hxxps://github[.]com/Endermanch/MalwareDatabase

max time kernel
2304s
max time network
2342s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2023 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

firefox.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1141987721-3945596982-3297311814-1000\{1BCA7D1A-4B0C-402E-8CF5-9CADA11657BA}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1141987721-3945596982-3297311814-1000\{073F6705-7FD0-404C-AD7D-64F25850BC18}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4680	msedge.exe
4680	msedge.exe
3388	msedge.exe
3388	msedge.exe
3916	identity_helper.exe
3916	identity_helper.exe
4644	msedge.exe
4644	msedge.exe
5552	msedge.exe
5552	msedge.exe
1668	msedge.exe
1668	msedge.exe
5852	identity_helper.exe
5852	identity_helper.exe
6096	msedge.exe
6096	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

firefox.exesvchost.exeSystemSettingsAdminFlows.exeSystemSettingsAdminFlows.exe

description	pid	process
Token: SeDebugPrivilege	4116	firefox.exe
Token: SeDebugPrivilege	4116	firefox.exe
Token: SeManageVolumePrivilege	2456	svchost.exe
Token: SeSystemtimePrivilege	968	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	968	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	3292	SystemSettingsAdminFlows.exe
Token: SeSystemtimePrivilege	3292	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

msedge.exefirefox.exemsedge.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

msedge.exefirefox.exemsedge.exe

pid	process
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe
1668	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

firefox.exeSystemSettingsAdminFlows.exeSystemSettingsAdminFlows.exe

pid process

4116 firefox.exe
968 SystemSettingsAdminFlows.exe
3292 SystemSettingsAdminFlows.exe

pid	process
4116	firefox.exe
968	SystemSettingsAdminFlows.exe
3292	SystemSettingsAdminFlows.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3388 wrote to memory of 3960	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 3960	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 844	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4680	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 4680	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe
PID 3388 wrote to memory of 1712	3388	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa72c646f8,0x7ffa72c64708,0x7ffa72c64718
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
2⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
2⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4480 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6020 /prefetch:8
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
2⤵
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
2⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
2⤵
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,3133405243839522500,14327872607402720388,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5596 /prefetch:8
2⤵
PID:5420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.0.1673313837\1406931916" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1a60b98-b187-4466-a811-a7d3952d00ff} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 1960 21c4e7f3e58 gpu
3⤵
PID:264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.1.1224178695\411456713" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aafaba14-7367-4786-a31d-9aa35a9a9a6e} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 2360 21c4e339858 socket
3⤵
- Checks processor information in registry
PID:4760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.2.2112760607\180564983" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae9f85c7-afd9-43b0-b5ff-a4500189ec8b} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 3108 21c529b9758 tab
3⤵
PID:5968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.3.1610597271\1910753239" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cce97a06-10e2-4901-8413-db247ceba6b5} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 3584 21c50fce358 tab
3⤵
PID:5620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.4.2016619613\769904777" -childID 3 -isForBrowser -prefsHandle 4160 -prefMapHandle 4156 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c780452-92d7-43d6-9084-2822eb4b97ea} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 4164 21c54003558 tab
3⤵
PID:5404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.5.1598735633\1395605793" -childID 4 -isForBrowser -prefsHandle 4980 -prefMapHandle 4916 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09d52800-7c3f-4484-9911-9a10a047974d} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5024 21c54f6ff58 tab
3⤵
PID:972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.6.967898429\261856147" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5404 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fea71a8-00ad-4c85-b48b-45271e33e8fe} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5416 21c552c6858 tab
3⤵
PID:3104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.8.169239226\175769655" -childID 7 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a1e23a5-dff5-4af0-a108-44f0cb6f02fd} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5652 21c55a65758 tab
3⤵
PID:5468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.7.575243274\332137685" -childID 6 -isForBrowser -prefsHandle 5468 -prefMapHandle 5472 -prefsLen 26671 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d2f3ed6-d2dc-41c5-a54b-c3d1a6eb2843} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5460 21c55a66658 tab
3⤵
PID:3236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.9.1815794621\1572806556" -childID 8 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9df247-2e69-48bd-b044-cb4574d0d7c1} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 4496 21c3ab66b58 tab
3⤵
PID:4524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.10.582896834\1710635768" -childID 9 -isForBrowser -prefsHandle 4568 -prefMapHandle 4608 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {084b4a7f-cb42-4936-82c5-974109e603fa} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 4604 21c5297a958 tab
3⤵
PID:5256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.11.1093742239\1349293931" -childID 10 -isForBrowser -prefsHandle 5248 -prefMapHandle 5848 -prefsLen 27015 -prefMapSize 232675 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22400a8e-6caa-41d6-85e5-e4f58fd7bf45} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 4704 21c3ab5f558 tab
3⤵
PID:5612

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2456

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:968

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa72c646f8,0x7ffa72c64708,0x7ffa72c64718
2⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
2⤵
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
2⤵
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
2⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
2⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
2⤵
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
2⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
2⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
2⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6352 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
2⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
2⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
2⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:1592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
2⤵
PID:2132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
2⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1
2⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
2⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
2⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
2⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
2⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
2⤵
PID:6052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
2⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
2⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
2⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
2⤵
PID:1408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1284 /prefetch:1
2⤵
PID:5604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
2⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4018294709473013838,8862075602741296961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
2⤵
PID:5428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:4228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
888243976e4d7f57f4cf608030243cc6

SHA1
2da4bcc10a4b55f4f8bd2ccdf8acb94bd4eac1ef

SHA256
dc3d294a1fd7193a0a60bd646cc19ed17d07d6dc7623dd636bad86dede54af8c

SHA512
823ee0264cbd91774d4bb5b8284b438ad6e8fc94dcb95c940123032f9ee01b9e398cd76165234088111a3f816c14e7f5c8ea645ebb55250bc76fe5dc84a840c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
169a9ee8a6aacae3dbf206e5022fb055

SHA1
9978230d5c7415e4c7f0a16d6cd1f7ed0fc27595

SHA256
73a105591936b5131e7afb0fbf8a6f6afca10fe42ab973143798c5d36a308de3

SHA512
3d0eef0880279f6268767e8150b8a9ea73c0e67f965b19656e4170205bdbd34e54ba01ddc6fb73ddc4ccc3da8fbcefb59216a14400dc7be677d75a137d3d45a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
c9b7de40e94a89e25eab0301f1abed0f

SHA1
fa601785f2397d653e23619b93a3d078765c1027

SHA256
0e2137907923551fbba26979a77b5bef2a224bec474baff8f35ff7542892972c

SHA512
4d8c4a6f5cf899be9f3809ddae41ae95d8f3d35928449ff1d991a016c9387f29dbfcd017112405e99083847aac28ace031b418ab1826a19e6bfb005f0ddef844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
fb465df97d9f9121b78fcc892b32bc3f

SHA1
8c9ae70e6e1670c46d0b2dbfba19ac434708bacd

SHA256
01ea100c1c1feb4f1dabecc7a2b4fcaf8da61b2bb63014ad3c5cfdb42434d9fb

SHA512
1afa81bfe14e94426426f1a320e6fc7d02473b7a07cf5d917f6f6ce815524a459002d2a0823138c0818dbdcee072b5b782055896787f8846647e736056537169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
3015053f56ac8a94dba6f93dc12264c4

SHA1
a2297710ff905aa39e588157c140e58a02f5b17f

SHA256
2e0eac8ee5736c0a47a5cc3f0889fc1d00abdd95f42fc7184c7ebb78ff8ab0d4

SHA512
4465dd5607bf939680a040cb82a1cedaa884d3adae47504c5dfd51cb231d204732bded37d1f2a8079adc3e0ff55d1d9a8c9ab91c18b08769b6669f3334c2b426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
186KB

MD5
7bc6fd1f6dc5563ee6ee65210ba66339

SHA1
f60d18f7ad03b852478001c42183cf34a4fa17df

SHA256
72f8e6fa61390ada328fd659eb0757e6cd989129fbfab9b32675136adbc332d7

SHA512
96d84b2acc4601f7aca0886df70b0cbbe951d82a7c59d0098cc9e0a955e1116236633b662aa02254efccfa74956b42f9cac8e164d86d70451c5b4120fe4c4710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
113KB

MD5
3d10fd26a002d244bc3d8c0b0679b506

SHA1
85103faee62eb3a18dd39c6b7e4e2a4554cb06f2

SHA256
5005ca8754a5178e209a205cdfdfe8b197e104e6b506d0eac92cc3f7d052b8b0

SHA512
cffd01cc6a871511a628a0547615d92057a3148527b51a4643225071ba8b0bca10de6fbc1fcf6a995508edebbbc0aa2706890805cb4da68b49e70ce9dc7e6a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f
Filesize
17KB

MD5
60409235704023a1c30cb982c795cdcc

SHA1
e59a95860b626cd775ab9e143510a5614a908024

SHA256
cb4f909cfb123029e24764cdd80aff8bd6999c4b3ea7f1ff34220d9afb263e93

SHA512
85129b9f39ea98ad4a1d7dce25129e5a8655a19a2c45a375f86c896403b45752692d9071e951b52f7271147ebbf4970c6eec8c5f2a80d25a3af7fd21313976bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
Filesize
18KB

MD5
3c093a26849e159d1bfbecddbd18f4f4

SHA1
6d8c46c613a592f137ccb3d4e75450f45861e278

SHA256
82fee2f7e842caea67bd865184bbb8036450244fd8523bdbdede1723ea5cc24f

SHA512
0a95387ddccc00ea145087721afce6b711fcf371f3fd83ed8b72876945ffdee2c14294a4ee2747ce96dceb5ac7f909580b1d51dc889c7d109ccfd000594b122b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071
Filesize
19KB

MD5
324f475f027cf12a81bf4ad87b7b0e44

SHA1
fd48df95a5902c011beb282f646cf91158da97fd

SHA256
99136dc8f3fec540563702a1ab539a5960bc93c3f3beaa4215ab924973665afd

SHA512
ca52968c5af6ee80e2e0cf6be246700fa6f36ebbd40ab0538bca4e2490dae391de3c314470996aed80a4ab282e173cf488691cfa4b8d0d5394a99fb66d8cae5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072
Filesize
31KB

MD5
ed44ae80c01b43b84f28d6f151d06165

SHA1
feb8d974053f62bd4a6e6cc2b5fc5d2e0def420e

SHA256
1ad5afe3f7d88d4c90ce12eef09336ae1d0a350ec4531a8f9bc7755322b8fce7

SHA512
a66de77d0ad9efbabd36f62fddd4531e91ee5a67cafa617d58362cab4e1b524dbf0db18c097cba0c4fda358c283efb2cde182ba3fa30daa0f6f037d3816256d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e
Filesize
185KB

MD5
a9673bd087b4e5e2cd21862f8b7d8054

SHA1
0854f56b37b3c7c3938ebdd75a79be32c94b281d

SHA256
d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

SHA512
3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
99a76c3ee2b6c16feb8ee306ac51081f

SHA1
2c8d8884826f10ea8a9bc8717b56e2d54d54e2c6

SHA256
1064b97df660838cce63c406bafe778deca50cc8899eb7c60546c9a23657f71a

SHA512
db2f5f0e51186d5c301b4aa088b05c9dbe599895a7113ee85cbc61a6b90d70994f6b6df126ac07a7048c3caf937badbd47c9c41997fc99b008ceaa49f6af60d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
99a76c3ee2b6c16feb8ee306ac51081f

SHA1
2c8d8884826f10ea8a9bc8717b56e2d54d54e2c6

SHA256
1064b97df660838cce63c406bafe778deca50cc8899eb7c60546c9a23657f71a

SHA512
db2f5f0e51186d5c301b4aa088b05c9dbe599895a7113ee85cbc61a6b90d70994f6b6df126ac07a7048c3caf937badbd47c9c41997fc99b008ceaa49f6af60d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
5f4f33e9b33f3c5bfa6b917cc088d8fb

SHA1
8aeb77c1fbc8e14e62bcdf6e2d550bd3d021de5a

SHA256
27173026839bc6242dd116f906aa0299f654f8ca9f86c8038c6510b6ddd55909

SHA512
be8d5b543ae992be33f9c9c0fef0f37329fe58c68842831d747ba1858eaa6541b7271c687406d8220f2b514e374c2983bf05321bdaa92268f454c829473530bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
df00b0a19381307522a94482ad208f98

SHA1
455895880dea2d5b84865669149663d344db9860

SHA256
ef43818e044bf1e91b614870dd7110753d17100f33c3f9f76b2b992c39643170

SHA512
0b2bfa33709cc04d3e226c938d757122e8eb918a5d6ee586b69c866514369d355b8c8c03e0fd936a97f1f05afbdabebbbd99bb1480364fd1344da0daa47f3429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
fb0b9ad943f380ff4da685966d4d0374

SHA1
2a158c800ce5dd39440675cd0c034a9925af6d5c

SHA256
9f9019950f205e6d032cece6494c225fd6302dbc12eb696737f40e5c52e1cd19

SHA512
c328f3bb68a5c2d47a896c16ca8dc2d17ff022f0cfee337bc3c06b443396aefa9db279a9d45bd280791f3d5cda7924c180edf5f76b93465636351fed676b8c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
ec5de0504edc82d56a68a5ea69caa5d2

SHA1
57692b0e3ba3dba7651390e801d71d2e560eee04

SHA256
90ee1bd97cb93891e59cc66edc7064d24cda632c1ef4bf84399bfca732f22b46

SHA512
ada5a918a8d2476dfe9b1aeb51596a2670e4e5cd30d4395eac39eabd231e38cc7079b88385f4986ad07b39229542c4dff49714e772b00a003ba77d3531f83fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
4b591b45798c86d04bc68432af547997

SHA1
a82c99b54957092e2262231ce96d11ca4dd328e1

SHA256
f2b69bf351a3c87d02dc714e67b3f318e0bc0416b6633f6b6270d073f9a5ff29

SHA512
c4598706ed53a909a138991de007a38bd21a8e396a9c03f78772859e4696b2fa9222ef0d78674436e3783ad077f8757bbe022dd8b0cb3fc97764ee398f746b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
49283e0e7997b4f1453fe3ed2d2062bf

SHA1
3a99b15a0ec7255df0137f949ca1fb4da125a8dd

SHA256
ea84b4337816cf3b9561182ab363ef4d3f18ffdbf1c93245592b5b1ada4c8140

SHA512
2e2b66149f2ae7c0fa8bb3a8cb8b2a1142b82c80bf55c41fcb2cfbc38933dc25565445e27d9790aae8bbf6e216042dcc6e32153f90a219ceb719f50aee1094f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
28KB

MD5
043f3bed2d850b0769db72c0969e8cd7

SHA1
7f33ced38dea1ebc686df614c9b2a1ee2e372f3a

SHA256
1123b7e14b5c576d90bb7939eda0ebff92498f4b6d112c1fadafda0da9191607

SHA512
78de2d84ec9a9757cad887027fe625e6d9ed92db4151487fbd02a1293207aed73a332c80625644be1601bac9e9b7546ff3baf54f77a82bd9cba2111bf65899e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
e707ad23867762bc40df9e2e5a090f1b

SHA1
b197afd87c753b49ac9243848357187d1192eabb

SHA256
4453254fa3c5311df7d34510b9e8cfcb2d2e03d87da732adf988e76ad8ecd9d8

SHA512
2ead9f3473dd228f15573d1b47c46927cdf6a7d5f4eb35986123897e9b12d60c051c7d12f3bd9177ade96a2ccb425e9f79f1b9fb5f08667644f295c4bbb5dec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
2662e65128d17c1e9023d3da8a64c08d

SHA1
db6ca98f5f0109284c0a071f8adc4befc26c3ec1

SHA256
229679422df00e336b4ad2af92c345caa60b98173c0fcc741baa2d7086c0dd91

SHA512
ad320d647ec7031754bd6bda02b13c8324aa6d2b9d29e0820d782d51973a84a1330a76a5669765b6e12e82d261ff9ff44e4196d3f675486971beb43d9abf7e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
614030722d2d90f354ac33f189a3f4a8

SHA1
2966091cba7cae4a843ad410b91651653477ebd7

SHA256
d8b83c74f4c1da873234a953e7b2be3b287c5ba794a55241308a9a868f4e0e31

SHA512
e20ed1e07fac0d441e8b1b23e7ecde2baf8e5d780adf442d267eadbccc7e34ad11a0987bb8f374ad5d3565aca131c7cda8b1d73b66b224849ae49b988894ea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
6eea973dcbb61fc2ea2b1b9aa7a6e9f1

SHA1
802d60d8f046f2c29ad3eb5bdf298a66b69e29cd

SHA256
b08a9039ae9faa82601be2f211d4802adec2fb2bbb6984a1d8ae25c102e323c9

SHA512
d58ca35d5844203aec5147ce48ece53c89b9acf45e0c16db2ea4185d33f0cf882b17f20adb1b7ef4e84b9233706f3b03d899a1f01e313891148f9418a2a773ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
3KB

MD5
b5906c5933b9570fd2a2164a7200a3bc

SHA1
04eff7011c5d3c4bbc760a415cd21d9fb166f112

SHA256
441c84db897f00852ff3e4f437811fd64408e7ffc542aeb0db9bb39ff3551553

SHA512
2255c565abfcd1cfcec290eb643e6e3f4a7d3b07cb8f44708fb907133108287ade7441e4c4855371b6cb51e6f650e66ada67534033f5746386cb4183abf5d3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\000003.log
Filesize
8KB

MD5
1157e7b40ca7a443d37cd5871b3c5dd1

SHA1
ed594bb726942cdbd85deb87af0bc3eadc86b82d

SHA256
91b886276629f33747cba8a0becc5a67fc7198fb8aa544576d6dce4c733ea13d

SHA512
e71970b292e424d084a0c93182bd8719f5f79ec2107859479bf79e770b5f669fe7fb3899d2e960a4bebb023d2b7e478d3244b134c9db6026bd1cb2b2812bcb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\LOG.old
Filesize
401B

MD5
35e13a3d8b9ca4f96be10d9411f2e208

SHA1
2c66e0f5004bcc81e1e5dbe9102b9e257e139457

SHA256
05615e1a05868c47a211f7b287fc5f4ed3184f1d8ff91b93c84313f3b12a89ab

SHA512
e5f322625f8f0ac9aa24255457633614a7e18f68e423ad6a2b301c177f6c62cb7ce4c7c380ef6b4cb0d3f9def8b94d79c538dce7e0d341ed6fdcad894a69f05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\LOG.old
Filesize
401B

MD5
b6e784813c70d06bb27b9548fc2f0d73

SHA1
51b7d9ad00ab86d9057eaf91a8baf698cb1fd0ff

SHA256
7d70846831c17ebe73874e5d8972c616e6ebfeac5cc6a164b76719d75ac2d208

SHA512
bfb03143b14a60bb618c0a0058d9d478b0e3b6afba4e635b8b79996451a9a0ba83aac205832c1aa41a237becedceb0ae0b830013552f81d01287941b453e7426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\LOG.old
Filesize
401B

MD5
c1a69bff577e35cd25a5271631b9429e

SHA1
142cc0ab37e3df708d85f3d3c37edcbb782a5fad

SHA256
939496aa6c25c34c0c2ce6b36c3a86c19a8d8f4ba19a9ea06bc71580615f9d54

SHA512
62331e9cefea6097f0e85117a005d05fac860a70f31490a900af97f2556be7d7fb37335237378f58c88e96e82b066f2fcbe341994c994374b7ed218fb6c9b96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\LOG.old~RFe5fffd5.TMP
Filesize
361B

MD5
f39f42ec548f895cee3242f67d00a727

SHA1
7a5700ddf00e2b7854ab8ac891956a4a8a2e508f

SHA256
59f8601b0b1adc3165482c343a707ac3660d95801fd54349746e5780af2f4d05

SHA512
c5026e914796290f585b6944c1966801eb2fccd476e58f5440a2905153effa00f17959bebc2489dc6ecfd49829a0c21a72015946f2d2546c99fbafcaf7261d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_trustisimportant.fun_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
9KB

MD5
f900b180afa5c49624b6732a68c24ef7

SHA1
8f849623762dd0cc7399985b0e253cdb80340bf0

SHA256
7d86ddbece29db7fea427cdd416f79a9873d5172d03b2ac28aac7c35ea2ccb5a

SHA512
6ca219745713ab3a5aaae8dda1bdc4316bbac34468c1900b029adf30167f49ab0737fb5a593063abbf43065601a7f36b19c7b74520420abe5717a76171bea195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
335d781a73fa66ae16693c6f9a39e246

SHA1
a165b5ac6b9e25d5c64c8004387c8c009863a0db

SHA256
882e60da4743e385eb523025f43994a314a6862e3ceabdb35a040c41c9aead06

SHA512
03373ee0cde92ba89904407c8af36a86cfb664a09552caf8bcd8035495c3ca7a6b43d796aa66e63c37bd57eed194908378c58a61f7facd2343949c19756c3027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
cdeabbaf385ce906495d70b670f909b8

SHA1
b71f515effaf1be204f741c29fdc631b2518b14d

SHA256
a44ca09d1e89f5dfdc1edbb0f155b8fa20c7095068ca29f1e206c35c0839f47d

SHA512
0073d9211a9138c86ef5f7ded8820925166f7deb14adbe250159168b58c7c2a80da9b6df7189625f78c766cdb648adecf474df73d2c3d5ae3410895a25e0db04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f03498af4cbc0e8bb74c283f9fe2eac1

SHA1
52e5c77aee3899b38221ec551ce08c44358f7f29

SHA256
5912c6a4da436f018f28d518950ae69df837878516f3ae1bc835ea45b924882a

SHA512
5b09d35f16f345df426df3577320a679bf77320b297d8e8f98b1005de90d60ecb1b9bea5df02e35b87336b6083be265ab5b035c4e6eeb9d6bd255e0358b69ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
80ed042973550bda45c5100ae9fb11e4

SHA1
8d1aac4f75c35843ff5f35615c98972e32db7a7e

SHA256
9fa72f39785d3cc5c2086bdb2770192ae61edd138de6dfd89530e03f18163b5a

SHA512
fcbe5fc5dec9ec642868bcf33a925e05febb064dc2b5fa603f574a3dc2b5a43246f9636cef322846a8ada001f206becfe9aea7c265d25422a04d347e31f28d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
784B

MD5
065e9a4c26403419327a353e856c7c39

SHA1
7df5960c46b3a5a91bf60f2b1e781eb3981a62ce

SHA256
9bf76613da405a9c84c1d7f68bf9506ba09500ba590392ef4138732a76de1faf

SHA512
13fc2b3db02d03e9a808cbbfbb4d04c4e36e178e030fb585dd175f23d69e3959b59d0ef04fe0d4b635b50862fdb13280456f60ec7fe5e8472dadee6c329a324d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
16KB

MD5
3961eb784b18ceffba2e3db1abbc4d55

SHA1
53efb0515e38a5c36b034930fa19d78e3b608488

SHA256
187eefb3ee2f51d3cc96230f2418d8a71014c952b3bac639d735a2be2b960e6c

SHA512
90a8e0e9f580e9648b05513300e1c47d82c3053f7f3b169f7417c9389913006704f3c2dbfe3e1173857292c952305d678e320894ba344319cb2df4af2a89fbcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
26cff8fbd91e218b3b9886ae04869bc9

SHA1
c64e9d8210cb56e96d1fb1c7389930f6bd490f97

SHA256
b4e02da060c868689415f0b0a8a3d78a22a1d4bf550ad6d3d189f3d557947a62

SHA512
416f1728b6e4bfc99bbc8bed972612ce72b32d4faf5aa5bd138436da50a6bdd1ca49267743448566794d3087d6ab199204417dddda3887c08fb87ed7bc4a6b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
484f684a1a7b000125588a8ae13cf670

SHA1
2633f5b6542bbcca14b71505d9d3c5b0e455f58a

SHA256
450b011201ad566b2fd325f698b7026682f1c72f2ada1aa3a99dda02508f7fe0

SHA512
22df9f8bf25135b6810a22f79b7eecf2dba761a8eb8455afd7e510da950f093d37ff80ee0d8190e29f08a21dc39d0dd2ad67f29abc2144b2cc047ef9f46d59f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d1090b5e9b48ef6f4cbeb1597d22bc56

SHA1
59e9ebd9035f1f57d770408fed37fd791cd55a6d

SHA256
15a02d6e6ef77cdb4c60c99d6384ea2cc20485bd28fe80e3496f5ac81fafb6f3

SHA512
0d3d2b5ef655d73795f0a2a6e215e436beffc6a79415763d89291d7b4badebd6da3f1c3b80e39461e95a8b9cc8f893e0cff76cdc0d343ae64dbfae3c21d440c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3471264186e0e4fa55c9cacd4611a836

SHA1
195a581795ce1163aa0e915571c79d27d9786449

SHA256
4a215b4f4a668b1986b572eb57ced4271240ec37290181e8b05add3684216ab8

SHA512
af8ee6709bdc15f7472aa70f215c3f0b2a256f01bc8c6406306895cc989e8ff14d9a0716d7e6696342cc62d7f94f51cff5ec64f087a701f6475dfcf2a095dd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
295b0426e089c5ca02c5d39131676c33

SHA1
c7ee183b116cfe53b79817c7ae64397c9e15cb1d

SHA256
9a3e36554f690900b1ac6955375eedf097f4e20db04c0fb736360a87cf62dde5

SHA512
006df9792e7118dbc3ae314aeafa710ecd16fcbab23947da3fa5b0281ff37945223199b4859532dcc31f54afceedd758f0d3134697976b1e78bc2656cd3e62fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
3ef3e893e565c19e7e16d5795a192a1e

SHA1
b5216213026082465643aee14e08c604915637fc

SHA256
aa279684d07790f50adfac37cb976cee8b9eab688528dbe042458b8dfae43c57

SHA512
495b511dc946f3b0a5353d3a31090f245767cb3fca2f40fdc1bd7bff642cb84fee91cecefdc177022441426fa9a9f2c9530ebf0ba98568506ea21368820be838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
0f05b7d89d1e47879256459d2c855b1a

SHA1
2aee48a5f28c13bccbcbffd771f22ca53c6f27c2

SHA256
f4ff9ea4b8ade63e59dcac6b7713950466f7b86cf17e9a4d5dd9be8fe21c9653

SHA512
9ecd8a4ce97ff13c1648e82367f05c8b14536a3a0ad01197174684de8cfafec5784ea634b9dbd06e7dd7600db0243a1215716ce301c4734ee51c74b840233af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0ec2fcedfe82b68018b9f322088364c8

SHA1
2523028f08759d3f16ca779fe09d84b533e5a9a0

SHA256
a78fde802b4f73601b1a0abf2c34232d54e39367fff860d1cd67b0689b38d029

SHA512
0def9d43e85794360bd65acc0950a220c94ec298b9dee182d0c7f2b6d29831cb02397abef1b5a7105c936ad9caba6106d88aad2bec60e89e3de38ae25eafa9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
bcd552e0c82c96a4f967702d0a93011b

SHA1
ab5b7a32ee15e9cef822b1fff8ce6a82307fadaf

SHA256
9ff1c7bfd77c46ba751361782b32a066df9c16cff3948b59a18f250b8109f055

SHA512
6a9a6ced072ee2081c92cb29e0034ba10903eeed98694859432e18e21cb5ca6281974a322867d6b9c72320c985540cb33dbb7c76a1ecd1ea16dfe548cb5e5726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
a19ad81c25b866c5a00d0d1e95008907

SHA1
4ac85f41bd43cb960df079667a7c095ab951dfb1

SHA256
115f0238f4ed99a5f538a2b7d017ef72582d90ebed25557dd039d4b472adff2a

SHA512
a97f183c9693462126ea44f7125641be0b65cf0e2b3dd2356146c2010dabb7de333445f839d7799416f3a1fb2a84c26f13ae30338f9a9e2b6c97a252aa83402f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9af967bba9f7bfa5992ec8135f76f41a

SHA1
03ccc871901c1bc85138d0e26c967352ac3a49e9

SHA256
3b724468ee401ff4d1d0a9da2904ee457981d211978163fac7338f56b45e3369

SHA512
3c911157e6492b972539dae3e949c537a45a2d31fc4331a195fa9a0243d64dab5adc1da218d341d8cc74d5146dee8124f60628cf268399ce0b498a24d28ab318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
576f03a0acbfd8b63a8e0ab231f0d4fa

SHA1
3762f145c4df27cdf58b78399b1686548ebbe565

SHA256
428b0c3dca57b2d3dbddbf301d063f92ebea14ad1b034db9146cdfae71e6c3f5

SHA512
4cbe7d2f185be36e6a5aa0a350e50df239af9ef7515788da3da37420534fb8ae6bfad4accabeafe4c34a340cdc91720c6330d7ad6d92a8be9edb4534c4c54caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7af7873101e3475b271ba86166b9406f

SHA1
fb6676d7648654af64f6d6f842739dbed3f3b583

SHA256
24216f3fe70c993073c58462b49a302dd9c39df471dbfb35c1080c8badda43e6

SHA512
826224d99b63f2f050b85e876e6e13d5dc0984ed46a069a55fec8f65d59500641682c22a9e6c96b64be3fdff95c3dea861a8bd5d225c18b0b1c71ca4b878cc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
a918e577730487dedfd09bc7620e6861

SHA1
c206df91cc8a2dfdee7c0efd8bb7f2854c6dfc0b

SHA256
8c997f07ab3ec7cead530f2edc33a16b785f80ce90186526e9656132f589637b

SHA512
38e88559d2da99482af39d1cb80e79bd0b679036c95e295e9a035addb15961c56a43211910782985f49ffd05f7e72a0e4c6f95b94344529b16a9edbe12d32a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f5bcd21115ccbb40d47a6c49a81b7e07

SHA1
699be43bf3c7e08d0198a71816321a2b7ca3c51d

SHA256
ae130c9bab238eb69c182b48389a7863abd33da93b3f46fe1761c8cbc4a8ace5

SHA512
5dda9ef84015931fa4c0f450f222b554fd700ab996f42170790c4e122c6d1e5466455122e30fb4a10a225948875cdecb9b6a6d661d2e9849c753d2271bb0ede6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f5bcd21115ccbb40d47a6c49a81b7e07

SHA1
699be43bf3c7e08d0198a71816321a2b7ca3c51d

SHA256
ae130c9bab238eb69c182b48389a7863abd33da93b3f46fe1761c8cbc4a8ace5

SHA512
5dda9ef84015931fa4c0f450f222b554fd700ab996f42170790c4e122c6d1e5466455122e30fb4a10a225948875cdecb9b6a6d661d2e9849c753d2271bb0ede6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
b94254960794fe43edbf5e7fa2e4d702

SHA1
fa065b1c77847d59bf0edebd86e8f7535c6350ac

SHA256
7bce1ebed78da7586f2ba8a81e11c0ecb9bb1e2e8449a93c8429e87a78f6eabe

SHA512
c4d401b80c9ffb4137c9ab4c8fa42c17ea35abc6427e5ef043db5d28ebfe684ea93c6457c36e757c05817ba885a3d81cdd0502b9e4b8463ce5cafb1f113dcaa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d7fc3bba51e07f5e716ba479c11a7a64

SHA1
d64093e3a541ea92382f968d532958436cfab1a5

SHA256
7281a477fe2ded08adc3f997c1763199dc6e40d3b2d665e95e42edec9b46cb0f

SHA512
00eb7511c75c091036bba900d8bbee150e782f9d3b2e23cc4b0f581ef1ae431a81718f7a1cca1fbb808137cde2d19521cdfe3c493c4a4a3a8065bd646ff096e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\1ede9ebd-48fb-48a6-86bd-e1b294767040\index-dir\the-real-index
Filesize
72B

MD5
bc8811b1fd0f285c7725493455aaae07

SHA1
118101c177317b600f94693835309d824841267d

SHA256
80306328412a6ef16ac5731953b09ef0c9d5e43d5b0082142f15d853587d196c

SHA512
d9ed0dbbf1fbc82f7bbb2e61af55c7f0476be96b0399afd62469199949851114e19168183e1338e4ea007506802c08b03d9ff4e07017c5b06761cd4e8616d6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\1ede9ebd-48fb-48a6-86bd-e1b294767040\index-dir\the-real-index~RFe5e4e0e.TMP
Filesize
48B

MD5
a0fd4d36c9718d7c87bf9b193fddb26e

SHA1
e4598cbf6c17b85d0017133d92359653ec9221d4

SHA256
0655a1628109c10100b270ed877a0b5b6039d0fd8f255d1c8903d02535e936f8

SHA512
0fad3632125f06736217a8220cdcc09531a3dbb5a396e323f475da4d651007493b1dd7608baaaec5c3c46fd76c1794c2e54dd6ded6bfb4b43f464bc2652a1561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt
Filesize
83B

MD5
a3b074ee02a2b153e62b82524a78df5e

SHA1
20dfdd50a7cdaf3a4812f694ba97249cc28dbd21

SHA256
0baa16ba64a44998e59a16d5d9b04755058822d2bece5292370cb2079d5203f8

SHA512
13c4371c810fcb784aa4cbab70ef5d7ea9ab50ca1fb8ab4f1fab6615c209e8ef343a9da7f7eaec69e4c6e8fb637d7a5f4c6cbc53c4f211c7722a00954f385a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c88326c16da025a4095d66138d90a725ead722eb\index.txt
Filesize
77B

MD5
498e07d5e55be121ceea6f78fe7ec18c

SHA1
19f4731e013623ee90eeb5f0292f3754db3a5e13

SHA256
9be76877487bcef3a8143b6962d2be14baba1a2f2059e611047c005b511947dc

SHA512
8446e91c1c64d6008ec748c3a58c671c280b1c6406f9d9be80de6924bd85bbe56bb8445b22bd9e1190fa451dd27282febd1d2452b7d38681432ce6d452b139bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
9KB

MD5
aceb11e214545ca06ad9d6d88b609c64

SHA1
181e78db582a030d2b0bb058046e31577d6cc4fd

SHA256
f4444c129f3dd1e31790c71676d949755d49eb17b146f2081e3760b8a9fb9501

SHA512
649f1675bbd60c7f6aff40fbda502635a7eb303fb8a1763e82a6363b85687f47e605d67cdba5a809309bca9f686ec5e4e03f026b190e8d07f14febd19c58c792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1
Filesize
8KB

MD5
89b571fb9d7ce0952a5224814a9767a0

SHA1
bc833da6e63e4272789c7b907f5a0a685d2a9522

SHA256
7c38bb9a86630513fb775199461290efff5fe9bede8b966fa6b51ccd6d05f740

SHA512
fa1fe8d95a18194a8b0713acf45d4857099cb10e56758f85869d4bdb90c96bb0e453058c142a3cd90c77d28168234cb42b2e608f28b55d47967fa25fc82679af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize
257KB

MD5
5f0ce659d307f6997724451db0b75eb3

SHA1
3adf236bb79608540d0da7c31d32c28fac3eba29

SHA256
6990044f78acbff065b6c5cf904a1ed997e32c7748d9c064dc7a6065eef7b5fd

SHA512
a01bff81c4a144b9e71863526fbcfea88f618925a679a671f8fb7325844621f4bc46ba3175fbac514ad931fbb5407a20ec61a29fe5e77cba63b87c766028c992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0
Filesize
6KB

MD5
9f3aa01e2ac349c55e7bd67cfe16bd36

SHA1
ed62d64df3a0eb88b681a75652a6c67c2f309ab9

SHA256
6ed7d5c7199fbb9158eb65acf55f0665eff35a6b62d99db7804c20c251025859

SHA512
5964d778fc4560e4f7e9130989ff88a5c71a5a0671deedca77cb05af13544d1649aab18c07cf6baae189c2fd5bc17ff7b84b8fb7876d13a039eab66d03a320e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1
Filesize
2KB

MD5
37576f9167d7c73d3330a3636cdaad1a

SHA1
ceb5458987701d1c35a36f0591f6315f9120ccc8

SHA256
cb864a1587da441bcf5914ba62449144cf64047840538d50a73ecb593d63c66c

SHA512
d25d61dcbf17419b987ae9b376b87cc7dfc05bd250366f5b0fdc58592e04cbff8906ff6edeb2773f65fd91785a869a6f788ad08e5d5b8a3e03fa07e56926e3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
120B

MD5
4add0c8f9583e6ed572530f7b0485a04

SHA1
65c0b18d5f9580abb78c2a4b4766ecf15204e26e

SHA256
669a10ef79327b9224b5c9c4a110f55c3e1f15782dd6a76ed81d008e1288ec3b

SHA512
a427d481e22aa81fa690fd3a099fe33a122bdad6765870dc81a743e1cbc2ab67accfd656f936b35679d46cfbd6e4a9858508f4110eb454b696ba435064d756a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e4bbc.TMP
Filesize
48B

MD5
4f0a98f1fb19135f0a5965d634c91620

SHA1
c01d43a0086ad1668188fd71f9dadc767618158c

SHA256
979aa59316565af98c1a9230da55ebb4a62744566159258594940d021f53d3c5

SHA512
bbeaf01e99ad107db70a79b1be84e600103239ce840e2a0a0c7c3ecef1b44c91b8c15bd7acb5a44ded650732be455723d51c6a89e73e2ef8895ac0301b5dec94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
594B

MD5
40a94c76975ab95a7b4371593b875f5c

SHA1
2bcb2b75ced872e73a7b874cd95c1ed719192f73

SHA256
e35158421758a31e958dd12a5a27000dcd7438c737ccb25e062422a6e52ff71b

SHA512
7d621e9d25ea81daafe0fcf87544a2769271cef8b7199cf887a51e34a7a27850b8562d92893509e975dddff10a94782d141c2b748836406669c7707b50fe27f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
2a64917b9420eefaf959a49759cf7b4c

SHA1
072216d191c1242ba2de005776645fec53d86eeb

SHA256
d5557c1cf37085e210ebfb9fda9e4c0e8bd45d3ee46e16bb5402ef6f9342efbd

SHA512
284df712e86343e9ced893e8e9f348b37a6c64a45079173ff8dd0186d211e9acd3fab33203b11768cc9dc25a93d58ecf2e002ca86046cf8c98ebb69df1206ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13341420703325282
Filesize
11KB

MD5
436470a37010e584b4ad1dd84a6931e7

SHA1
dfee85c631e80523ef82404de835fea3d1c45cb4

SHA256
7343e0526bb3a2fde75149ac0bb5b4fdb374a11a6be48ecdd83062c8d0d7be3b

SHA512
a877c3e7ac2a7929794db62e2dd6986b6c90460a8b4e13fd1a5c8be508f7e37b85bc0858fb4f23db78006d77c940d471c0335e7b2daaaae4a942aa36ab49b461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
244B

MD5
2d749abfd58639d4f2edc691f6a98024

SHA1
5b9e29948e4454f2e86c2bd6ae7a558b8a5172cf

SHA256
38ee60d9498fb91444363b7467314566dafc3820c80fcdd46f7c02e406564e48

SHA512
72b40ceeb9e88d57526f3301d81ff50115b2f3b652994374dfe8a5b7921e3a1aa3ee255d2f8b7b4ea35944ae35fa1ab525340024e0be74275aa5d147fb0e725d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
3ccde6729d1cb627f3eadfbb4343d437

SHA1
cba10e0365db641a97ba48705c2bebe7d339fe37

SHA256
a0bb32e59760b53f09cd62563d4b0640d771e9ee2a78500afdf741ad035d3f5c

SHA512
3d36377bd21618bd38cc31c7a95efab70d2b957bfda82a57edd6cec3b825aa68c05585cbbe7777056537eaf5c07975104decccb0ec5205f68f1be2cb6fd7196c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
dcea35fc0fb18d6c0ac8cf8a8b96c06c

SHA1
1e31f8602891221c5b51b8eba1824c0e645a9029

SHA256
0a85b1f3251d21e69c8d966dd249e2c2f120d48c26d14abcd9e5d333330a0a29

SHA512
6bd13c00899a4e1842533a49c56475e1acd9b9e5a5cf72a881a38d00fe03ff32e668f00ffcf74e183232234561be306a9b59422fcd2d6ac91233b91964e5d56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
df256c9547f1a2070eb5d5a7d01e33e4

SHA1
7c1e45ff4c941bf5909acd2ef1d8f6b1bb75245a

SHA256
c87bad063f4f7d9a548887b921a2017ad8ddf04476050fd7f3edcf3b377fe275

SHA512
2d03d891a4382f68db0ae970df161b0c3b87f25c1475a58caf0ad7a9ee62e2a8727645fbfc96a3795606c81ae34d034ec5d7f13ba0f844a488d2c2dcff6114da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
9852756be2b492cfac95d39a006b3fa2

SHA1
4144616e8c1aec268af2e416cce14d83c9aaa063

SHA256
b0a7d8d85f78dcd6f2d20132e9ff4d0b710f27db2f822ca85c35289b1f37335e

SHA512
974f701be9fbb54070cb2669c0df16d283bc49c29a2b86e2dd9b41987605e1f3afebb6fef6fcf494acaf6d018a3375b9384cbec6c811309605b3be5619a1191d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f150d6f6f0412fba79973e7601e5e591

SHA1
1df62556d478ee5dd62f681f361e60afb6d664e6

SHA256
ad961d4cd18404e67513c1cd874061771186c73aa6abc0fdb77719bb5021ab81

SHA512
dd2f2aeae708e6dd760ac2657a51f7d849b33f8b3cad2a8121bb20234da0ba8139196b00ade3941c78d30f5b55d3b89c7bcdf6aa8dc3598f724db964e6b9de56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8d9f9a5daac0e32a222aee7c08e9b047

SHA1
69acbc933e2f0b01646aee2ab04d60da3e6ed536

SHA256
4982c1f7069029aebd92637122ef94f24450aeab4c2c8eccfead415db222b635

SHA512
41b043bfec2d77eb0e97751f2b1bab8cc9bf13e3ad0779b2142185c9334a2c12d99494ce2b70417da67c99a9a5a259033ccb2d998e2ef617968566fcf6831228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
9129f6190e0475010892eca99aefef01

SHA1
5ea9aa7de2f9f141dea8005c62ad597154fed292

SHA256
f0e1063bb11ac33dfbec401321467c6bbcc4f52da6ba46d4290fae63380f0dcd

SHA512
35f4514cf431ef357e42dcdddeeab40ccb092e065c4248be72f4d341fdc8c22642967c0e91c7ef3c0bb76c2250e447fef5322c2970ee9f4abb424244ba4ff2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
261135664a82944ee1dec34c396d411b

SHA1
187bf091a1b415b85caa26f38b8f9287c09f3477

SHA256
53d492dec6698ddfcb29d65f7b9817b17c82ce1942b8cb8f6fd0137f1b02dafb

SHA512
d74a97125ef2510a925f56d08b9b4e963baefd5faa16fd6cb10ccf6272efe7f417be6952f37bb24c074d69f7157864313f9a7f43e462501365f51c7cffd4d5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
5afe56cfea7df6f44b9721ddb127cb88

SHA1
51d0926f1e086372a19425f871223af5e427346e

SHA256
5cce61edae6fc033ac4986182f033cf7fc0c5a95ecebf85757d120c394fa2771

SHA512
ac464f55ee71e5ccbfe61882869a3f1f1566a9f648f97dc6aa559dce0b27705e6b3643c0b508cc0a07d43289751ec0b8c6cd9afdacd7819ef9bbb397eb4aa4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
8515eb4a1fd9f846741b7f148f505059

SHA1
ed509e414267e4591275f1b441868ff5718d2fa8

SHA256
ba9fa6a16d126660d7ad85cc2b8ccd3b0175530f9effcd9cb349d72f259a9697

SHA512
c4b0372a5612cb8ff505d3590bac8bf1f6b94599709773bbd5d67faf0fe7ad55618639ccae5cb49b6a7894d618d0a646368b5b9154b75efc352bdf2e61ad8121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
8KB

MD5
b279cdf6bc5df11cd5366c341491a047

SHA1
0d9e80bbe05579d1a83bf937be708c4565bc03b9

SHA256
0487618ddae9ed92c9f609f73ee318c7db25b7d7ad6c0cd644d926fedfc9a039

SHA512
4df6b5f165569a7977e517893358cf96111823c6217bdacd0d280add8b6dce230a623281a0511302e7ba5128fb8b0952cda8902a6505cb273c3afafcd7dcc26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
60cea087bc45ddaf91348e0a54860934

SHA1
606f246f9ad7b8a1726e3d2baabe956915fddbde

SHA256
0e308efccb23203478f49a5e639ef95135abf541df5155eaf1470fbb4ce89df8

SHA512
120201a58032afa5981558430ac30206250e3a87f75d524f30e1c7b05499daa8359ea54000908647eba222cab4a2cd9ab50b8e8e2268be07d5c083ffe6a838cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
3dcf922225ad895351a218e64d1be870

SHA1
71a418e002174b410ea704a1bd87e8545b6afede

SHA256
5e6b524373e5e4f29f41b531f5346ddc0d8c8439c6a9ded9fb1b55ac3c97b377

SHA512
b5232122efdeeaa53124faec0a46c8b322602356051b51085ffc09426b04ba944968b53d63ea0fe59b47dced59f8a230cb048ee8c895c58d2f9ededb1e0c93e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
24dea36fa7f2b7bb4ddeb97134b51e5a

SHA1
7b940c70f90a40fc89891669fdf2a372ee31c340

SHA256
0123946b4ecc448bcd8251181441179d9e7ddb050845c21470b0eeae53b682d7

SHA512
535f743e68263e49107e31745dafc884bfa508bfc99fa71c703b8bbd170424a8c6c7da620784ed0b1d96bf2681954043662ef6a46397393d87f0242eb2b4e13e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
fcbd2ae7338e0e6e4797be561cb940b8

SHA1
0544e3fc1a017221325657a1bbd1dc694e5914ea

SHA256
8018643b2506ca4e8717b796314d1e31997be9b0be87cd50f20a0966941b1ebf

SHA512
d0a11faf47754252c895333c223be5d08722bbcf89d4809041afebc915b0bbdcccc33db9b40b6b64496fab1a10f35bf82e92667dd716fe9cb00f27061e7bb548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ab64e3375f96707b1672f8edddb7ebee

SHA1
36be3391ba5dfdca2478a0dd58163d8098f35558

SHA256
46ef14b347daf631bc6b01b03efc9cfe03495214883f7b8cd57897beccc1df11

SHA512
20bbd0042de97004df3089677855b7d18e2871fbf3fabbaf1fc042f07ca327289f8e53c5f56034e783d5b9505b021a96152647ae6689e0f4e4291805f733e50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
b18329a5510b3da34487563463907bee

SHA1
8555ca3473db7b05d33d938ad03570e542297396

SHA256
6f50f364e27e55322d684955d399d4abd1f1f9667a604e5ddce46da9022d28ac

SHA512
66b3880076f5d9491d831b8e941be5c01dcaf275d66ea607e847be705d704d1dbb2b9a218244d36145d267027bf3f5ad4c182644d68bd07a874b631492b36b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
7KB

MD5
b893990a7046a131906de3f99e2972db

SHA1
ee0d655b6bd508cd6f178c3df021e0f766092d17

SHA256
c3967c30bb3812fb06703f690e2da0d609d404ecd016ecc77c086e6d7d7cb395

SHA512
89f31d988876f52e88df964d4e39079fc391366a2581161e32323bcbb81598b0140dccd54998e47a579f1bb38dfc4d87f29d9163af33a687570e69c6f840226c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c051f7486f56804722e446ee2e881d0d

SHA1
0eb8e177d1d16586e1089dcc2883bb8e5c2f42a5

SHA256
8f55cfaa105b61ef05e8bc2192979250914456b1e18e872c0cafcdac20774d02

SHA512
aee4966b62a23a6395210839e2a56ad8c6a529272cd3101e5dad0a64d714b146ef0def8eec5364572d133bf139c3aae334a19b2cf6d169fd18745b53b7ecc21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
7f5c23dc37b61db2825c08a4296f3cfe

SHA1
99c65093a60d1b5fc583bf28d05c08a1e2105844

SHA256
159217bcd4a8576b46bf2e6cb82e79721995ae6aa179181eff0ec3fcfdb7c2b6

SHA512
6d4350c86276545e1e5249c6342ba7e821bd651fae3dd422cc51fb5ddf71e3823b13b487ea27c490f2ac6be4dd4bdac41a0d7182a111e669e72d3038eeec3130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
7de1dee79ddc790f9bbc60c2b981c8e2

SHA1
f7f63f5b3f18f31452a382fb6c1c06769886c6db

SHA256
3da0a8b3d976b5e222313d3524eac4d114ed0b7818ea4f552d9b6dbce848bd4c

SHA512
a4630b54720d53cdd826a3be80d3016d75f48ebc72e181e65eb2b47094482986b47ebb6be94c11175d9b968a91caea96df5127c88e52b3f47465bf2fd1ec86b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
aec88a12666afb5f7d8631e5eb6eefeb

SHA1
70741eb0d2bcf408287e8d7fd205e052d95c0f65

SHA256
9ac51277cb46b76d228e3124c4b418410173ae9d0c4485ba89d7e81fce66c976

SHA512
9e072fb33923382f9e54bfb81d6edc33dc111353bd3e6c50f98320ddc89159e958ced68b5a83e01ad0bdeae95913287318d686f9801e413fe87879d7992e1e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
bafb65ad0645c4b51203703a96edac00

SHA1
98547490d6bc0f57af6752ed8fb03b1930412547

SHA256
58a531c257949c3b138f05d3eeccada1e292eb49f43a437749be92eb5b2f1eb6

SHA512
7437ea96466923e14521dd8f58c2a3c11fef2e9f97efdcb0376f8dee1eab4b36444287e8ba667df81a62033cfd50e46940f8824d5e643e59bfd6e28fbe1753e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583330.TMP
Filesize
1KB

MD5
ade8e1802fd91f0086a9bf9ebebf07d3

SHA1
a395f602ac22d9ea018ee5dad0e292b9d600d990

SHA256
685b03223bce517323af15b4d3a7fccf3af2e17575aaf895f33d9cd8fed479c3

SHA512
475560e5e432c3b36f591286e0c9aa7e3837ac4f4586fc72849b7fb623e8b303ce3be929d5680aadeb5855b4c5cbf62a7ab02e9b8974e9782c5109362a2d5253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
88fed03324ae4a1a913d64f0f45bb4e0

SHA1
735c59fd54af1a1bbc72a44004de24f7e88e46f5

SHA256
8baaec8d48777393624886d871ae3bd3f3153d796e35dd810678ce053170c33f

SHA512
15f2fd7c79ebf09561b905355970a060b21a36e265e5153b651595e81f60c4fba5c3fe551de74fa6c39c208ed9af5f578b044aa49275196a8fb63dbfc94c396c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
b12c6883360b30f1506d71f0e5430976

SHA1
eb45489e223ace00df972089b226e4e49ccd12a3

SHA256
265fcab01bc976095519fd6f23398e2cf81d15e5565a13c2267bb11c598c0c18

SHA512
50aa44fe3e1fa046671b92634cde42897168c66307d3f2e04f6f87c56c06dcc811837e0f97a1d9064654c3690aaac7b25e264141d6ea17254ae69cee4b22e379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
60KB

MD5
b83936de87ba730fa2a9d5f89a76b1a2

SHA1
cc19665d5379d8445847f42e8c84c86eff5b9720

SHA256
584d6c659c4ed1176da65737a5ef86977c516875daee7500aa621ed8c8e95c92

SHA512
b3aa522505b5e5a78d2138625c849a00ab6932f5f1d380bfad3c22944a4f91c572d6d961d882bc057f40196dd5cbbce02d8e0d513b52ff0e5cfa16c5a28172d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
206B

MD5
f9e56b4b16121993da5c6d6403dda0de

SHA1
34de242d2d6bf6265dbe9af68ecb6eb68d9e22d5

SHA256
a736d9e36117e36cde5a7c7db442a6848bab8fd57d93de4b13c97596b48058a3

SHA512
49a8cb53cc89ca136ec658219135904669fa19c01baa057526e6ba64721d7a4dbc9c322d14e1701381cc2ae0b778b47d5547a49613bf7cd259d146b304c1818a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
6a094725caadffae5343d10f9a58eec0

SHA1
c4052d7d62be2ac599ebee37b92d0be6eff4f445

SHA256
52b60a14f0cc7f970a390c4fe4ce46e48f0cbdaed33a04e6d4ad05f6bad0eeb7

SHA512
efe6c05f37130eb945a0b38174c363558cb5bb14e692d10d43036776bc4807a60cd9e90a1d2ed8faa8bba1033a3b27503aebd584cdf37a89ee53df03e47c5e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
594B

MD5
3afc1c1395894c05c3bf4b37a4cbaac8

SHA1
7a79a02c0f2f8839739f302cada084f762398e44

SHA256
e4e4c6a5a49713dd439b140326d5af75a3498bc266ba14fd763b926e5ade18af

SHA512
ca552f02c91a9728f5c59cb799bd45e7c62f560b572d071b9c8ad18f3f70cfe1527b6fc8a27722a586f44981794712e7aebab175e6cf6864e05268da47fc074b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
2fcf2587905ecee344f3f5dc5ce07c01

SHA1
80e002c0b46eb7c11080c312dfad41c12c8b60a5

SHA256
a184330e83944c1241b00b5e6809913d47e7968f43d928edcbf94b57fbdf53e9

SHA512
d4e4e6be81e3965afa9aeb8d4201e9f3617625c45b8e40e5610647851a983e6eae2452f390a6e8bf7eec58b2a496fc0c6c2bbaee967f2aff3c6732d0bc89fc5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
87ecb4686e822cb50d4136a5465ffe44

SHA1
78ed4c9a83750005ae7ba27ea7b98d9050b8da0c

SHA256
7b3bb02137d939f768a88f01f81c50c2957b4bfeea889946d307808c9729b7c3

SHA512
603ccdb23d14b0ca238881cac9455bf6e5b4419b5c6daffccec128bfc4b387d329aaffec48c310ec391ce084e9acf168337ba1cf69d8f487a989a01a97b0272d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
6232d8763b3ac13b82cf9469c872a294

SHA1
a9573e42671065973b4eddb5fbc436f640821008

SHA256
f64ff4e31723cf92256f9ade136bc3e861483b1e49bfe59d85c4c4fcf2c0c859

SHA512
3bf7eb15866e8c7a5ac931e51fdf124ecc59139f116107078b6cdefef32e457143f71979be0502c42072856a7d43bb72ff6c87a6b88132a82cdc296c759834c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
7e6524be8670403ba1fbfc89dcef4b68

SHA1
9f9b0d5163a7a75e6a94df0790f12aefb45c29f0

SHA256
0166bc324f7d29d8caa0a15c9b829529ea8647244db764b89db6ca67576249f2

SHA512
458e591fdf426f14235390e519bdc968bea784987a4f98d4f82dc2b834545775db08a8c4dd03a5a4392cdb4298a546fbd74f06e324a1015f37760b790cc04583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
Filesize
16KB

MD5
17e965b44957a8d118aa90239875ca6d

SHA1
d350627653b5259ae7f13d0b36345717bb7d1b81

SHA256
fe3c09558dcf944e7440b47114cb2f812f22ea972e87f570c1c23165f851b61b

SHA512
39c7fa018660bcd300264305728fb627fb6326319645d09245aaa8dcddde4b5d50c1bca5073eabfcfc54b6f39dc66ac07d1ad04980b53068ec50b34d65b93f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005
Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006
Filesize
17KB

MD5
d22cb8682c6c279a568ed39bdc634f0f

SHA1
677360e899085b1fe7af0098575842261a6d854a

SHA256
78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0

SHA512
2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007
Filesize
18KB

MD5
bf84734a469b89aca5a2450ff72bf3fe

SHA1
c6d1d87de39af595d5b418b44efcbbcb1b5d96a4

SHA256
429f7392db31248d0401a41671917da4e8f491f5b4948f6012ea5f44a6c858e3

SHA512
28f6fc0d41a5348b629570507cd92230c167be99d54f244666b69685403986a5aa7cb779fe156ba7043b9ecbc8527b0471bce6383dffb60a8ea12f7b960ea931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4357fc403bce10693348e559f1f0fa22

SHA1
43efb34c7b98d4b67fafdd6c489b56f3061b9b2d

SHA256
d706dd86d591c4743dd9ddcac3736939de771b4a6bfcfd44a57ad7cb69a41eab

SHA512
fd0aecacb6ed8a944bc241cd7b03f5acc798597cb2d2a2f2fe3b62bc16d3f218f7c10b43e9b86f78b64e0ffe36396d250c98a9ad188ada87d7f1d14a4c5ff001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4357fc403bce10693348e559f1f0fa22

SHA1
43efb34c7b98d4b67fafdd6c489b56f3061b9b2d

SHA256
d706dd86d591c4743dd9ddcac3736939de771b4a6bfcfd44a57ad7cb69a41eab

SHA512
fd0aecacb6ed8a944bc241cd7b03f5acc798597cb2d2a2f2fe3b62bc16d3f218f7c10b43e9b86f78b64e0ffe36396d250c98a9ad188ada87d7f1d14a4c5ff001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
792a4ffa6e5fbd709695ba740814fdc9

SHA1
e53f0ea476cf9ecb9e950c1ec38985d112633d54

SHA256
f607d94947060df35ff710b7803a65d269545f95daf381d3fb3fd7cbb50f1057

SHA512
d27f8b44d1295d1622d6c12c170605e0cf09fb4d757113155459fd94195659c715ec6df59dd74de51fd750a8bde4e49d37e02e6a1e7d11ffb80efabf4d0a4980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
11f3a39858471d3f26abc759eddca6e7

SHA1
c4fdec39b2b200c5819930c53d31460459de0036

SHA256
2e5ac8d257a6b0b74a2af805dd711f16100bce35b8a1b0c5bc8d0ce9de6cc2d1

SHA512
f35f3b90794c3cc26977d9ab5101747c40b5d5de33cc05d4aa49c14f19a72ff8ef48b1cec77c249bd8ac4f43258363ea34fbd7ded1a48313d96b6de23922c40d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
65642786dae8de4030b355c80df3a1f5

SHA1
b2aac0dbcecca7a81991ad2016fa72702e3da1b8

SHA256
c90544abfb7ba7839f99f1b2d0a9631f2ab2ec14af71f9e4c94bd3d50a829526

SHA512
de4c2ce2907d6eb43ae5da0d98b2899024abe268d5ffe443be96807c60156f9dafca7092b713e3d6a5b4e625a77c687932115162492b265c098df4e25747b77f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
ec415f443fda80e8de754f0b63571d68

SHA1
4f6667a16ae72759e42889e75cc4926323559a32

SHA256
72af61fa27012e13092baa42eb7bd91f824219799421d464bdb50ef84f433e29

SHA512
0538c1ea4c22bdfd62d8dd0725042df2da3141bf021021d2e75274c575f4a5eb91f16e9b66ee3cacfaff10b6ebc904bcee8cb00d8d217e044eeb87f88984e7bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
df33d7aab9cb25a990755e97896b11eb

SHA1
eec3b3e241a245b0c785bd130ce6a1cd0a058996

SHA256
21bc097a505b06a2b6bb2f1e3d041eb06a5288a24be126699a7e2ad4532ee333

SHA512
4969f47c05e3f02b0654708ac9df9e0e7ce1adaf4a9ff6650abd2b057b92cdaa0899e426a016c8ec093cf2bcebd64b8ec6a0c896f443808218ba5985e09a53cc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
3e380a1c61d4211b330de17f4ba34a39

SHA1
bd8b8e32f6edbfada9be1eb0630ba05c58200da8

SHA256
b8c17bc32f2d619709e1b92a3ef764ea798ba8dc8793dbd1176e3fff41b31e65

SHA512
740201a8fcef5d5ecdc11629659a4c8383000175055414c80294aea32508f4b712478b5d130ff5e53b6778704e5a34ed19d3eed4d1838d8a897384af60721ea4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
12KB

MD5
80ffe3e9a03a27339e90bf5c43cb04ef

SHA1
8c6dd6f732285cf45165472b1c0fbd1297835338

SHA256
ad64a4fb399bdaa41e576797232a372c82930ff327cf8937d23af2761cfe3c63

SHA512
60bddad319b1a134e7a3c17eb671bf837ea90880a5871de8e756172dbdcda991a63a753bac7807413950fb0549501f598b550ca8c52b9e3544b61679d718c845

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
b0dab82952d07e5c0147d33a138481d8

SHA1
115e15d8c347a63f4e5d3db076b22154f5688561

SHA256
a99d4527787fef0f799b0a293b07cfd25f22246488776840f9befdfe41545ba4

SHA512
f6c75a430436d716ee9ce1729cb8501237559c1ef8047dbd722e6fc51a608cd2c367f00d796347edd6577c9cbe7c60dfd633712e7000aec529b354d2c98c2ab0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
afc83da3dae13bdb26b92a682e20b279

SHA1
37fab807578c0d55378f6dd3d99967f4c9e69525

SHA256
2f7edefb07138ee0ae8ce045164bdbb9e4b64174659cf64a5cd2bd3e9213c3f1

SHA512
59c89c59de324b6a3098d3d50690b06782324314a5b23733e5df45eb76cb437b392bbbba7969e5a94a4a70c5bebfed863480c7122fb1dc268bea15c9f3d44c92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
9a442e0230fc529c461b407323fc3023

SHA1
135469502a88b8e548a2e7e5f4284cfa20960b89

SHA256
5b603c13a7b53b046f1a927671e42b7b0a8479e33f075e23400f37790717bba3

SHA512
41e610192907e9796c8d9a80559f0882e0a279170e5dc831a658e2384f48fd25f5100f645eb6bb8c54b411295ffc6c082c98beb4f17ebc879beb99457c5e7635

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js
Filesize
7KB

MD5
b0f82afd54c13e3ff154b7f7875c1180

SHA1
5d9108977a342f00c4f089182b4ed070cd3abc70

SHA256
22e6593d4739007d70539a14f62ee7a704b85a9cc7a6da5466473c5a749a0445

SHA512
44e04729fde3e6afd0f7a70af01d6a3cdbd2e4936c1f55e39d76fd80f810199933bdc0a6f981ab1ec2541ad3cf02a28131ad8e0f3c88125393b9a14901ca755f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs.js
Filesize
6KB

MD5
c51d864ce303102b6a0485660ce9a28f

SHA1
89a1c3f15f3889caf365b1e989c7ce1a181bc2af

SHA256
f94b9b0c49aa63414b4f14d4419638c6ccba7a54804547ba977f252ea99cf012

SHA512
e5bcb7e9ba2f5694f90dba239ab484ccfa3b34f9e390233113859816d945c41c9e1ad9dd2bc3c9d0e13398bd96da070587a81a05a88b8f01b0a71223e0ca4c64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs.js
Filesize
6KB

MD5
2ec727b27e7e7f1413fb4322e55a6578

SHA1
18a666ab4b1e20dc004acf587ed6230b8aea145f

SHA256
c0d0714bb2b8572acbdb278d32c2f60c29e2d876d7edf2d47a4f057e8baeb5b6

SHA512
a1c8fd97e88cb38fe4999929a7047998449062f53da225d00322d0056fb206e0c97497e9d06eef40ff838bd23f492ed3cd75ffb60e445d33d6b73dea61f6678e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
375a458143620b1d6b8dd312410266c1

SHA1
a3cd23574be36a9e88ad6d087cef516ce890d3ff

SHA256
1e047a7d3b701510c94a36dfab10f6ddee70abf2504e429248b6aceebe5c5d87

SHA512
385d085dc22bd0d3e3f43af1b785b7a988045f7d8b3f2d3789c419f09c81acfbb0cd47326984ebe188e9a4baec39174ca55fb17967c381ac87b37e9204ff5e53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
34da638bd7bde58c976d4ae85c4bda80

SHA1
8ea9e4a5126cc3bd7644775a94b503d382b4439f

SHA256
f91bf7fc6038111760f7ea883894d3bfd1e2a010a985bbf3eaab21c286e03621

SHA512
702a6d9a4ed41deb9d1c9d138bb42a57bee0d8b8ec07fb3f715ceab2c60f158ded7db115f25b0a18b246a6cbb97d7324a7c5be9a58efd4173320c281c4829d6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
21afd57b119b715a3aff1a233fde82bd

SHA1
b810c04f62f8fe84e8c5d94a3ca2038bd5d5603a

SHA256
048eca7236a216375b4ec178e232e543cad2e8e1574e09e9fad434bce7db0dff

SHA512
3269d5d2cbcd64a380fae1bc4785b5a70104b7a56a51181e5c781392c83bc9fac054369e43179f6b67590b3347f2d4ba75423c044183a82175ea7a40fb118abe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
2635d17da3d2490912a1eece5fe89513

SHA1
5878e6529e9d044e62531c2e90b2940a3ef6f5bf

SHA256
27a9e5c562ff514fb6fa4d89dbb3cfa261ceab5bf2b47c21663a97c35e096f7f

SHA512
054b3406d62a7fcf5c85e65dfd6aa9ab49fc63a58257c9662cd02f6ae47d0aee67ce1726f450230a0d39816840b0ed66d3e2a0caecd201b9a4268922997a524f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore.jsonlz4
Filesize
2KB

MD5
dbda2fd6b1dffcd2d85ef0ea34e87aca

SHA1
c756332dcf618243cd6311fd9636f123d10112c7

SHA256
92e7b62ea478f3f2a40921bb49713646d495dc08738f9979a0435ae532ff3b46

SHA512
42952e24b50c0b0300cac3bd7f8b078f1910aa639e6d566227bbe17a960350842fde354867367dbce81f761124bada8f0bed456ad572f6b13ca6a9eaaa00b997

Download Submit
\??\pipe\LOCAL\crashpad_1668_LLFUGQFFUOHBRPSP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3388_TQAYJCNQKLICLBSI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2456-744-0x000002729EB30000-0x000002729EB31000-memory.dmp

Filesize
4KB

Download
memory/2456-743-0x000002729EA20000-0x000002729EA21000-memory.dmp

Filesize
4KB

Download
memory/2456-742-0x000002729EA20000-0x000002729EA21000-memory.dmp

Filesize
4KB

Download
memory/2456-740-0x000002729E9F0000-0x000002729E9F1000-memory.dmp

Filesize
4KB

Download
memory/2456-724-0x0000027296680000-0x0000027296690000-memory.dmp

Filesize
64KB

Download
memory/2456-708-0x0000027296580000-0x0000027296590000-memory.dmp

Filesize
64KB

Download