beb242318ade855841e7c1aca59f24b623e7f4d7e4fd6249a7cd8581c7da246c

Analysis

max time kernel
217s
max time network
222s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nezur Launcher.exe
Size

2.5MB
MD5

86c808083aca1c0b02ac96f2e02065da
SHA1

c8cff42ea70c7c7c7c4fc315cd1db6859c0625ab
SHA256

beb242318ade855841e7c1aca59f24b623e7f4d7e4fd6249a7cd8581c7da246c
SHA512

1bbf64fa46aef9133df10e3f89c38da1279aae1ca4654c8e4b96cf58a1ae8a5a079e8362636f0e7c2bf5bb61c33fc9e4143d07ee9cad1a9b70cda7ffbd7d4c78
SSDEEP

49152:yCp1g4biR0QR+Pjl49uguwVi8828ASE23rtybu/6MwQidzNiuz5Evi:yCp6SB49ugf828Ajk0rQ4xic5Evi

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
144	api.ipify.org
148	api.ipify.org

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{FB20AA18-2D32-417B-B4B5-8D85E64D7D9E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3096	msedge.exe
3096	msedge.exe
1096	msedge.exe
1096	msedge.exe
3496	identity_helper.exe
3496	identity_helper.exe
5740	msedge.exe
5740	msedge.exe
1268	msedge.exe
1268	msedge.exe
4532	msedge.exe
4532	msedge.exe
6080	identity_helper.exe
6080	identity_helper.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe
1268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1096	2284	Nezur Launcher.exe	89
PID 2284 wrote to memory of 1096	2284	Nezur Launcher.exe	89
PID 1096 wrote to memory of 2272	1096	msedge.exe	90
PID 1096 wrote to memory of 2272	1096	msedge.exe	90
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 876	1096	msedge.exe	92
PID 1096 wrote to memory of 3096	1096	msedge.exe	93
PID 1096 wrote to memory of 3096	1096	msedge.exe	93
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94
PID 1096 wrote to memory of 5020	1096	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\Nezur Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Nezur Launcher.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.nezur.net/product/nezur-key-bypass-85-off
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd657646f8,0x7ffd65764708,0x7ffd65764718
    3⤵
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
    3⤵
    PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
    3⤵
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:5232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
    3⤵
    PID:5500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
    3⤵
    PID:5524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:5516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
    3⤵
    PID:5652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
    3⤵
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7810904883752361299,14580118585619452096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nezur.net/keysys.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd657646f8,0x7ffd65764708,0x7ffd65764718
    3⤵
    PID:3976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:5928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:5648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
    3⤵
    PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
    3⤵
    PID:5580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
    3⤵
    PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4724 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4044 /prefetch:8
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5700 /prefetch:8
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
    3⤵
    PID:1580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
    3⤵
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
    3⤵
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:5464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
    3⤵
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
    3⤵
    PID:6012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
    3⤵
    PID:2232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:4148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
    3⤵
    PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:2620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
    3⤵
    PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
    3⤵
    PID:6048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
    3⤵
    PID:5932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
    3⤵
    PID:6008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
    3⤵
    PID:6092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
    3⤵
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
    3⤵
    PID:5236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
    3⤵
    PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
    3⤵
    PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8660 /prefetch:8
    3⤵
    PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
    3⤵
    PID:3676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
    3⤵
    PID:944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:2220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8932 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
    3⤵
    PID:1852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
    3⤵
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
    3⤵
    PID:752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
    3⤵
    PID:892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9888914041477155092,538443939662705036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
    3⤵
    PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f08cc9760bcfd015ed030577db1e9d41

SHA1
c1babd1b03fe334a17647c5dc29dbd7cac8b0ea0

SHA256
9ab24b4f79b07d6c97d1ec543d175658ff54f4efb326c7062f947622fc22346c

SHA512
3a7c24be41ef323a1f88268e3da7c672799b5cc2512065c2293f81694f606bc7ebab1db0ba5f306aaefe9ad7979bd483b63bbabf0b28b35e94e7d15b4ad9ee10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6708a30a7707944e617a857cbe566733

SHA1
536de540f8be7169f3cd6a7b6f2cb01af5688519

SHA256
b9a905fccd30fd58ec5838ea2dd8291b42b57b8205b41946275d20b0ec70e3ec

SHA512
1fc0ce44a32f7e7e22bd504d22594f25dd2d23d6ef8fdc0ac3c49c36f2ba9b393a6e0923c43d10a809dda881327d67a1c3e332035dd7a2152a52ad2d442127b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7753b9b9-4e8d-42d1-936c-a7752b1eba4d.tmp

Filesize
3KB

MD5
fcd4e406368e59c00dc913a43ea56190

SHA1
0a08d7e59e4656f01294bef8e0c2ef6fc26731b1

SHA256
0103433776ec85a1b1680630c52be264389d910393168e10d861764868438ba7

SHA512
ef89c5ec51b328bc62321ce49ca9e2987fbda0d0ac4c09fe121952ad9562655f30157e7f6140e0f26e6d1c7a9238e579b486feb2faeb938d90a628f451a85dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
befdc077669ef46247bedbdb79f5fb60

SHA1
fcd2fe48357789b9128aa9c4e1cb6fc0da7738f5

SHA256
59cb1067d80c9b43bf21836da6ba4b3f6099e6bef42e172d4e3abda184f7fa58

SHA512
57a576f0bb064ecd770f67ec81bf3236290ef4567023923ab8c95852e6bf17e15ecde49ad9e033d593a45f70e37c7ef3f1e5499cf0859e60c90bc0518597643b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
afa28260f0c53e2a5a70ec425df95d6b

SHA1
dcbffe1d370cdeced1b266cac2f7efb38ab1317c

SHA256
11b55380132b7a6162417390694cb4b7d3cf45acefa1149efac06951bfe57546

SHA512
24666dc6dd7519b4415a9e1f626bd45050ec2b8c45260be79bc81f26a97107f5fa9fc28663ffe67a77336f88fb7eebb19e944df45aa2ee3305009a6202f11b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
a1fce01d6f9be731ace2b891ff9c2624

SHA1
f2df46a627031081aeacc97ad75427eedace6711

SHA256
5b7d5604ea97961d27287e6fd9a022e22c2d33e42530e3fcbaf30fa7e911c450

SHA512
22ee580eecdb16ced5f17dc375e9c23b0f9f64c4eafbcb79b43154c7111548c58d1ba14d1f7014f65fa51985e85df03eb314d0f551ff8f3e30ebd1bb3c5f41c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
d4e16841870295092e6a54c2f8b215fd

SHA1
479866b7657dd70731e92ba185d8427f73622a6f

SHA256
963c22dea59fabdd08dfef2669e0438ceb995eacf04a47098ac586d0cbea2f0d

SHA512
e43d7d1a886d5c9bf1fe570dcfc8fe47bedef6fe5b765f46b5280d8f0621b7c8b97e4bc9d8e7ee1e1a0b255289a6dd773ba0d8656242dde513dd87c53536b11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
617KB

MD5
926eaec95aa508440a59f230ad96f8a2

SHA1
333a8819ae3408ac99e31c34c8d4a89791954331

SHA256
505977924ce742645387bf7b8b337d52b0264a19aaa0484da9ab45ce68ab5286

SHA512
35f1adc1d96c0f5fb8f9fdfc5a7f29f61d45c41343b85f90a4b9e9da17d737c1c87ecf7cc269458b7c1c434b2f499d6c9976038422fb622f249e0d89025a4fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
66KB

MD5
59a3cb13ece5f6d2f9b5544c46637721

SHA1
0c9c8dfb48c22a880e3a9eac0a5149a5536ebaf3

SHA256
4b6f635972c0f0e1b46cf6d51607643c1135ef3f59aa8098609fc24dce34995b

SHA512
a2e4a4ea53f0f0d370cfdd3218c09f62d40a9e7605a0c46ed3b1b819e699ac48fceaf14f6bd6bf58fa2d5a52a1e1bd958d7a8f573ee77613c62b3a5911e3d93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
69KB

MD5
468049f83b7c289a0a97442c855c73ae

SHA1
443b0301f49b3398990b4a008ca13a7ee9c6815d

SHA256
44414b8e6e8c772e31df22592dc6d249f99d7eea1d49820e8f4c0abbc39a0667

SHA512
ae23eeeaeff09d5663508c905d2f032fc1dcb5fd8c1eca3b587fb90dc98832b36baddd6f1f41a05f55c0dd11a7bce158072f64b60e9fa3695e52277c92435678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
75KB

MD5
2c1cd35a385ce0a4a0d7d496a5f1508c

SHA1
e0f025a57cc1a8772384ab0ab550dbba4ae39e5b

SHA256
0844740aed1a828b089a913af602f522be94d6740a1869af2653c6633bd3a503

SHA512
40ac6ca84c29de63e6fb0764e12689759e3351142cfb654a2a00caa33060b054bbe19736ae7eb113205eb2cf18850e18e060383c8dcb6f218690e89fe6f44181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
37KB

MD5
21ba26f72fd5e2ae195e843ca4307b83

SHA1
f010d77fd285f8d847abab1706fa90567f39e4d1

SHA256
ed7527d923b788da02e931859535b36a8f0137001cfa7107eaef22221aa80b18

SHA512
59c698172cb7511d2b4939f672adec0f8d8030436d24e4aa66dc8c9034e275c1bbf266b6c2055b7bd849910c7dce8024b14118b6b814bb78c8b79f4427d4a893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
47KB

MD5
e5484dd9fa92904cb47abc2e9dd18b87

SHA1
2528e0c170b6635c00b4e2a810b54cc3b00a208f

SHA256
609177f3f74f4b359e6836c2221ca29598b1d35aee660da8caa3114c11b595d0

SHA512
545d323e2d64926de5be412f408c72461e4478e35ba46dd4000412c511ca39308b9ff70055a2ad626e675f207ca6406fd8ad84e7b6bb3745268bde42cbf70d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
83KB

MD5
50399dd67f7c3d95d781d4bed780f0e6

SHA1
974da8a78703c3c9fb0e60be5c1efe3e8849b771

SHA256
01aa3eb0e880134819a4c53706967a3ac0deaf9627788ff82a9124d9e577084f

SHA512
18f0e50ae51a14a1711127a0787311d768857802b5ed5b92f919d4df7c90f99a10674c3f1baac1725a8cfa465de7152f850390991067b263ec8cb4faf7ae24ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
48KB

MD5
ec5d553ed1c592ef6c64daaa94194358

SHA1
647f0de2ba6b511ceab755fbfb84a0cdf5d0ac6e

SHA256
47825a900e347c3ebe2ed17dba529d293ca8a3016faaad7ac8b3850df2fcf9f0

SHA512
2bd6127cb4ac72949bd136cd47b9646533e9bf224846a5cf7f3390d22b2d4c16873d12d6079e333e62a74c5e163842547cea631e12e7dd610cbfb39c908f999c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
29KB

MD5
c48dad5f984e1d7ecedb89e6e73e94a7

SHA1
843e55eddb99a9800d779cb9a860eb0a1b5e3821

SHA256
304476467e3fc9e244f8d986a405beee84da3e81646c64c8476d70e64e8c7ad7

SHA512
c78e81ceb18c94a0b8c95d2bf976a29278f2daf6c552404c34ae2613a98ba138453b431ccb0ab08ac4565633449fbd22f13e7b91a1c3721bb29c265650f390c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
36KB

MD5
fd8ff1e7524821b7898e6eaf2d9bd7fa

SHA1
21ec64cca8fde745a253f3bf5cfc5ba5146f5f8e

SHA256
4d275843fdc0a101a2b6c09d50ec3a8786853daf4fa474dd9025e13a9d1a6ea5

SHA512
6ae0c8034f6573cd108916890a3e3e70635ad96936b1df59c9b304f58243225f8a15fd3a7bbc0376e6413cfb82fad381182922df7023cf9985f2505853ebf430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
125KB

MD5
a4160421d2605545f69a4cd6cd642902

SHA1
aaae93b146d97737fabe87a6bc741113e6899ad3

SHA256
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

SHA512
d2ba5c00c3b6c1fc58519768b0dcd23951e74c00fdd424ab4565e7c2dc9c6b8e8077dc75015d9158bfd12f4573a7feed6bc3fb16eec96785c356511c9551416f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
27KB

MD5
0877ea7355d10966086547b998905bb6

SHA1
3c52763dfe0ef40e88cf4653c46bc2654cb967a8

SHA256
031561e2fd5ccac4f5c8d4d5389cbd9622f05484814aa4661f95c3db898ae731

SHA512
94bd69287f1d857d02bf7ccb8d62f404b3fb45831cbfd0e3be6b296418a3cd69f24d9dc8640ac3708386ded373ff214b77c4e549959efce952436ef36456f59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
24KB

MD5
a40e5b28148dfb6e9725c256b4921a38

SHA1
27488eca43c8628cba68db938d85eeacd7e69c75

SHA256
4b8b179366d287992d8a2b5dc63d1b9cb0770bdedf6afb816f9c74158b09d549

SHA512
fb650d4aa05b2ea491ccb96581182891208db228cdf5ca4f077a3bd4dd6cbf77684a84d1e3c85c34ace4ca754e6a20251f43221b0bbf8838f68a76665532fb9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
42KB

MD5
40f44b823dda2abe700c3ba6d4c0b534

SHA1
92c4cbc7ee3dfb25c5bf688c9dfd617e74127adc

SHA256
aa22b1de65bbb58db647ccde284c49b48ae6f392b8b116501cea4ffb47296446

SHA512
98cd491fc08fc37ffd2f9a898f49aecda08b9c9cb9f0ce94c9920ecfb3c6312e8812618bbc2dd2c28f550a4271ed35fa134f8552e56af6a1491cf0f4e424b84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
21KB

MD5
52ef26f0dc0b362e59273ca1860c4960

SHA1
5abeb4291b0e11f74466fba51d95edf334b06c45

SHA256
6f6f1ef7ebe98a7c5eda3a72e60a7fd73d6d8335c327b8bb097f2fb01fc79b66

SHA512
98c8b49c6395ddbdb2f4b4e74b3925bea2a8ca933f0a442829e2fe30e767ee436e138d9c8b76b72c2be75a8922236cb98a0e296d026bf505d28ee05bb51ecea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
40KB

MD5
fdc6953a3899201ef77437d3015d806f

SHA1
1b23ea99d63d7830fb07bdf551ce7c0e2d9aac79

SHA256
b9ff54a7c397bf0127da0e6a8ccb94699edc610708c6691fe6830a68a03777ff

SHA512
f03256ac728d833c65f8549bc5f95c6a1fb3ae3a977af8c5ef4a215064664e45487efb2d22c9fb3577bceb6b069c3e20271809560d30f4caca20840740f5fc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
169KB

MD5
3863cf084beb457b7c5a89cd8e740794

SHA1
010ea4b202a1b6c12760b78d3c7e51345c6e7ac3

SHA256
d862406da29111f02749714742f63e59ff28c5fb7889c86e1213b43cbd14f03c

SHA512
aabc549768cbff69619c50083b6a4e3e62fdb0330a59d3aff1bed31417d4433c3e70ce35cc2e8134a73f6a1ff4ade246737361e467b1ab82f8946ccf21609a60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
91KB

MD5
51dc516285ef28d791979921173fe3ef

SHA1
942a10fa87e86b496d38e05ddd11cafee6931619

SHA256
5e1052c91e4af626af98a3fc5865b27f8a9cd107785be3917d587e9bb6d4f72f

SHA512
2b8ac60add44819ec697011a95a9885f83f8f18e3af3b5778e95bab89300d5b4a6fa6e1528ac99dc4520733e21537062889fa3b89ee0056879de9ca042b31df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
219KB

MD5
9b798abba9c47c0a6bbc9a93c353ee41

SHA1
60bc4bb87003fd56caa662b694576469de5b8c8a

SHA256
d96ffa8feb340db4b6b6bf12abf34b2224d892f09a24f1c8fbdf1c992f223e8f

SHA512
8e60ba9f20fe1d9c5fe9ed822a8331b7c51f0f018e53d7b071e90efc3f85245b6ff9e0c99150816f489eb20494d9422f97ac9d1fced1ae57ee6e249f03febc70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81f6dc517e3ee3ed_0

Filesize
27KB

MD5
35143dff964e880ecefac34a103bf07d

SHA1
89831a750ca1d8af3b3d609e7b69533fa36dfe4b

SHA256
ec3e76e319d3b201f5591f1766c28fea6ee1323b40fd98b531a7bd1fe6fbba45

SHA512
79c987855aaeacf6463dd0770b0e6a4921992057c712265e59ca2ade1e7daf6fd0b31674f3e6982f2c34eeaa18712d18e1d35af0192527aee54d7964f1198b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
0702060ee1ac38ceee373fc26cdbe69f

SHA1
4ccbae8a5b2590c223aea8d0dfe15aac5c255f83

SHA256
0b1bfac2fe191a9bcc46cd6e7a185a3ab2cc783a61468984b4419ef9ed97c2a4

SHA512
4a40bb8a8e2a9e7c005e60283d19f9658abd706688fa23dc6a96f7f5c230589ba3dfd64c1b4af417c5ee6d9306f3f7dcb576ec41d39493295ede27c2681ba887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
0702060ee1ac38ceee373fc26cdbe69f

SHA1
4ccbae8a5b2590c223aea8d0dfe15aac5c255f83

SHA256
0b1bfac2fe191a9bcc46cd6e7a185a3ab2cc783a61468984b4419ef9ed97c2a4

SHA512
4a40bb8a8e2a9e7c005e60283d19f9658abd706688fa23dc6a96f7f5c230589ba3dfd64c1b4af417c5ee6d9306f3f7dcb576ec41d39493295ede27c2681ba887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ce9aa6dd91b147339985e8647ac5b221

SHA1
8e3a1814639858dd91a73fc6ece29855f5708ca0

SHA256
f7d9fd81a0356da5fa8942d34643e08db33a292cfd24bee02fcdb621bbd2f504

SHA512
7de0837878076fcf5f8ab99e6c2f15e1cf1ca7d23c1e6356218ebd0d07bafad16e7bd3950e33bc538997908f33a66aef46474404b5392de97879798f9f2be951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
381fbdf8b7dfcb47391692eb3ab1f4fa

SHA1
6979fa7e6ecef2143a5d7125dc2e480b34e0a219

SHA256
099a6743fd2d01a2fc1c043c5e6f433f35e280828cb1c9ac7b5a7ea46747bf2e

SHA512
55278a3f3e49881a37b0f56a9dd8f7c5670eae4a43438f182abb872a68636997d42dfb9a01634d3e5325b59c1c14b11de5ddd3eab9ca47a3855407b2e7980091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a8c134de053e4401e57066ba7f721e52

SHA1
04577d3005a0334129d63ee5837caa99e679f3c7

SHA256
253f4efed4acf092c11a16d0c77c4b7eacc62e0cd1fb5c87d72bf73b4264a10b

SHA512
7690e357d9ed1de3d343e789ce992a0d5a66c1dd6d24e62495ade0c1a71fa31fdabd0f65f5b0a1252072bb37f80186b518d9ff7964986ccbbdcebe238a25bca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
60a05d368b36c4bd3b1eb3e51432e7e5

SHA1
eb9e3f41641eee52b8d253dd2ecaff0253f656a7

SHA256
256b0ca8d0a44a0ff1f82d82b131eb73d9e21100e4d14871892c424b47e4bce0

SHA512
15e129c23b8f34febc3c399b7a008ed84102dac7df713d02440aea1ec4a1b58d013d1b6f6516b5266b85e0e6eb855c112e30bc02335997577b2b320d23a825ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
86a3d6d8264a540c27716c23cc757d55

SHA1
2b76b132c289c363f87a2e1a3d589d4ad2495702

SHA256
1e716785e5f62357276ed26c9388de91faa71cf1bea84f2db4c5aaf81e641339

SHA512
d5f359372acb0931eab0059cab6179ee12b56c5cfa7a0dc48513425a8615fd4d6164c9d31261c6735a797b516f82e11bf523d188bd64462b1edcd2367779e005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d49d6275ac0d8c90aaa32113156bf3f8

SHA1
2c78465866764f4b47e2f859c7b4773cc8aad800

SHA256
c2e1b86d515819059ce3c560cf1b800f232753bdb49bb7864796449d22fef677

SHA512
a3cc2c7784f118fdbeeb71e1b9e4edd6763288aea92255384742dcf131fdca30f10bd52804970d7c98542290e58528c335c58dd0f8b37b22cda57aa5622081ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
0dd13a35ac427b3c971b2e72ed7fc843

SHA1
09c2642119266b5637971e73bca34847fb39c43e

SHA256
7627b4084f97e316018e613fed9a08a1b18d3f3652c659fd7180855b027126a0

SHA512
b7adc12d4757730265f329364196eaeef2e903e0ac182beae4a1eff9bf1ba8c95b6cc4318918a0be8f736da859ac57c725662c1147bb4337fe6525a64ae6ee6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
170B

MD5
e0fae414f1c53eed33fb24e04782e7db

SHA1
d3cf7e352e80f5f823bed21820f20dd4ab5e0a96

SHA256
ce268d5293140b2ed0dbfbf3a0a4396b4afc1e125a4aed02362b908adccdd958

SHA512
8f1fb47a3e977052bb6631255bc421a45cc20976178e36b9e70bb4421e5d3f91a60f890028667ef036b40fa2d9740e54249480a2c91e54abd7a877feed0a8819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
768060b47be3c23536289f7bbc5cf860

SHA1
f3359959f85d3eb9600a60618e61581a98ba395d

SHA256
177a2cd5cd018ffb1564d68a3353e7d1d42d430b58b6203d717edfd4588f5900

SHA512
6187f142d7903bdd210ff8a347a9aa41e7d6f5266984d8e9312cabcf2cbf51bf949b61ee89245f8ef9862d6920b68cb69f8def53501e8af75c5db7124ba926c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71d545912785c503d60ac517aa5dbff7

SHA1
07873e6602380591a1d3b7493e0bdc6c7f47b1ab

SHA256
3d567defc04f64f50dae1e2c827fc53616d6e9c05b716d8a6071d49c53f4d575

SHA512
d9edc3c7eaf4057e46db8bded6ba9a07034d6adcfe3dcea263ea439049a1483092b450c1d928905759e146d20748f66bba10ca593502301892c38e9f92475d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71d545912785c503d60ac517aa5dbff7

SHA1
07873e6602380591a1d3b7493e0bdc6c7f47b1ab

SHA256
3d567defc04f64f50dae1e2c827fc53616d6e9c05b716d8a6071d49c53f4d575

SHA512
d9edc3c7eaf4057e46db8bded6ba9a07034d6adcfe3dcea263ea439049a1483092b450c1d928905759e146d20748f66bba10ca593502301892c38e9f92475d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fd6d2a86ba6c16e6e38f1d9c4d71ff56

SHA1
01ad6e57e39377534ef2564c6e9b104dc83200d9

SHA256
df49e83c301381a71b85eeecabcd4dab66642ab86d383ab9fc3ec4af04843ae5

SHA512
0fd2ae95ac76443ee3f0b8b0b6963d5fb3010c65ab528bad0b83c97763eff168b89c94673be068b57cd066cb26e0138687c3d73276e5152f011940d211c6c1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
31f1fdc73abce21f6654c66a1a17e6e3

SHA1
b67b5574953581d2c1d0c280cab66d6e48ca3c78

SHA256
6ff6fd596947087a72d26e032ee8ec5495d12d5f7ed29d490c950d2170da9c0f

SHA512
79ad88f50aeebf4afd0655ff7a9281e1a67885ca76a9919c8e39db67d218948f55869346bbed212829295968159f6053e6b6aaf45ca70f9ecbdac76640631a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
44b22ce4cd6ffc2c8665d16cacbd774d

SHA1
8f2459bcb9d85902d49a3213a169e3cda18d6056

SHA256
1c8e8b759ddd86cbc3e515da9aa39da810fee95b0f5bc3e619a1b9998285c001

SHA512
77978c5db98ceb4e72196ae85a0b92c8b02875959af542cc8a0a988935859b4edfa1292b3679bf295c68ea7eb349118657695852f307a40b519954e17aff7203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fc264b0775eeedd78595e0435b77be91

SHA1
b441899a7484c1854a26c13700d50a07253cee59

SHA256
876829f00e351746b92a7361fae8a0bb13603ec8efd97a7309b71d784cb6ab86

SHA512
95196f0bbcebef452945552c301cac8da4951404f001a26032d7a58410e07540903bed2a6e9b89b0d01ce617aa9d9786ad101b1a173ac6c569c429ea9e438b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3021a7b732cef905a4eefab264989c27

SHA1
fa8e1606696d999898b6da7cf994563a71657e36

SHA256
37c47b16309fe823308bd637e3c57c9b6993456b4683fd7ef11bd45381f9336a

SHA512
3702a68b6ad27bbaeaaed95d72ae3b8cd61717fd5a805561f59e4c4a6a125cd37e1df872bb19374b4c909dfa9f9fb73c26bf975b4ac1f67490fec2480587333b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3021a7b732cef905a4eefab264989c27

SHA1
fa8e1606696d999898b6da7cf994563a71657e36

SHA256
37c47b16309fe823308bd637e3c57c9b6993456b4683fd7ef11bd45381f9336a

SHA512
3702a68b6ad27bbaeaaed95d72ae3b8cd61717fd5a805561f59e4c4a6a125cd37e1df872bb19374b4c909dfa9f9fb73c26bf975b4ac1f67490fec2480587333b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a90e63b7def7218c6675bd68dc46334f

SHA1
3cf1bf7c140ad5427e193d1600ff6c9d0ac7f82a

SHA256
8262915c99c8b0d540420efe0178806c9727b1be041bcdc8f35644d2a3b132c0

SHA512
79ebe16e34fcb0fef525dc0b11186d78d07f3711527575f63f37897c31a0b6d42902501c064733ba4c9aabeff6d9747e1b618b35e2f7d6cf4d8e7d6dbfd66f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
faa6d9ed71321ca511b462c5d3c6c415

SHA1
ef3e375a8cc4bdb70b3031edcac63ea3e74f0f0d

SHA256
1d969cf08394f93890fef9a0045ed52e4fec62227a4203f144de7803339a7f34

SHA512
e8c8a6265fff6a97e00f67cde464f3fe7294692f77abbc4f779f0c1fac548483d49af867a8eb1168d99e66aa82cf9df324f0d3f12d845006339a0dbd7787a3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c4e0eeebaf2fc07b4c70bd73c6f96ef3

SHA1
e80e3088033c29e2e5272c1d6489c5dc1bb55717

SHA256
1aa68faa39acfa243dfec6fa0d40bb1e832c523ce6082106195c400b37f44c0c

SHA512
c9888aeb8be0da5d063213dfcaa63ced96750950d6d93da71b378020244dc5302ff4534adbf86fa422a63b6d6c97b53b2a8ea730fddac098915bb9c327e826b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6277978f5ae21b24578db46be205bfaa

SHA1
0e7cb5ca67be5a16b583b5a1add01f723563351f

SHA256
2a111def3b0bb46896a667e79512b6596ac907feb29e9e48acf013f7542f0149

SHA512
42ff65d12910cd451bda915fbabd40cd2c4aab27604c7871d75e675d568e6b5ab99821869c3e21bf9e92d18a0fe55ec52b92aa366e7c524b85a9c11ef20e78e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b0cf1ea0e2c8e8620f5f5e7b14e714a5

SHA1
415c30b4e9cedf6ba96d9bee051009de503d37ea

SHA256
e3b22c706b06c3e1cb594a8a484c3acebfdfe7fcec81eb3850818012c6dafe3c

SHA512
122ec2a06174ced4b40fa9f19f6a881afe509c11cf2a1c9f16d074e29fd6c26b1ace3e706c5146aeeb0983bb040d3f8ba40655e9a944bf1a7b4ceeea2aa86e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
65366239bd60cb9ac2342d2be3be4069

SHA1
c575cab049b1369aa2e1c1f91bc8a83e7665f8bb

SHA256
368bb7f85d3d9e1ea0090bdf30fa746e5a5c7c840cf59c2f9bb6edeb84b3c572

SHA512
91b015d08898ff6d6f81972fc43a1931247be694bbf3bc5b74a0b72c4ab66da90eee54fdfcbc1db981326f135af1288b3c8466b001ae103736cad4bcad80ee11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bdc2c09e5fb1155e7768d942e22830ac

SHA1
615bae2ae859bff7fb8d365ec56daeb40bdb4309

SHA256
e7b17bf7c542d20ee4ce6c3629264ad72595a62939295ac401036449e672943b

SHA512
06e8e9834a12a44023b7e55851119567ca1c5b8f777a0fbf61b5a8b0f9f8f04880b21293c6cfe1a6897e81cff75765f2aca84689390996d353dbab2abdf35c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b5720bef93fa5310a94e14fbafd48292

SHA1
22a576364dc8d555d82ce32314343b44bb2b85d6

SHA256
896ffb1a4af42a1a7163599be6da25ffb965b11cc758756c7097e672554c79aa

SHA512
d5efe345decc4c9ae1d495a8316e34b2b3c048b7222c87ea1872e0af3bd6f8a40d5aa6588494fe2d284d77e20348cfc74ea3ec9b39f961c1c48ebc9be072fbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0b33077e58040378790f1edc663d8c71

SHA1
31aa2f10666bcbb9b73f604b04982b6654d968b2

SHA256
694412176e7bbf4481ac49b239745dc7bbbff077d1e758f6116ba61b156ca39d

SHA512
34ae924f3307d6d60eb3a3a322b169517c908874011cad17c72eb3bc9352feb38c05913d38719a9b4f4dae740d98cbe0268a0f278d0f86c05b55f5eccf9cdd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
2837fe519564694f1ff304337e387027

SHA1
70fa19791e1ff16dd3538d5135b94ca1b32bb155

SHA256
4dad3f51ba2ad7472030db64502e99dd46a21f261de61e02e30e9a9518ad48d1

SHA512
73e77941f56d51d2b109ac86027f44f8d8b713074adc62e9f939256d3ba8d8879f8d330d266d3c149dbf86bd276a69dcbf3eebe3f31e0b6906383141eb70e5d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b6109eecbd9fe22ffdfc0b57bb98eedd

SHA1
0802d968150b62906058192f193bf0760a48675c

SHA256
d185024b21334b15024ba8b30a4afe35c0dc3b2de1ba67d9555533de4ec2488b

SHA512
198ca0b02c7fb279c2de02d9626c42b7995998dcb32c3af78b73a87e7c271d9f2638261b30a110cbae738cee7fa8474cd67fc20335a82d83f163f09a5c7406ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13344968252375306

Filesize
7KB

MD5
5bfe745908b767f4ce89ea543022c45e

SHA1
c32f40d8d416cf3e72aed183e465eed3c3fe5a32

SHA256
a6873bb7549700a2cd63ab9b2981a2950ba2c879fd46be83cfb3467704e996e9

SHA512
04c31ab4a0c2cff3fcdf7722306b23bb8b391672764849d153c9a1731f58ac20e06bf4b8245279765d307f2749813b8a151ca8cc736669e3449cc0a7ff1ae813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0dbfc1c1b21237ffef4509c8fa2aafc0

SHA1
70a9b9a5e26e5fb045435edb39ce6d0b38e3f0a2

SHA256
3bfb9a9865df50f95650b2f9aea1e32a8135221c0009136e05b4e104bc0c2b16

SHA512
43ddfd7da0b2d38edbb7a417bb22a7eba66a97f5206d6f370ee7945c744a39314703702c5fb0a56e02acf02b4c503d4420d805da807fa90f4bd22e798df7b95c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e6ade9e5ec62ff099db3b9cb33ff438f

SHA1
c0483167e53189c22302c490e973c01956ec5be6

SHA256
3f8b3622db8d1f9ca72b255de7cf9af1d016cd2697ec6b977697a01695f295a9

SHA512
7a21f91a6c3f13f5079c9d0f25c8cf2d5ef177d951873626885edc2516e8e0c118b5b0069af55fec8d35189be875823de145b245349807efe2f5cae98070230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1bd70b6b104720561e55aaadf86a9524

SHA1
ab23793274997b5b58c41b634cda02bc3b6c385e

SHA256
9ec9881a8cc1aedd8e23dee43d00d4077616579609b7bbd1e4175c28c50d82c5

SHA512
a5175f74ba408e9b75cce9be885e0e98f156a48e02616523510d4e75b4d2b888b55cda3d5b4ed82698869d4ce573508a4c23b9ba2853fc5d77016d2ece8d251d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3d47b6f3ee07cf545cfce32a8d840a06

SHA1
879c7707bdab805be641981b78a4db23a586c5ed

SHA256
779c108e9484736bcd8afcbe7517c51e01c8b17748bf678f976c4cf25f84d5fd

SHA512
3b3ca319a96562ae19c14d2bd5c7b8e2a3c59a7b31a7c81b6eeb9643b6eda90f74cc84d8e1f7544482421dcec741c026f77a8508687de20ea5030c662fbea0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93395707d173615bb40cef88865c1efe

SHA1
3b4adec8f57e180d2d387e9aaa597021618ac7c1

SHA256
df2746357a5b7fb10074db115e259e326555df935fdbb2edbd2fdeeec4e2b9cd

SHA512
547885372e26ee4709e1e0a9b79ac234ee154fec8f44fe5cec137fbd210621dd2875903414f1b04ce5e0aaa4b35c98a37ca06105d3b4f24b2d497f8120a47c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9d76a26594bf6f869c4d0d5301c3335b

SHA1
582306585629938f1720e71d278a2071b7030607

SHA256
7ccc899c7350f318280cb5876690ff3132427baac93fa650d8a249e01e37a5a9

SHA512
1ddc0c3253379e4b51c2cbc58b1f36b71cebee6b497e1492d1f9247f0f9d8ec168599907ea95ea4ecd6a89591877c03ced3c6206e05fc9dee3ec7dac77027000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
204564c5869ad41a6793a81201a8ca7c

SHA1
f4901022a1ab5ca5d361cfe40f9187c02fcd39e9

SHA256
0bcfad0c9148746478a0ea7ff0d1a383e5e6544faff737d1d4e7851ceb44d7e7

SHA512
eea490068a36c8c052f8f140174c0e2cef15bb07a4486155cbdc4a3a0297591363c63ac315bd7f211642ee4ca100ea394f9368e685533c670c776c11f46e9224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7102ee8be96742bdfedda84eaf2623d5

SHA1
d5c30d02a3fdf291c281fa41e630d98b18040dfa

SHA256
19b641f9685674f307bb9255e2615e2ccb816f7712bfb0d0940ab0e03a126cf0

SHA512
beb2fde024204f37b7e9ce58bc8fce2b7586aa15cb86b032317953c2747f416715ef6e89d92ff91013732130502c8125cc47009d249522f4f02757d4b0bea2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
165e8629d954475307063efef41aad60

SHA1
1b055f4bf5731ded4c2f2db579d5d7cde361cc64

SHA256
1be8be33ca41bab6e317898160be568e3cfd41bb90603ce82292aee3174cb151

SHA512
7390a57bb2ce7f6290359752d42a780837472731f689a65e0d3f01fb38ba306ec2348f3c30ee8ce025120c707710fd41f01a25f52705320fcbb26fd77e78b521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
875a01ae404a6ad563d82a4003d5f3c6

SHA1
6fdda85575b0ebce8719a4cff104923eaf2039c4

SHA256
9308a89d2654f0104669f263a807561115655dddfaf43c220709b7ae175ec784

SHA512
f35d05ca82a692ae19b003389dd2318f22717b6fd55fbba36e22a07d7811ea9d84096462a78dc0f6314d864d50a9668b9afd016a30cf6b3429ced5c99c29fddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8a061217919249f25925beb9200d9ebc

SHA1
3a0c3ce158d7c31756270c4613c2b517d1b276cd

SHA256
aa9c5c1a46d683040e996cc8b77556c7c0587341d3f0fa44dab7cab6f303f878

SHA512
767c89d1321768d17faf287c0a1bcdf4687b978f171ce9ead94e223ac7540948010b4f63d8085a153f9734fe14015006ca07c213fd4da756cb7b6720165c1f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2debc05c5b94aa428e8f7742c5580a17

SHA1
aadefeae964af39b87336ac00e043d36a9479793

SHA256
0e893ee7ae021f238c37ff2195b84520b513bfeb525a44e95e77edd974ac9fea

SHA512
4beecaf5a8698dc02a5246d5e1510b9778bc96032be70a7da5b25879d490376c7d015373d1142c0201677197aa18b18657a17dd9e5eefb4a7d4e399a8e6fa64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
146292bfdb7eedcd79b17cca13af1213

SHA1
12281fe0c402344e630fcba96877375d5b938c7d

SHA256
2644bca7a348d5e5094ceb47c30befb6788493918605064556f3c0175fa5b727

SHA512
42046d9b18ab607729744ed0bb1760a9641032c2a45d103474d3523c35a643d395ef9a35a6cbe348eebd047d01f3cf85105d50aca28a68ff7fa2bffcb0039f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
15cdb2a21586c7116fd48b3b87df8ac6

SHA1
e525eb05ccf1c18d00ab989eee8c0b4963950e20

SHA256
c974ac5775b2e0001d1d92771fe8832a8fa3ee95b7feb8ca03f8463a19d3da4e

SHA512
6b8b7460dd2091b50a06cff5bab0cf6044ebc7e92067d3df229f97a487be7fc9c9b342ea897a12cfe50a54f6804d6fda858999a635d35d8a1c00c18c411c6e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
4e9401d8ba34cc1b64b53d0f407a92db

SHA1
62a42d6ef7914ffbef71936bfa78bc982a8a9875

SHA256
cdefc7f11af670d1cf6b6c2efca189a8b616a43c580b7f3859bc1826ba096cd4

SHA512
185202273c007db9968599a1fc8ea9f1e3c5f99a1644e5467acaa71e69fc74e50e91f66208765a68910a59cc05ccd634817e3e3ff3ed74f1d67bf1265f359d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
7daa2f0d5b7c26c9b28066c093e70dbb

SHA1
872f2894063f008d890a30d68e2f26af03fe8859

SHA256
70cd9a9c45588e6b472d6c22d3d483cb492386fd7e781dcbdac98b758e631bea

SHA512
017e7493f1e37b8ef868ce0452e78ca2e54de383458528a8a7d1f346809258eeb1d0f1ed6016cdec03428d61d31d75214d92c99997509f0828dc3356f126642c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ee79ff89f2d6c1b46ba1562c6ad46e7e

SHA1
0869896ecf3872177a8872b4140a329b1a620bd0

SHA256
87f8dc4730d5518ee94283ba0f5ec1db78d31ccea53dfc76d888f2d8ab6a10ba

SHA512
3b57ed4102ec26952b37a6c544d700275a636b046329eaad64f08c0658ed2e7ec2e0671796c6c1da4c484835b71697d606daa0c1ef83701a932a953d5e4aafad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
bec92b1917a1735d454a6fb7b3c0c328

SHA1
374cd2cab5d137da3732248ecabaed28d80ad484

SHA256
f1ae94d42f64f347facddf3761f5ff7f77b7acb6ec2121fba3badd9b2bd4fd4f

SHA512
1b049e902d05a56d5ea6ecda80e1e659344508f74910ca9392e1bf67e5c74ef2cac299747b105e46162b39653b82bb327f601961306146a0456443cb4ce6b834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e41c8560e46fd93aa0fc8df97741ce71

SHA1
c664813b343ef1c4b007e798f2b964dc3cdca23c

SHA256
a1542245877e9d7cbb0af456f6037caa1aef1c688b5b751be1938d1a5aa44d6f

SHA512
a08b2f9db08431ccde59871c52dbd0b5fea1ccb96ab656dc91e3d9fa42dd59782b51cb21734bb1ccdd78245e154dbd8f799f3d83022eb5401ea3d20ed3d67da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
2be132f285d2a14ab1242fd678a34f79

SHA1
59fcde168d9cfed463f38cf6a33d6a847cb03fd7

SHA256
c60ce5d6725c1760e4e813d06690d2f6e347de3796e4fba6b52f02421c648614

SHA512
3597f6a384d5eaf0be67e20656fc96d8d6de9aa50c6d1fb759df977ef324835fb6e4bf7936940f939f4c2666ef3b42344683db949a7862f88d67bbeb327d7b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ba0ced7037c66b10c44347e4dde2e93

SHA1
725b46f3ef52db3c85db629e7af7a193a318a774

SHA256
dde4d3000c8c67f774cbe97437d55f7444aec7d99d498ac1b164fb7104239411

SHA512
c422ac1b6d13cc3b402bfcb473c120da006170fa10e096510e62167dde32c7e0256d15cec7ef0672d1c82692cf6011edca92d56c70a479514c9419fe979eaa79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8514405629c63518077fce5d949b8427

SHA1
02577ecff86a5e811664915064c01d885998897d

SHA256
851ede8c02a2eec02c7bd354cf762ca8a27c066ee0d168b29bf2161fc3b1a932

SHA512
f303ac912874e485a7963bc5b7cf354286e7c5e19b722afb19b5007f2e862e02d8b59b2f89a1c29875c02204a49a3d16ec80063f8822c5ff8618eadf400ab087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5bbc1cac7ab2e36ae795c1f639c6a71f

SHA1
ac967b40cb3253c5ff5557baceaa5b5785f51d45

SHA256
eb6a2a3cba21a4db8f928ab0a074b08427958411c32b3b86069ff07e1b3a18d9

SHA512
190d057c73ac85fc091b63eea1daeaf37082af9989f1be430da44ec40135f174686c1b4ad15f2c2316c834cba8d8af99ffac109cb66e4c446628dc87dc8146cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fd407c05-0e5d-4623-a44d-f9b6db3bb1b5.tmp

Filesize
12KB

MD5
63993f27b0f2237fd7043fa28be987f2

SHA1
89d7826be9ea3ff98e01489034bdf73ec4444f97

SHA256
a6510a799d8fc01da4295383e8654388673311356a0cdc266519cb8d25e65d43

SHA512
86690d1814507519f1cb8b025de08ddf19531f455f791d1552a53d810b2bfbd9ca769f4dcc06b93c5cf9287c7ca02f9177a2fea41ab477a3de209d847b1d7fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
f32b6dc75e10907ccbc6cb6961cb37b2

SHA1
161ce7a0c0a4961068e62eb4551aad72078ccbae

SHA256
e8c250946d936c81e4d17bd91a628b601fce0b5146b60fa28332de2e71a2f725

SHA512
05ea1f149ed666195315cd4209574920051dda9fb86588a2290b1329e95126ef0f78046789b5778b5d6aca590625c53b7537525b8b86194d40ca81c5bb106096

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3896bb7dbc5c22557df353852a94e6e4

SHA1
a3945a8520791658c17d36a4877a48bb5b46be9f

SHA256
75fd928fdc35d8b857797bbdad01955b18e9c76df8eb50fd3a1359b24167a472

SHA512
f547f9906ebe38923e5946d1a8acbffa48154b3a2f856c2e3d6b0a3483d6add4cbbedb924ab16ff2434b96068d85ed9059b0531d6b632c74d8980fdc8b32ad74

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
90d671f7a1a5afc4e699a014f88c943a

SHA1
70c335b8f31e37106d69c353edb16b381d486524

SHA256
ce44cbc44560f4d46291ee3f6bdc7f80923ee596fba8054d5bba2d1c0bc23299

SHA512
86d745a4589ea78b9a99e2ae87dfe0ec617b558b85fe8f2f9b75a5c7c5ce00356340f8b38c0e6c245e99ac1534f1eb08cebd7418af4c4ea9ef41c9dd3094710d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
78fc7793dc1b97df4df814b334d2e3fd

SHA1
d382dfdc867dd8c222cb18a159e34b33b3e15991

SHA256
cd48526c0c7611c5a1d807fd0e1c5c53eaed1d05f03f69228a4707e31ad48eb5

SHA512
ff2d05336b7685838661806bbb771ceec75c3b489e3ef6e452229b3b14cfa6da7b64754656015a10336c1106e62133ad2e512202807ca9bac746c84cf852c260

Download Submit
memory/2284-5-0x0000016016B50000-0x0000016016B58000-memory.dmp

Filesize
32KB

Download
memory/2284-2-0x000001602F3F0000-0x000001602FC44000-memory.dmp

Filesize
8.3MB

Download
memory/2284-7-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-6-0x00000160353B0000-0x00000160353B8000-memory.dmp

Filesize
32KB

Download
memory/2284-9-0x0000016035400000-0x000001603540E000-memory.dmp

Filesize
56KB

Download
memory/2284-4-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-482-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-3-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-468-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-8-0x0000016035430000-0x0000016035468000-memory.dmp

Filesize
224KB

Download
memory/2284-384-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-1533-0x0000016031700000-0x0000016031708000-memory.dmp

Filesize
32KB

Download
memory/2284-0-0x0000016014C10000-0x0000016014EA0000-memory.dmp

Filesize
2.6MB

Download
memory/2284-1-0x00007FFD6DAB0000-0x00007FFD6E571000-memory.dmp

Filesize
10.8MB

Download
memory/2284-291-0x00007FFD6DAB0000-0x00007FFD6E571000-memory.dmp

Filesize
10.8MB

Download
memory/2284-441-0x000001602F360000-0x000001602F370000-memory.dmp

Filesize
64KB

Download
memory/2284-1588-0x00007FFD6DAB0000-0x00007FFD6E571000-memory.dmp

Filesize
10.8MB

Download