hxxp:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

max time kernel
664s
max time network
678s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2952	msedge.exe
2952	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
4044	chrome.exe
4044	chrome.exe
5308	msedge.exe
5308	msedge.exe
824	msedge.exe
824	msedge.exe
648	msedge.exe
648	msedge.exe
4624	msedge.exe
4624	msedge.exe
5304	identity_helper.exe
5304	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
4044	chrome.exe
4044	chrome.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe
824	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe
Token: SeShutdownPrivilege	4044	chrome.exe
Token: SeCreatePagefilePrivilege	4044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
4188	firefox.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe
4044	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4188	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 3452	2952	msedge.exe	85
PID 2952 wrote to memory of 3452	2952	msedge.exe	85
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 4356	2952	msedge.exe	86
PID 2952 wrote to memory of 2000	2952	msedge.exe	87
PID 2952 wrote to memory of 2000	2952	msedge.exe	87
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88
PID 2952 wrote to memory of 4736	2952	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http:///search?q=reflection+nebula&rlz=1CAKLUN_enGB1063&oq=&gs_lcrp=EgZjaHJvbWUqCQgFEEUYOxjCAzIJCAAQRRg7GMIDMgkIARBFGDsYwgMyCQgCEEUYOxjCAzIJCAMQRRg7GMIDMgkIBBBFGDsYwgMyCQgFEEUYOxjCAzIJCAYQRRg7GMIDMgkIBxBFGDsYwgPSAQsyODE5NDAzajBqN6gCCLACAQ&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e9c46f8,0x7ffa9e9c4708,0x7ffa9e9c4718
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7635604304090533765,9933364031254735990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2412
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.0.2045511544\217654365" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1896 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {436c850b-809c-48ed-9045-b215c7d4166b} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 1976 2033b4e7858 gpu
    3⤵
    PID:3384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.1.1467805827\1598381488" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2332 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9c19337-60b1-4e09-b0ef-b070259f1e96} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 2352 2033b3fd558 socket
    3⤵
    - Checks processor information in registry
    PID:888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.2.1150462745\28867896" -childID 1 -isForBrowser -prefsHandle 3324 -prefMapHandle 3252 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a8774df-73d0-4dd6-8a86-421a6a42cf70} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 3244 2033fa9e558 tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.3.656259310\1762414237" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 1084 -prefsLen 22085 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ea1bcce-b5d4-4c7c-a3c3-f842e1ca44a6} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 3032 2034119c558 tab
    3⤵
    PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4188.4.1835292245\916336060" -childID 3 -isForBrowser -prefsHandle 3712 -prefMapHandle 3724 -prefsLen 26624 -prefMapSize 232645 -jsInitHandle 1304 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e65fd7e1-4c84-4fd1-9dbd-f0c9a601457b} 4188 "\\.\pipe\gecko-crash-server-pipe.4188" 3708 2033e48da58 tab
    3⤵
    PID:1460

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\2601d2f9bf5f4734b9bfd7867f403872 /t 0 /p 4144
1⤵
PID:2052

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\ed7c6745bd0b48e8aa5944661f0b9feb /t 0 /p 2600
1⤵
PID:5528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa8f339758,0x7ffa8f339768,0x7ffa8f339778
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1452 --field-trial-handle=1916,i,11754199501622765307,16230022328632327025,131072 /prefetch:2
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1916,i,11754199501622765307,16230022328632327025,131072 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1916,i,11754199501622765307,16230022328632327025,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3272 --field-trial-handle=1916,i,11754199501622765307,16230022328632327025,131072 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3304 --field-trial-handle=1916,i,11754199501622765307,16230022328632327025,131072 /prefetch:1
  2⤵
  PID:5832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa9e9c46f8,0x7ffa9e9c4708,0x7ffa9e9c4718
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1732,5704709941611410458,12694013838121309296,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e9c46f8,0x7ffa9e9c4708,0x7ffa9e9c4718
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6569190878300005829,1661007310970534420,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x7c,0x80,0xe0,0x78,0x104,0x7ffa9e9c46f8,0x7ffa9e9c4708,0x7ffa9e9c4718
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9083971748496711195,8525622562278644349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9083971748496711195,8525622562278644349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0af5314616a62cbfab8ea3f7396a0486

SHA1
b5f66013b07d6205ef7c26a4d8c4b31753f52e50

SHA256
3437a58750f32ab558361c5f4040a14e2ab4513e9b4bdd1e1c80c06a43f51602

SHA512
9d9b6b15e29497aa9eb310badab86eeaf24d25179ec7704d457769e7add5cfeabbba36d2defb0e25c56ed2df506f9554a864fc0348ee1705917eb3b4dccba3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
75db70c57ff8053375ce3a92907a7205

SHA1
ef5d21a11be4c5624248a8a4e2224abda89f7e04

SHA256
7db67f869d0f4d355bdb864c16a0b736ec620b88e2edaca38fdad380c416e222

SHA512
861c339acdb7820627cc72fd3e28712f33c015ff9c6fbb43d9620ae2dc006923e0a63266c66256d162ccff153b946797ecc5f966dbee0e0f440d9aadcfd0d1e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4b9abbf3fe3326873d405498fbd5d5f0

SHA1
ce8691ed6028fe46ac47f5bab732df2af81b3a22

SHA256
d270a32e4d5a041f85aad5b0e9ad943faaf0ebe3d89ed2de2333fb11dd602a16

SHA512
c98dc3ca6d8a82f4be55f80d1734fbea23480b0cc0ceeec7cc09466cd729a5ad036d39288ef43e746353572f2753517014ec4fcefd04d61efe64e34586e5b818

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
a9499e9a698cce76b847f94625a60972

SHA1
fd4f8340bf74d4ec57cdf585f23f4e0f6b02bf1b

SHA256
0938fa25a68ac71ac5141c289df91a4b2d51f3dd255cc6fe8f5395e6eccc882a

SHA512
6ff6fb5e2f10a10fd3953f579013090be9e4d1ac13acbec21b4c5195c4b20058edc9ef40e15c9ac6b3595ce7397d6dc79aa5a742ed0ed5f3ad1569285266e495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
203KB

MD5
553f70e58b1195c3687d3f87083ce427

SHA1
2d731ca2a5f21266505ed802bf296ce4e2d41132

SHA256
b7f5050b8d7526455a0c4f3495a6cc2f097d389ff08ee6f5ed82a64767655746

SHA512
e3089a6ad1e7f0fb668ae3ca8d0e17bdd26222899f86d7db8d024194cfdb2ad59300a9a03eb75cace4904fef73fb0bb6aa916cda6d7de1e70adae27a957ac36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9dbef3f8b1f616429f605c1ebca2f0

SHA1
ffba76f0836c024828d4ff1982cc4240c41a8f16

SHA256
3e0297327872058355ac041a5e0fc83ed017faee0f6c0105b44bb3e5399a93a1

SHA512
4eedc387fe304f27f9d52ff5d71461c7f22147f7a8c18b8e7982acb76515528a36486a567451daafe093f9563b133c6799f2ad046e04256ccb46c83eb99e86c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f8d463234aa64ac603b371804f83bd67

SHA1
aca5847373432c73b23d281bcd17595158eaaaf6

SHA256
fde4ebd6aef2b0045547f10ad814dd115ca57c8996707e98052c56a412ea8268

SHA512
80426cc20dc585d775269b4018d61f1f6369f62e7d5c08d70329a86fc0fb4c54290f02996eb6587063b5b5fcf6428dd80f6fd47476480df8f491e3e8b79e83da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d21f4ea4cdc2148f025f39c5ea29785f

SHA1
c0ede837deecee7a7fadfc8c3c168e01ea37dcba

SHA256
af798b0adc3453ab880f5abcb2aea8756e3e16a8e0cd6e07ce10fa53b7a6bece

SHA512
abeedb492fc450753ea97e937e10011a44417a1b7ef9f65ab3f3be5883818531c67bb26ba0e61203fdb68818ec4022947c72fa17c600a17a37b7f299d99a1696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
fb2752ad27562ab21f5f5c8085c83d25

SHA1
d26f74d7da0300586ca89c493e663fc7aedb0447

SHA256
b69e90c96a2e63ecdbd6054627781e5c6f6494164adc26cafe699f2380e454d2

SHA512
525bf41e86dfe3d04fd685580c882b70be47f1b6232b4ae3542da027cc0386e99d208ed90b2396f87fb2cbd727669cae4672a398095fa53de975931cc617e32d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
61429af37b467d005ddceda91474c846

SHA1
7c6c1f44ef8c8869216cbc7e4caccb51256364ac

SHA256
9d8055d8738e76b0ace3466dd853078569f77e7a3f33981ccd7c6538a66cd40e

SHA512
7aabccc900b9cf37fae2c083627ecb764c8f7f7f67e5e160769679bcde6abf39ab816559b48726a8636be5f52d06121db3c463d18790362c33d1ecf169c12688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
fbdf6dee07e910d7de3891855874e7ae

SHA1
0d27b944686e36935eaa56a1d81dcb96ee146034

SHA256
1d89c90304a17c928365890c4d2a2c276a6abe0c9354f7eb2dafd7b2216bfc75

SHA512
f0d16e0a987d2c797ccc000d2a4a4949ba628519b831e6da4f389a518581a7f46f04d82ee1e1e0fce22c30e0dcc11c179ff0ee452b86ce7495746e6b214b27c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
451b748ecf1455d8351665ced8a9356f

SHA1
3e5aaea0c27c879a8b1671b7e226501fc816c948

SHA256
e603f19bc12e2eb65f128e165b6ee36f039947e22682c2cad7639340038059a7

SHA512
b50cbd764f9e4013b83d7b451ae66cf2f4bfafb74cfd7382936381d2ff248cb0b0e7cc236d86b9d64e57ca748611791efcb813f1a6aa5dc916a07b7d809766c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
b7c067a9c6ab5d965621c0890fc375bb

SHA1
7f3661083a89937705e24d9d7d8a91110f8f8238

SHA256
4d1c2662411c910d062bdfc0f8aa2e5c33c7deeb75868b670ad95a330666b3fb

SHA512
12e9ba4a75c1f989bbf1d786330cbc8fde1d234f2a9155125595cdb826f64332e8f9f502cf4e07516a50710ddac5f7f8f429e0f114367a3a93f65a88446c9abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
391c12d4668dbb274f28eb96151ea027

SHA1
9d48da785e412c984a0c499a5e9632f0e98ba340

SHA256
a44ae74199915359d59687718d3ac0a4f1ab2dc52f7ccca838829379f4ae4830

SHA512
d2a3f40ba4733363bf2692abde0fb47185c725e8e96606d1ee6a2966eb829b26dfb97f37a0041c88bc86943504f2bed23c786af1ad3d5e1b0196133a06492ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
0042e42f3a0ebdc6a5f5730f6186bc88

SHA1
cbe4e5a3c07e105d8e171270fecf49402ccb923c

SHA256
83fdb5dbe05ff86e70814ce99176a65658ea91595bf2f331cc264ccca3937a53

SHA512
19c44090ec289918a2e6773eaebdc7dc0edad495eba78b9290d423798cc889ebb1a08c33093a14f967bb6a242b7816094f0b5c630ee97590896e7ba2fc77ba70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
fccab5e381ac8cf51d9764342e756d02

SHA1
c75a042907ad50666853683f588c7138286a2b50

SHA256
b0ebb4b1e30dc398259be49ecc8a15c0477ab201c8035e8d087d8698dabd90f9

SHA512
236ecd016cc9bde5a5fb2f5b65462bccf8e90c572839431a14a1dd5b886cd66bcf34243ccaf3c60984fc935cfaaddd7e0cc85903402c46a1a76416a93aa4287e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
cb6f53aa53db9652651a15c204212041

SHA1
52798089467283b90f88686fd306babf16abefcd

SHA256
0d8a4985ffdbc15ecc62ffc1de4bf1e1f05cc6073bab51e2d3968556c57a33e9

SHA512
0a3cb6ede1afcb4ab9b2bf2068135e53fac529d43c5d3d56e299ae1c20fe284c84fefd87bd54898e2b041b38255e00762b38e6d894d594ce07ff3129abc8c8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
b3dfc68960890b82d8ba3fb2de707d90

SHA1
bc8b9aebb19818056d2f1bfb2edcd81b218a0137

SHA256
a15ca102d3726dd473c98266618a4eb8ecc80a1dc67e8e693c5a4976c36a955e

SHA512
ef869c585df007db9419f99e34018a31d83fe4ae49f5d7a6a0e55324fbef5a16c5949712b1349060f82547f0ba30b75d7a8464d64ac0118847eb71249c747b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
e5fc1e593e9c39780848de19d623bb0f

SHA1
f6c6fc523c3e40bbd37d90bf96d25c93052864df

SHA256
070a28a755533dbaecaad4149c77116e3d91c1decc29910033c670036bc4d2b3

SHA512
6a47e632ba1d8bb8bb019da5280afd2b17c0dc5ca592528eaa95d7e3070ead972c5ab6e74429e8c928886bb6bd61ab9b2fb5ef8c4d50d5b973946557bb26064f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
4211efb739041a059f5e9fe08069b087

SHA1
534d2284560654788d7029444bbce1e86181d71d

SHA256
399ba090b521ae5f239cc9838b626f06eb687b2070ca37d75b15a7f66279cffc

SHA512
2b6d1bff91a5a8e200ad03edf47881a47b2d24ec0f05abbafb9ffba13847e58892b4639324a36afe78e8fb31da7e71d833f80fe6c7c3309f67d41335f5e6b93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
391B

MD5
abab0e6db5076350a04391cdfdc969bf

SHA1
be95323992189f03a32cb2f5f607a587cfa281d7

SHA256
54381cbc37acad2be719d1d01760f0f264e03a1b59824abfba8dabafb6e13c65

SHA512
c242ecb0dd70d5617be1d9e2a820338eea7ea5e7933a29e13b062912b5c1c0f532d3d34095805d462eee68204191d159bc4ac8f26aed429034a50347c8ac4459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
391B

MD5
abab0e6db5076350a04391cdfdc969bf

SHA1
be95323992189f03a32cb2f5f607a587cfa281d7

SHA256
54381cbc37acad2be719d1d01760f0f264e03a1b59824abfba8dabafb6e13c65

SHA512
c242ecb0dd70d5617be1d9e2a820338eea7ea5e7933a29e13b062912b5c1c0f532d3d34095805d462eee68204191d159bc4ac8f26aed429034a50347c8ac4459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
627B

MD5
e6e664ee6581933d0cccde037001e634

SHA1
c8152c167be3630dfd5cb5652d87e136a1b8d5c0

SHA256
1f7f3d8c654e32d771be5fde5ff9850262c6e910f5baaeef1051b2fc0cd10001

SHA512
aabd8f03bc03b2483d1ebbe7155f64b114cc2916fa4ff6063f972ef6bf10a4caaba5b3db759997937181c4c3c03af34494c17b70d62ddc5088004722e37ac965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3f79712ea1eb3faad685de59d7e2784

SHA1
54d7e43752a51ac979207eae3cb0da7c174fbd54

SHA256
8fd3c3884df99f70feedfbec05b5e64cb8376a99a3d0a8df066662802a9f551e

SHA512
183f85793df2c43e7bd63cedf7d0320b3503c603bc76cbd09996da29f111aaa1578616e5d0ed28ba3ffe6da0549e21c4d840bdfbb32b57b8368936ebc9cb1fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cd464cb55a9bb9697619c1fb67a7282

SHA1
53ed4a2b03fec2673abc7c14d4378ef6a0683e37

SHA256
89eec0e63883857d0a25a63ff99fe5260a428d03f166b602b871c1b758ea95ab

SHA512
cb5e7a0bd67f75157082064dcb8c949f6ed447d3fba65ca97010848e8c68a3139abaefb20e026ec70f3985d431c4287e0cb71bfc51da5fb0b8bbd59f718193df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8356e2e5731b3781eb627a260a9ee9ca

SHA1
b5949b3431bb49ed9ccaeb4a93a506a1164c332a

SHA256
c56fe6576ec127989546d284f18ac6c26e7785c51a094e2ec24f6b85559a86e8

SHA512
8df47b77415dc57ef2a8f8a9ccc853180872e36edd7e9338fdedcd4bac107ddf3b546261f940bec6e2823531d636a6f2e7d827298fb86da681a944546cf7a806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
17b988492498412e5638131982cdd2ef

SHA1
140209982978bcf71331449435a5420048e9a27a

SHA256
8ace10f1c458039d5f09fa84cb1587012f0f3e15daf385eae1c86db954bd92a3

SHA512
cbc61a49990bd380cfc8bd652f39cb2cc73c0605ee3d248e8f4c7cb97256e8dfba7db68fa6c10f138b88f64ac4dd6ff60a197e7a1c33d6c4f4f9ddab69bd307b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f26120aec874e44e102921a04733717

SHA1
de5cebd9cfe1422b695536be4dac423de8bc39b5

SHA256
98e2d5918e55dd3f78e82519e5283fb61c1ffb5c82f7a5f5bc6f94a3747a3ad0

SHA512
1a439585b404e2a6932ccf943b8a15a60eadabb5fbc154e043c5892f02f6dcfbfba45e0e401188993b27644c13404ec2bd420f1b8bccf94a6a15f28755667800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e54d08504d6850e19432698d7358e34f

SHA1
040cda5d88f3ce1b3d6571e6c2e5e2a30f8522f5

SHA256
ded7f1d2d594b1692f13be70903e2744f157ad5369c0dc0e4b914e3b0669f4fc

SHA512
18e92aaee5f1b3b58a41cb5d04912642c556b36a4ae75efd8a29a3f1b91a5a5136dba41c849a2d8239510ec4931574ce5ad94ed93ea7e3d265525fea78fe9ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1fe015619967a4320f0ba75a7608785

SHA1
b2fa75ee422c32519b3f0656a72e4f03743ec24b

SHA256
1ea33e2cc116f8267d82cd1bab5d05454e6f8ba757f957e4060bcf3543d25f0e

SHA512
a296a6f2ce53632e5e03b8dc5bc833f66369cf87ee213780d3572b898e8cbb9b646a030220e4575fc6fb0f19c2335726e883af8af1f7ccca5769a0b1a55230a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92b095da5d5a0ecb2a4394771728fdee

SHA1
bd7cfb1291c2c45cba8ff9ee21bb116abb3db031

SHA256
a1acde9075f3b79cf8e6cd766a2242581b6d708225d330e1e36be50865786351

SHA512
801c02cc26555da45210688030ca0954506f96f3bf60299b92c4d45e63da1640f1ec8d746ff68a9c2e8e7768b3c2fc04b8161b2912eb6b07e44ffe11084a5c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92b095da5d5a0ecb2a4394771728fdee

SHA1
bd7cfb1291c2c45cba8ff9ee21bb116abb3db031

SHA256
a1acde9075f3b79cf8e6cd766a2242581b6d708225d330e1e36be50865786351

SHA512
801c02cc26555da45210688030ca0954506f96f3bf60299b92c4d45e63da1640f1ec8d746ff68a9c2e8e7768b3c2fc04b8161b2912eb6b07e44ffe11084a5c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7277cd9f77ae51a6338ffcb6195212d0

SHA1
6101fd15affdbc402301eb21583c388f2f339302

SHA256
c64ece18d6f500172373a2bde627eb75ae12197bf8526837f00a9dc5c58aa793

SHA512
014a811168e3956bc296decc2545b67a289e383bbf9d794e544fb54e96ab2b4dda2ef26da5d5362b0324436bd54238c6f96a171af5a33490fa77a5b91599d771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
107b3356bf90ae4209137f32fc5a8fae

SHA1
7bc8d25736081ef82cf4ddb86fb682e09f080e4a

SHA256
9c9f3cbb630a4740afe91b12612a9695f45d19dfb0423b62c1300a9c1221385a

SHA512
c2b9b87af4c936b73a8f6e3b5d2c42112a3691fb4738fb7e68ac668e47dd8b5dcfbea8609eee44433ccf71680ec40860a86594894d931e6996967be999958ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a5ae29a78da9b893486456059ebc00a8

SHA1
260055d346a9908ddf19eb7a794bf58ec6fcc69e

SHA256
6a86a240c39bf2576fb26b6c573ebe7729633b376a14b48e3b62f6be3d4d9b35

SHA512
e173fdc8bbd96bd967042b239cacb3270019112f10037d0100fcf5f814b25bbff7998dcf860e253941ed88a579a142abb205e35f807449b5db7b995ffd64a7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dde3bc65b4647fee68106f7cc3b326b2

SHA1
6e3324a27e393062f0e0369288d6419695128552

SHA256
48b4a38d098348d70b61474f35e48849a31f676b728b3e2821b008147e556245

SHA512
608e529e2d2b2d3d4477f91b36e55a070eda102bad789488a30e3737d1888a5ef4958f38956ecf77a8c36131a1a9cd857f76a531fe20abae0c3ad6b9ee305ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6b6bd47f12e650fb7d0d5619552ea2cb

SHA1
2c1f8806733043de8eeaa69989fc12e24c061711

SHA256
0bbfa15df23b47f0263d8cfdf6f156813907f8c0a1d81f1e8929fee1e8b13096

SHA512
4f69869d47ea5b798d013a15e92c3b0d1741acaaa9f240caddf9a9f8fc456a029e6b26d5c6cd7a80839d4c9511d9bd1e68402c814836d79bb4e4b08ef8fa1130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6dcb90ba1ba8e06c1d4f27ec78f6911a

SHA1
71e7834c7952aeb9f1aa6eb88e1959a1ae4985d9

SHA256
30d89e5026668c5a58bef231930a8bfb27ca099b24399a2615b210210d418416

SHA512
dc31807eaeb5221ac60d598035ca3ccab1dbeecc95caaff5e1f5a2a89ba1c83ef0a708ee0b8ed05b588ea5d50e360032a534356f84c89d3791df91d419daeff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
b610066ef730151c8f9b032beed7bb98

SHA1
dc90b0db42ccca072b0dc1e402a6bab5bce9344f

SHA256
344efb0bfc04fb2ac9039abe0b0e18285cf25fdd51e5e77fd88cd7a8dc0cd46c

SHA512
a8b2140156da1034d50f37e7dc5ea20001cf2aa4736dc438cc02be928fc2d2fddf00f94ae34ea766b95364c3ad46502bfe3cbd4b196b04925534bb29c453dd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13341822545782232

Filesize
6KB

MD5
62e8c4259a239bd0b1b84f0427a5311c

SHA1
20bb3c14f52d014f399e733b6d8cbcf6452d6271

SHA256
cdcaa38c4fd7f488bf9fdb191feca72af5622f6a08f3a5900eb252e1f06e00eb

SHA512
8527e43db0a3136a2afcf4b39c2e0a3fc2968ebc84602d1ea654af5474ab154d11b08976dd9ff64da45bf3e694f80b412a7a4993bb340e3462ba591b22afa11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3eeeddb5c2cb1f2d891dad0d763ec0b7

SHA1
c2825d047c11ad980e0480788c0e0e062a4184e2

SHA256
5269f4484a8e459d3cb4d94942cb1088d360bbae91cd980de92611320fd608b5

SHA512
3549e7cf9a5532cabf7a773516f5e6bb3600a113a4794fffbf8ee7268969361fa1f0d62c4e5e416f5be1b423cf6176dd213347bc1c59eb9b7f99137e4cfa92cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6b68751189a0132e2e06a06255449aeb

SHA1
7f29221da5453fc88c97057b8b50e8a1752e51c0

SHA256
5a9ea183640f3d6b6348fa34f74f746fd386c693b873a9b02956377ab594c81b

SHA512
bb92eba363b78c9bae212de2814c49390fc6ee71f5baac1047d39e2e3836c54d1441cfba7f2dbdc8bef37b447ddaaa8daa585b868db2705e8a3011423a1ab123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
87509b04d4f2c334f9bdac7bae99d6e5

SHA1
10a64321f97c09a0fcf650dc53c08bbed2e3cc4a

SHA256
177fc7ac64a372b3fddb0ef6e3fec424db5a75bce1e107abe7701906b5830e81

SHA512
0ef9587b0fa87b354a6fe8a45c4d453e6f17d1cf917e92270c0df3405f2f294e391e73045e751c9795da7e7da9230a8319eaefe353b6f4f144d9bba8434c7b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e3ee1ca162bb13fec65a3d5d23e71251

SHA1
a587298a42910ca9d7bb643be3f8fc66b2e32ac4

SHA256
cc1730d3ed7fae24805652d9984f866ea272d0bb0b7c1b6e37b8fc1f704997d7

SHA512
1c98d19725c435cd9618e362e093758a11c8cb8495d979686995421da939416fed21e2dbbcf0813155ace282292d75b3f6a312620c35c0451ee8897b35e607cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
1ac758eb298bb01b3ad35bbbc3063979

SHA1
b655c17205703f7b28aaa5f069e1e81ace753097

SHA256
5feca10f22d57ad9b8651297709b4e6ba346b227464841454ea8233ee9b70044

SHA512
8e46549676723f59c093c27678de5ea6ad5770bf9963a304a212a492cfdce1893e41d2a880d6975f3f8a2e7741508af404aca1c30c26f5b444a40a0f6c0bbd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c5b00750-032d-462b-bceb-85b3ad23a8ae.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f034b0a8a6de1c20f58ed1e7fd06f6e3

SHA1
03a65e277b5e2b8e913cc2c3cdbfcea3f2333210

SHA256
0fad25268fedb60870b8937e8bef265450137e2fc44a8557319a1eaaae123ea9

SHA512
83b4c37e15843b7450835c75a4e539b2d231bdd2ea89ee3cbc4d0eab7f10e92e05ec0ae482c8bc9399c58a1065b2ba198bc20860b9597cf70d4ae97b8be338c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
263B

MD5
caa4a77766a58c9e077096d18fd72c78

SHA1
f8b659f56a56a3cc60566a06ffd49597cb85619d

SHA256
329b1b2d174f6b63b9fbe930c2468097bca982c3d0ea4025a4546927ff6d0a40

SHA512
638b1ce71d214b09bb01ed0dd346bba64de2efe8dcf3d45eba132d23ac79b852ecf5e7267060246a25ae91bc8fd72a6faa84079f11a6e60cd4fd807f183f1ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
4a486665b6c9499baaad79db0e7ba96c

SHA1
e1f2121eebf2f1abd8a82ab64dc2b2ad9f70cf3a

SHA256
f15c34ccbc83ec765faa187a6dbfd5a7293668ee4a80044b8c40a95887658e13

SHA512
3576a45e7fe7e730e10b24126422bb473962fe5eb65c088ddc83f1bf666a76cbff1bbf04a8a62e0c46aba307590c69cc36fa3182bb89a874478151435aec8147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
0ec39cf72f4ca8c00bc96b294780d968

SHA1
d5824ed13153711a03c03183f211621c4fb2c7c0

SHA256
01bd91b5abdeadce7425094c49c7419a443f6b0101d37bd20da115b58aeb8af1

SHA512
51660dafb95942d7e38af07f744af504181f60506a26c648e4421c8e5354071f2056eeda4093203d4290c71010427c5b5b11ffa28847a5b949b6f8dcf5cfee71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
7843a69fad9afbc860848c5d2f53d7e1

SHA1
caa9e68e87ff7d2fa0be66a1d2aae733d6ff443d

SHA256
206b9ebe92972a1fc9a4451ab7b88e6a49d8866a7c2978bc6af424250d2687c1

SHA512
0df3f0c8153e95386f185bc8156812a474dd22dd7cd59a457089e69a0c6fab55dbe8eb10590411ed455dea3d5c0dd4e906f45e10ddcc5680582a23360f4b42e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d12cac79d70227b9dda554df134b4f4f

SHA1
d562dce541befe99c6e42c01454dda7aae46db77

SHA256
45c8ff8147f87af534085b9ede1bf2719e3badfbb2d3e490c0097eacaeb058ca

SHA512
4c5d0e90897d7affe9df354e25a71f54367e8925c91f10546d23b4772cdc99ba493c18d71e056c689c3db41e9a66f85e941f2969b88527b09670addabe21f08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
60195a13c49bf92dc0ac7f7c3bf44573

SHA1
c2d5fa0f2aa3912f3dadd29ad0e151e856110e4b

SHA256
0e2ec34ac1b43e6368ba5dedb621e6091cf0b1d0097b8b3631f27c3f1073feb3

SHA512
aba633e54786ccbfa404416040b0d43bd50f63fb3f6746ee879cefec5a75948d094e46f4e9d9afe73f8db2994a33785acc5ae8ed820d9a8695f38dda1c05da43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
3ad01fda0315169eb19323b14c362954

SHA1
b7f9ebf56b5d87c28eb2b59a4860d87acf256330

SHA256
0303b47febe8844a659d19f9b441d98b62feb9a374268a6067ab8b4cc1d6c6af

SHA512
b305845da140e09fd9c794023b22608ea0e2b93fe52e2841fc1e5382b99cfc6079e24746d893a3959980796ad568bf066b406016eb91972576417403e55ad444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fdb51639787d82136c7f1531aa5dbb81

SHA1
857229a80382a5e3bf90e631111a5ed0b3308100

SHA256
8c903c6cd7dd5f0fbe258ec85fc87361a51cc3a5504c1ddb5263f8722a8d74c7

SHA512
eaad5ad9249a09a5c1eae2ca9cdb98356ee6226add06d235045e5b5e91ce0f7d90cb9e6225346672222d42ce9bcc8b1fb86211b7430c2ca3a8f6abb099abbf0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63861109c2990a696cb8aab4b906349a

SHA1
cbb09ef9639ae960968643c6e50e9ba403f66fab

SHA256
734a95722a5ee5d09d625db371b9a264b71af6f0a16eed9918a40e5665b7aeb1

SHA512
5c6ab8499046b15ddf24a536e24332d3140e710dedc358e36dbd10cf7e8aba87cfa1f866dca5af915ab010a9609e784a8bd3660ffab1f180fd419bb0cd14cd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bfa89c9bebdce2ede569b81df45a9e5f

SHA1
4347041f3ca378542848524416f73cd14a94c8d8

SHA256
047154db42a8f07d5824fdcc46904a264fa988f6586d5dedc22a90a2c488ae63

SHA512
45d1b06c782f17429459537a5e7821d9674d86fea8c737b3cd41d3bd8b25a29296ec02d5eccc0147da7870281e6f9bdd15b59dce238f301abbb038cf4f03b650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
18db49b7916f1c39e04f195d0f2b5ac1

SHA1
181b4b8bd97a6847a846fac3cc7d73d514d62ae2

SHA256
5883bafef6c4eec008f0cfc60a8919435ae0b0138e7a7dec787dadf56acada0a

SHA512
9812adcdfda6c0a069c23894e1dc4f92bdf5e7714f53f30c34e5308a05b433031cb510ee0f30eb3850dd7b8e036b6d8588125759af3d363d60fdb5e770da8f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
025805d06f9770f270c6cf3f99252f17

SHA1
4350c9098f6f4d0efe41c98cd992cd27a5df777a

SHA256
e3759f25236432219ac069e647b05b7b86902126af06ee15ca1d7208e87d4a9a

SHA512
98abd59e0e88c1b04452274e1ebba42e355f9d3147d200dad307a9622efb26f34dff785ed1a3f1c647d685f41528750fdb161466456c485806dd481c2d63f0f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ceca254e38858fa172a24e8ccb2e52f7

SHA1
67d5cdfbd97f9ee723311da7f317a49641762f67

SHA256
3e37d1ddfd979d3a6869be3445a879aa4e7a2f3e75692c9462dc2a59d259c0a0

SHA512
54b741b5bc6c0074fa9d5370a5ef8024bbac336d665e7a255c374118ac8ed8002b01ce2cf3a5e832a829d0d232995f6110871d91d4d3ebfeaad632ab91063a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
bcd823370179408f0f906e26794ab72e

SHA1
cde6a724e0f0d050baae70d156d1596cd6e705a0

SHA256
b43a9e8eaffc71f28cfeee6ea792fcbf05cdd4155723143fe31da8c18be88ef5

SHA512
56bc820411e62cda5550ec8b4891e1e8e7085219eaf6258b71c86a8815665b9527b33ff88b660fdd47b3d4dd489e744985518cbde071f14ac400e890cb3365c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
f2887a3432ce6d580e727bddd930ec66

SHA1
b7cdaabb246e86f403bf71d6ac638d8730ac5bf1

SHA256
c07b6a04bdfc025142ea4db6b36ed428ad3b8d47b0d3006b2ceca6c552f69835

SHA512
5fb5933ef4af085b0217532a9facd0e8ad92149418975431c2a15ef2f97deb0f4ea0615fb55d69a9317d1808add4df5738967f7e6822676c876d0088a16cbb49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
6KB

MD5
7cd99a5d9d5997b0992565c1d18772cc

SHA1
34adadb57b136350ddb4306a37a7d50c94586bb3

SHA256
a795fbec64957fc6f4c6edc1c3cbe44accf16463f90c69f4d2893b40f3941c7e

SHA512
9a5467e03249c46b95eb078243947142afd089a629312aa56bcec6e5276371091fdc1dbb4688c2ea401a3f373e4c995e2426a2020d50867b2850fbb66948bf5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore.jsonlz4

Filesize
450B

MD5
705363c546e2c63544752ed867425336

SHA1
ad186ce34e64aac8a071424021e4be28eb600643

SHA256
d14b6028466304d4440e673fe01e06f882a4444a8038962f620902444e9fee96

SHA512
52ac6a48806300c0de161d07ad2b99aa9172e2d010e0350279e433f7d54adc01b31665ab65b54424366e741664d13d80e9bad0c4dd1a4ea9d646397791ac6e5b

Download Submit