bea34aa728b969aa38bf14abc15f1ec4758ae69b6c6a3f7fdf11a6dc429a072b6ef170e

Download Submit