metasploit | hxxp://

Resubmissions

04-04-2024 18:48

240404-xftx7sfb6s 8

23-02-2024 00:20

240223-amqsssgg7v 1

22-02-2024 18:16

240222-wwwlasde8z 10

Analysis

max time kernel
452s
max time network
473s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://

Score

10^/10

metasploit seon backdoor bootkit discovery persistence ransomware spyware stealer trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/p7qNSw4V http://goldeny4vs3nyoht.onion/p7qNSw4V 3. Enter your personal decryption code there: p7qNSw4VQKJL4bgshsAKuuraaW5YhXf87Fq7Bf16SY4WMgufBihvh2D4mMbedN1aCsYTsQKe2kRDjJn9PqXmLoSJurteWGfg

URLs

http://golden5a4eqranh7.onion/p7qNSw4V

http://goldeny4vs3nyoht.onion/p7qNSw4V

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Seon
The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
trojan ransomware seon
Renames multiple (128) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
5132	GoldenEye (2).exe
2124	GoldenEye (2).exe
2040	GoldenEye (2).exe
2540	GoldenEye (2).exe
5284	InfDefaultInstall.exe
3588	icacls.exe
5320	instnm.exe
1628	credwiz.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3588	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
626	yandex.com
627	yandex.com
787	raw.githubusercontent.com
788	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	InfDefaultInstall.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133530994655577123"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1392040655-2056082574-619088944-1000\{675EFE31-E0F9-4B3C-AE3A-DA6105F8DD34}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

NTFS ADS 7 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\{5e97838e-c406-4f6b-9afe-7433469c7add}\credwiz.exe\:SmartScreen:$DATA	GoldenEye (2).exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 243555.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 995971.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 279274.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\{6c2920e1-6f84-4aef-9113-7646b9059cb6}\InfDefaultInstall.exe\:SmartScreen:$DATA	GoldenEye (2).exe
File created	C:\Users\Admin\AppData\Roaming\{9be2fd9d-1e54-4364-9d03-06af4ce418a6}\icacls.exe\:SmartScreen:$DATA	GoldenEye (2).exe
File created	C:\Users\Admin\AppData\Roaming\{d803b356-690f-4f09-b0ec-a6862a48054e}\instnm.exe\:SmartScreen:$DATA	GoldenEye (2).exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5732	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
3000	msedge.exe
3000	msedge.exe
3592	chrome.exe
3592	chrome.exe
1172	msedge.exe
1172	msedge.exe
1600	msedge.exe
1600	msedge.exe
5292	identity_helper.exe
5292	identity_helper.exe
3232	chrome.exe
3232	chrome.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
4404	msedge.exe
5144	msedge.exe
5144	msedge.exe
4972	msedge.exe
2248	msedge.exe
2248	msedge.exe
5736	mspaint.exe
5736	mspaint.exe
4392	mspaint.exe
4392	mspaint.exe
2336	msedge.exe
2336	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4240	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe
Token: SeShutdownPrivilege	3592	chrome.exe
Token: SeCreatePagefilePrivilege	3592	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
3592	chrome.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5736	mspaint.exe
2764	OpenWith.exe
4392	mspaint.exe
4240	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2984	3000	msedge.exe	21
PID 3000 wrote to memory of 2984	3000	msedge.exe	21
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 220	3000	msedge.exe	86
PID 3000 wrote to memory of 116	3000	msedge.exe	87
PID 3000 wrote to memory of 116	3000	msedge.exe	87
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88
PID 3000 wrote to memory of 2820	3000	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe59d946f8,0x7ffe59d94708,0x7ffe59d94718
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16804641802566131322,17867789635548650710,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x78,0x128,0x7ffe59469758,0x7ffe59469768,0x7ffe59469778
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:2
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2292 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:8
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 --field-trial-handle=1936,i,12791433466371488666,8602209509427849696,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe59d946f8,0x7ffe59d94708,0x7ffe59d94718
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2920 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9024 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8260 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9504 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9656 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6980 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7800 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,8853171299699076417,7180736332227097453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Users\Admin\Downloads\GoldenEye (2).exe
  "C:\Users\Admin\Downloads\GoldenEye (2).exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  PID:5132
- - C:\Users\Admin\AppData\Roaming\{6c2920e1-6f84-4aef-9113-7646b9059cb6}\InfDefaultInstall.exe
    "C:\Users\Admin\AppData\Roaming\{6c2920e1-6f84-4aef-9113-7646b9059cb6}\InfDefaultInstall.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    PID:5284
- C:\Users\Admin\Downloads\GoldenEye (2).exe
  "C:\Users\Admin\Downloads\GoldenEye (2).exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  PID:2124
- - C:\Users\Admin\AppData\Roaming\{9be2fd9d-1e54-4364-9d03-06af4ce418a6}\icacls.exe
    "C:\Users\Admin\AppData\Roaming\{9be2fd9d-1e54-4364-9d03-06af4ce418a6}\icacls.exe"
    3⤵
    - Executes dropped EXE
    - Modifies file permissions
    PID:3588
- C:\Users\Admin\Downloads\GoldenEye (2).exe
  "C:\Users\Admin\Downloads\GoldenEye (2).exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  PID:2040
- - C:\Users\Admin\AppData\Roaming\{d803b356-690f-4f09-b0ec-a6862a48054e}\instnm.exe
    "C:\Users\Admin\AppData\Roaming\{d803b356-690f-4f09-b0ec-a6862a48054e}\instnm.exe"
    3⤵
    - Executes dropped EXE
    PID:5320
- C:\Users\Admin\Downloads\GoldenEye (2).exe
  "C:\Users\Admin\Downloads\GoldenEye (2).exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  PID:2540
- - C:\Users\Admin\AppData\Roaming\{5e97838e-c406-4f6b-9afe-7433469c7add}\credwiz.exe
    "C:\Users\Admin\AppData\Roaming\{5e97838e-c406-4f6b-9afe-7433469c7add}\credwiz.exe"
    3⤵
    - Executes dropped EXE
    PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4256

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RemoveClear.css
1⤵
- Opens file in notepad (likely ransom note)
PID:5732

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Mercedes_GLE_2020.zip\vehicles\gle20\ruski.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5736

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:2928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Mercedes_GLE_2020.zip\vehicles\gle20\ruski.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7ab3ba8b8086e3d9a1289938378c1bba

SHA1
0780a2003cdb4efe6d0adf940d35ad52a779d235

SHA256
f5eccadfb027c479412420e525d951cf52af154792d3b880fdb80ff6e1692776

SHA512
ef71ce6c2272bd294b147dca344d7c05deac563f3996037c6a719209adc5f6196d025a02e2ff9dfd92cdedb15532181e22ffa12b478ac1c5a598311ef4f252d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
271a419ad6af2b031cd432a3893f990c

SHA1
a32f11727d0955b8784999de59c3c9b106d90167

SHA256
f46cd16c4d0223dcfaaede4788f1bf58bc355af3fc2318756e0fec63bf38a991

SHA512
476ee4c82edcbd06b7ba7cb3d00ab71b8afdd0dab67ee7ab99e04a472253fc5174f967eca5f52101e2ca13ef63cfff6cce2287a18490798fda1dc0e75de47e75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
635eb701435a5caeb9627fc0e1a94a01

SHA1
28366f50f5b0d914e48a9abf34a4476ca4c5ae69

SHA256
e5d871bb0b1bbe210eeeaadfc8b03ecfa9245ceedd46c7c1a88b0685748e14e5

SHA512
8af141dfa31906cae1834cbdbcf0ff384efb26022d637742b3a8f16ceacf633d38e286ccc99268f56f3059e9ba712c15bfec6ba0121304ee7192a0fc11655b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a2480b29916cc087ccd346bde346811

SHA1
9a36a016746e16f0fce7887decbd996705cddbb2

SHA256
a901094e037eb2eda8818573ddab4136e774455dcab86e44229a804318ba3405

SHA512
7deae391c7af9abef9127ce52da944a54c9c49541c2876be6bf53afe282e2e9d0d9f59b4e76b6179218129f07c2ef6247c5de3d13c957aafdab9b6ca49cc604e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0b6a0cf224b71ded13ee48afae1fafaf

SHA1
49fd6c2b57041534d050cc11ea402e99f9bb64aa

SHA256
446029472fce61f5da5587633bfedc900b88d5c3bcf53ee5f50b34343f472dff

SHA512
7594a729c16a066f179b1a2c29843fa9ed07bec021c0c4f994e66e9b4920272572f3343d8db8bafb7c215a35645b13f90d33b8d40377954abe3d19a78e9bd05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
be243d75abcb5ffe7eab697dde41e2c6

SHA1
3dc4ff018d23eb8229f6dca52da179e797c37899

SHA256
0bffe2dcc9f0f614105515db3e74661bc071effc02ac5a6230baa3037fe9f7f7

SHA512
b7844f216770d439885357f423db7334c39147ac6e9cb079b50c31a642519c384cd75c1b8503aed6633c3ee50901f8f521f7fb179d4a7f2704fb509235abe55d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5267042ed6e4f01334e60b6e5af5613d

SHA1
669ea9b06dd41c64cab7ecfb7aa8f1e825e70fe6

SHA256
bd8432d76c373804bb670e0366400d5a02af0f240f6027ccede5c366f637bc82

SHA512
482b13c320aa97a80d808af174d56d2e5ab6c43d1a9093838d500a4626a20228e224c6c890c7ff2a852b15133979f57d369538c648270dda9c1798a43521e475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bc3c0207ce8a5f05f05a10f0cfc284e8

SHA1
f3e3f17a2273bfe8cbc2d6bd9dfd29304ab41fb8

SHA256
3cfae6dad852e3cabf5de89f4dc36f112aa6b383664de919883872d6427602ba

SHA512
79db93e160540d4cc31a5bda97951c2377820449ce041920bef92d660f3c4b9c843f4db3363914a07e6ef0a5deca2eb1a921952df254d5c1c6c42dc692e23bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b837d61819eaa399fd98ba48b0918714

SHA1
c0541767cac2e3cf3f0a6fc248bf40fcfb4ed3e4

SHA256
38b0fd2afa07cd6383c6510c627e9edd9666e4752e468a9eed8c0a7233d9e116

SHA512
6d70d176f0828cf116b47c12e5c0e1ba36016de143f5be23fe1d078408c67399d66b82fc18c44b16c36d5ec872e196cf677a2e8dc0e178d6cbd5d23f5fa3aa46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9bab590f-c915-43b9-9835-f5e4587efe8d.tmp

Filesize
11KB

MD5
0cb12dc26abbc05b54480ec67950aeba

SHA1
d2876cadf6fae3ebd8c6434b043752f35977f51c

SHA256
f4d7c1a9fec0d0736608def39a60b41cc21ed05cf4352ee2b55a5e7868f49234

SHA512
9d9177969da07101c9a5a08570abc79537e8c94dd4e213ff5a6862a60ddb45b1ac198badcf92610301db01cdce61308aaa4d425e683ec96942cce0d8dfccf4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
343e73b39eb89ceab25618efc0cd8c8c

SHA1
6a5c7dcfd4cd4088793de6a3966aa914a07faf4c

SHA256
6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223

SHA512
54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
910243c1707630fa0abbd909f0e515f2

SHA1
f6eb2bdfe1f14be4eff432ebb4ba1f12494b285f

SHA256
afee411553b126ccd6fbbca34cb882e169d016c6ab1f5ac9a0ec21018848c6b5

SHA512
51aaa389ff8490639fd1e04e963c93ee7439367918505b484717031f909542be4a6028509dc105efd761c74c75595e9fc2c7cd29bd5adf3edb1bc0a4ed1a6127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4c957a0a66b47d997435ead0940becf

SHA1
1aed2765dd971764b96455003851f8965e3ae07d

SHA256
53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163

SHA512
19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4a809412decba2ecebb030dd44c79916

SHA1
c48616699cc1b9533d04db5f6c22c35a9162db1c

SHA256
15fd8f095a728c0eade551fb33649b24d2e610cf7f714c8e0f7b1b5afeec335b

SHA512
b03b7d5de8023717a1c4c79cd3534d4829007f38c2d951ce7b8c656f615b8146203126f92abeae18e92cf8de7dd21a345205039c61105ec651ccbd191e2b83f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a35c1222b595962dc3c0fdc3d0b3737b

SHA1
82b8be5cc8e140828b669b34c2c18a2a3f3fa9be

SHA256
54bc915f1e55433f33cc8ecf974d49d8d9887ad41f643462dd07b52f2eaf0438

SHA512
d08d2c0e7f36248e7858795e38585ee677df7ded6eccb675609a82d03bf69b6c3ce0c788c85d663c0c766f8644f6eebb8b3c28bf5e5abf3e870164354c8376f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
31KB

MD5
f11ea88996343792763ca879be59da5a

SHA1
b83d41c5d1cf5d4d0f6f12c420871dbd7a7b2909

SHA256
60e4d15c3c8833b2733dedccfdf2eb38025be0078c3ee4bf2d439aa166362548

SHA512
bd330b3d4d8009ea02c1846a4cd9de78e49fd0cf888819edffc40f1e2eba903f8441055c1abbf29ffd066417cb53956074ec350c2d1cd550f097446f1d45f24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
d307ce6ce114ea2d363c2e709df6f9c3

SHA1
e8173b7467489dbcc7fa23bd6dc2557a70624ac6

SHA256
ddc9046c4d6ff62e0859e12f84c4c2e7e154fbbb230dd415a788e132dba831df

SHA512
6e10b866683259c13aa5f956d50450866bf1e9f6401edbfaf9cc1388a1b6d83fb27f92fdfb3fd01de431dfd6c967f1e6c253f776ba2d3e87268fb88ac908be11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
101KB

MD5
f4cd153b51f2c6360c1b2e31a94fc685

SHA1
15c2269b1665540ebe6fdc294cdba15fd1005ec0

SHA256
cc7601419e3f9404aae76c2be25db2621a24f5d03e4b373d5ed62d30214dac08

SHA512
5d5ed9289d140f79ea78cc9e92f40a25b472bdcbe666ea2e3c58670bebc6551e2c263ff077f5c718c44afe2043990dccf5654c21df3db80ed42dbdf0e2efef24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
279KB

MD5
52c55961b8216a3757616ed8ac9e27e5

SHA1
aaf44f881f6fea8600330e6a02cd28a4313c53b1

SHA256
e78ceb38bcabe27099bc5037b4e1b973b9687c6b78307e3c7d7754d25a2c7f13

SHA512
dc6c0e65188f696f7495be5ab852545aad7679b53a76e5d014f6dd43290b2545442fc7df1cd66d8be9cb847152d129edddb976b03bf4cc84a1355ee5d3641790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
93KB

MD5
7c200611f8d1b1e9a4266f6c0a05a48a

SHA1
cb29366783b800b0edbcefa66700c2fd3ab13f67

SHA256
bd6b9663a5743124ce5ad834d08b4b2e116ae72485a1264a5f247660c2987026

SHA512
026073d80d1c67fb888000b07348a43e7218fc42e7b0c3efa6ad43fb4bad54ab106b86f85d87de71c2daf64836d949c698c511a01ae4bccdd288ec3be0f2ef82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
49KB

MD5
42e0a506e449df085e0fd625295ceb74

SHA1
7fc0aa6bfc998dd9f2499b790ca6205b7b9cf13a

SHA256
d71aedd0f7859c6261f205a20c496e7f498a938741084bea053c615935f934ff

SHA512
a0f0e2adf2920b0f1d398c5d30e849763bd6af338e73152bfc616922f01c1f4eb920f57945efd2316c5e9ae25424197a0048302fbcee25108098b48671497925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
50KB

MD5
6f69d99b9b0706a2a955ed42d64742a1

SHA1
b355b2c2b6f9a92af73e7464d8b4eb1176c3b51e

SHA256
44e2c42df34b1029bff5762f2d9c0c7dc5b4268b965d70d4cc2cb66dafc52423

SHA512
68d3ff4106ea447be3237fe0a895cf85e2e650bdb343d4d5d53f982179f033e701cf6e71522f6a9fb8eeda684bf8281dc95ca5830ddfcef42eda76f605a0bca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
17KB

MD5
a5571d6d474f60c8de8eefd6b7914c37

SHA1
c58b68a94db2016af3ee885434846964b1df5dec

SHA256
322c16e3711704cffc715d1c3c212e1484d7fbb018d327dab5ac62ef463c3fcc

SHA512
531a98b2a73cb7b66d7e97742fc81c8873e556a68cdc328c707852d3d2321c0117392122f1c8c7cf3cf26cf17656085371231f8bee76e14b5d5be1aaca058a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
49KB

MD5
f3501dc6e4b56028379328ddd8f0129f

SHA1
a7cfa360f084e1ff6396678ef131f249cf7b6f7e

SHA256
2d7cd8f8f1b3fc7d668b9b06489397203443d93b6fb634433c5db6cd1ab80042

SHA512
72be51a165978194c02072d5f4f622bbff331c5b92d5ca16ea3102743ae51250052479488591382f8dffa6508d0e204fb261a575c80312c99f211f113d9e350f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
74KB

MD5
f6121be597a72928f54e7ab5b95512a1

SHA1
b2c74520c3f506efbfefca867918e5ae28bd5222

SHA256
787d76ad6deab67ccf8bac1b584260205e114f508fc5542b612e3f75d49a34e4

SHA512
ff0dc2e7f41b5dda10f19ca4d476d6c786fa7a595288f9cb3db2c068293149a1b358119a9c1d9da616b5f9d3fd3f414258f295570e7bb755a665b143861be6fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
49KB

MD5
9549360090baf2eb8b25d3a9708fc19d

SHA1
3229ae839d33696d39c89dc0d3e193fe985f1da4

SHA256
a7bf1f115e60e0c8f3b335df66d4d77baaae4eb11d2cea2cf7c5b4693403a46f

SHA512
8f4b3ad035001539b9e5926454d7f9a704620c9cb532429db07ecbccd7bdbfafe0a23b3cfbbec154db98e1ddd167596265a31da2a2490bb61c931a7a66aa8e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
49KB

MD5
390b76012235541ede113bd336282b26

SHA1
20ad8c2461e674a85e9ef712329dc4502152776b

SHA256
dc3fe423eb6c56fd8551c06a35e81db17226207f7892223c64b83b597ec56513

SHA512
ef1df74976822dc3132a44e1d7297c4381f501f4bf793abb1cd64b5e346041712fbbcd537cb4c2fc046bffd9b20a1390b4d055c51fc0a70a00669cebbaa9ff40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
138KB

MD5
3f9ddf769130a8265c56ea7d897788b4

SHA1
f13406a08bd914680f458add0f8dc4b6b9c38367

SHA256
e47560519c9f8a592141a89ebb740ff657fc2ce1166bcb3a99de11aa1d995d90

SHA512
98f18ad8c1b37e80f157741062225e1d381d32e572251ea91a32b51337015ac01d1a32831fb4e63377944a1c491cb9ca0ba26fc888e2a6936bb1f9def1f42374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
19KB

MD5
2cf9df4d427447dd00b9566db8465de6

SHA1
8087616509700002b3364e20c748888ab581b42e

SHA256
8008577b4c52cbdb4883d39192b6dbef37e006851cb0415c4752dae24b985783

SHA512
ea36bafecde55be1ffa649f4f873e2267f2a7633d9fbf9c43bc6ed1d7076761e167ca4944ddff9f26630f15266fb26237288dfeefcf2b1d6f59eabedff9c89f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
19KB

MD5
9a31b3d6658d584e8d16bbb25cef3ae8

SHA1
6015d2dd9ced18d00934ece35776d97f06cf7f8d

SHA256
46e709f66a851b8819579122320debc189a7242fe2f7c307fefc98f6e9e97e8b

SHA512
ff59f8eaacf725fae5c55a7be92125c73d573b51baadde86a1da28166738351ca9481a0d78edb32f6376f38e4dd421e450a1c8926e6a7ca7f168eb58e6104aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
92KB

MD5
d193c2001630ec68065294e909095189

SHA1
c21c19ca39a53126c460ff40eed5fc4bb49f2354

SHA256
08e54cef24f25921fa33b08b0c1800ec19c1597cc69ebfaea9c29459f4b95a9f

SHA512
bd4890183bb90aa658f665c7300bd5a27170b6f2f8cfd99a8dff0c628fc14630071a2a7b9bcdb634545ff15fc3e2c868567b5245ea5a8c30e6d15f0da9126ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
28KB

MD5
2ebb196a60db2526f25368d00dbf9359

SHA1
f2797ebf4cebb472e344564fb9fd8a500a67bfbd

SHA256
b15fc74d33cf6f189be582adc15af1a05b2362441cc006ec0c47a373bb3c1f09

SHA512
bc378773eec8e41bea5b4fcacc4b9d67cf5c3161b2195eb27c6a56abf2206bc7c73349904d5f8c8ccb4326549223398cccbe4237999e690de54d45152bc1fa56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
81KB

MD5
0704d3ed5e8622d923a18879de631703

SHA1
a38ad51b27f2dd5a48d89f811832848c337955a3

SHA256
569b1b186b8fde79ab83b334b8fb27b137bf1b9470c39b514ce1ef5dc97a06fa

SHA512
7f4815e0264c461bef6be5751d63370bcf6fbc48ff24f81c507cc898b3a85b920ba7cb6cce998a74102dd74c6550e1cbf20714d28584faf36ea4a0ffde8bff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
69KB

MD5
7855875b010f94bf392fff4f83fdf11e

SHA1
f7238d30df67fcfba1406fd88fafebea9b061401

SHA256
53861bb9c66da9471156c4144b0e203e31a66fbf6e3052d7e040953e0dea5f42

SHA512
f44582676c3a807c6a63f621f736edabd8dafff5f74282a3a4c898f844ea5b3c8180ab73c983d638351b45c6984083069102f077c788d6d66a20f89ec42d563e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
134KB

MD5
648e02cd6df24a06ef444334f207a84e

SHA1
bd35547db2683381e10f5866e56d38328cc23fb3

SHA256
2979d1d47925d7af0591b46e946f4a1276c0fc2d190d01f6010bea51c5af7fdd

SHA512
d66609e79b03636d0922741262fa41e5895cfb89cc7728efce9699c3f79f4a51e0a07624b54e2f7377db48c004a7bfbb5cb95557975cdd3b972c0923f1b14c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
29KB

MD5
d453eca18d366c4054d2efd57717cf9d

SHA1
c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

SHA256
be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

SHA512
a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
119KB

MD5
e41a5fb6d89fbd63e61107c163f29795

SHA1
96455f3f88fcd1ea974670f68006d581577af426

SHA256
1bdb5f94bab6fa3f47e02783bbe0466fad3328177b8293b46796f57c33fafec4

SHA512
1ddd529f9124a7b8536b23c87dc9f87f08a45f25ee579394d5159f6d9262c1b1f3a92fa5174db23e4164f9e547e0911f2c6fa69955c11a36b705a691a4029ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
26KB

MD5
191cd87d59bcfbb734fca7bb92bbc245

SHA1
30514c4b000361fe9319ebbb84d5cf93b9b0a82f

SHA256
cf07e157a37761abad2d2ccf9385f5023fca4dad5a3594c6832274a1b5823c9b

SHA512
a72b2bfe8e6ba1fb307f4d89c1a38070261d315d36f12726c22b77fa90171fb28d6f62b112dcaad521aa09e89990ff810c363fa79e2e75b48329ddded879dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
254KB

MD5
e3b7d39be5e821b59636d0fe7c2944cc

SHA1
00479a97e415e9b6a5dfb5d04f5d9244bc8fbe88

SHA256
389a7d395492c2da6f8abf5a8a7c49c3482f7844f77fe681808c71e961bcae97

SHA512
8f977c60658063051968049245512b6aea68dd89005d0eefde26e4b2757210e9e95aabcef9aee173f57614b52cfbac924d36516b7bc7d3a5cc67daae4dee3ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096e79d249016346_0

Filesize
51KB

MD5
6d8e775dcc9f4dc6cd346202d17cec32

SHA1
03119580247d73e1846a2c247f75998c74e04ec3

SHA256
985a99ffe0b212de3c4faea7d7db7296c7501fd3fa04091a41a6c2b3e405c805

SHA512
4188e032484ce3d6f5f18934d47b400fe03de105fa9804181074993827b1106b86707a0b4b82f79b5dbdcaa0bd18c8870615b9cb492711c68b0ac90597abe8a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4422459066267262_0

Filesize
31KB

MD5
63d7c088fc922ab7ee1b9a8130c819de

SHA1
e411d0f9bd610998ede30c8579326eb60a1b1208

SHA256
afcf318b9c333e08c9d1851287b0ed51f6da4ac7dcd15526c7d14d4765249158

SHA512
ca10520d3ac0f4fe235a8deff7e590277051ed559e4bc43826b3a0b941806a07e8d72256fabc6ba680c5e7747e55f4d0a5d573a8ac48c4a482b623fb4d861937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58c7015dac2b26a5_0

Filesize
3KB

MD5
2ea06db0ab0a893dab923bdd733d9cf9

SHA1
7688eb38cd3ba013457f2e255daeb79c7ebf5ee8

SHA256
97906384dd2453218454026a174a6597188ab151bed6e8d7faf8d31c0446fbd8

SHA512
d1a95d74bfdea06cdbe49fe23cc336f7119a024d15183471afd4de49cc60ef9bf5b3c173262536f0ad98dae041db2d75880b0d30362dfaa2785d813d8162f662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\97c9c5aee3e0ba76_0

Filesize
204KB

MD5
db6f2c99fa646c2d2d00272fde0243b2

SHA1
844fdef87006dca8f5ee886573ee143489861717

SHA256
77a1fa4ec4cd61cfce09f7a52d9169b88c3353e031d8011eadbbd7dda2d5df92

SHA512
536474f0671f7ade54c471f3e73f6141b372189cf05c16ab80154964e2aa1a95e67dac098f88fd3bd1bcb6705df5cc3f5439568ec648192543bdeaa3dd29adfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e3e48f509835f8e_0

Filesize
1KB

MD5
b34dfb67d52836775ccb8e391f811c96

SHA1
e614a58420f4cd96e25ac5f980602c91d600777f

SHA256
4be821e51a6806a674be52f9cc76c43576ac009de770281368f08e1842133d35

SHA512
29cc95645a67f7a025517de5d5f2bbe1ea33e737d707de1ffb65c981d0435098401f23ebf5fb7f5e0e1487d6cb52f79c4083fd8db2ba84efe02d611997005118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8acdc6ed8c6be73_0

Filesize
62KB

MD5
7ea8ba73031719da9c3efa1a015e9f85

SHA1
c8697bc4641096fb429042eab051f3863af26281

SHA256
52067b1804e0b51752126326415b0286a23a3537f7e863461ee52af733302828

SHA512
2150f590d8e0b0b9b029318cb7ff7d0463a39456bc03571d53c47872c98f9442b2147ef0d064a1664acd9a0b252a62f290d41d5d9928fb40d6a64d04938c1d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2ae16bd8687cc24_0

Filesize
268B

MD5
6b9b5464cb97f39484d3aa582a4a86e2

SHA1
425b3dfebe89e05f0ef5f9ce45b2635da6031169

SHA256
ac84cddd9fd344e537acac5f54ee0887cd1e577174e86443729d4526a524845f

SHA512
f29f471bd61526db2f313ef415de52f50a38e17f4cedd9c585c523f6d9417df028484dbb315060de8f41937d78782634443ff98204588b62ef1a27737bf217c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
2f97824fde44db269b43a80fe6abc080

SHA1
2766a635db263a189a1f0f0098903a44a438a708

SHA256
4af2be1827aebabb92fa03316bf4c32f3dd84923bdff02a14d14cde0d949068a

SHA512
f9f5293c2227809f4a86d1669b2de1e928cbb731b5bf14dfbaea59ee5bd156707eed93778c3a773d993908356951a06564b21aad09c4d88de481e2db657f5e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
1bb39848ceda16f43585aeeeb9a05b1d

SHA1
646db81c2e0db686c9f44407585e73dca464a231

SHA256
c28c5fee04afb492d533084506f08442d657495efc7695d6d9325444c7b34ade

SHA512
00b2a73877835590ff8860e3ef373e6f8117c4f0ade1a49f6175c5420633450723d78d1681150918937979897ec8d18d25a5d44c6273db636009cb485a50f7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
4a0237c83b387ff560f9439dc37af792

SHA1
5ae8627d39299ae1f876bfd0b38c4d6950348bdf

SHA256
4a3dbd08f088afe0748d3b09374d9308bef37e9002b3a8e813b72f500d257590

SHA512
635d4274e9f5741d9c9de46542c615d3c9972b26f8e35514516655db55b1699560bada1d3dc469b00188f8ddf235c477eb3e0088beabbce7dc9bd846b29e48c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
d7f6e2fc7199a49016162e0c37aad087

SHA1
9000c097e5f202dca3a83947c3f060d8c3464c1c

SHA256
acbb98f6f68408b9d29e7991bc8bd127975c75d501ed91903c079001a7f510fd

SHA512
ae350a6041099be633d97df3d75ea5b5e6aea3c96e727c49939820ffddd181598c1bf0aff9621e4123ae66eda178ba4c42fe92a738e3914c36d8f8a40c6755d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_kapicik.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d19b8ed925ece6eeeef2d2b075e19279

SHA1
d4ad856f1a753ee1178adbd80ba3f11f390a4dd1

SHA256
e8f6ad292e645f76ee0b5df1e1769b0c7495a05db30e9fe22f5f03770f0a2177

SHA512
cb8e89ec9c138616da24d41dc03fa5e3ee26850dc56dadb34a01596d0a932ebdfd0996a73cb616c7775622896db4e33dca859f9bb44086b2bab23e1ff4b38b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
387ea3b835821b5e42bc38e0bf70f8e3

SHA1
6abb024366b826878f395fd4bc5058477d269e76

SHA256
f83645d00bf81389046cd6cc956e6018db4e0046fa4d4421f01debe6d4fc8d89

SHA512
bb2e48717720bc9400efac187ea0fbeb15c8855abdddc122fa7b6bef4f34f02549f6abd01493de9423224354ccbe32f13e8eadb4d9ba10fe54e2531b4afdad40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
9cba2f29a6d00b88c369dd8531df9216

SHA1
8108895b7f94f349e9d9550868ff85ab49680aa9

SHA256
371b7bf1145382e9575bb919d79784bc311ebfc7395a21517b8567149a7165ab

SHA512
b82d3cb0febc42902cfface37fc8bc970d656b27e3310abff0d2ab1b84405714ed3fb637052030ef842e8b95a531a9ff9433cd4a0deb169e8739b85ff75204de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
ae0452b7c4c104339bac39bd55aa6930

SHA1
2799478487714018320e35fda9b14389fde22631

SHA256
02a8a0f1e53e530054515e9ceb35728d223fe54704760345b13f8f970d8b48ed

SHA512
5f6e533793d891a40180a84963efb59258c99cc1d3dfa89c7e7f520b031f732bd10ea4b5f0d0f8ac1f38a15459deeb605b6d149790554f61c5a6cff451e485c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
63ad383cfdcd44a8f9983806f7183c80

SHA1
69bc5d7660e9c437c61926308dbc4f73d3e968e9

SHA256
0db1497ba1f65ec0679e4b732d2511def1dd48467417343d6706e47c54a0bb3f

SHA512
ee6477c3be4f684486cf753a9c20054d171272585d8756b5209bb475a5ba4658dbe89c165207604c9973362d4faef9386b77e94600bc4f2b7208e50ad3b9edaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
298B

MD5
ab8d8ddc8a1cdb4aadc7c605803a4a4e

SHA1
1c8c011fdc1ec1d500ae0fdb899754687c85b7f6

SHA256
2462c5112850970c82e162d67ec9551b1fa39969446606d794ad9d42c67c3ea5

SHA512
8b86cbf78f8fb29be6ac33a4e118985d9ec5afac5a34d65555f455c91d46e79b4886c46c83d9945003f13da0c70fc03f2affcfd481a1755b5bac5b3d268261c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
feb4bb8c245c160346f6d4dde8f0c707

SHA1
1ee361faacd6ced62aa65e7fedde60faa0f9e8fb

SHA256
4b4784098907422b29e36167ee1021bc307745e46b7bce24679d6c29a2cbfd03

SHA512
3d9d0b812b0e983ccb3e1bf9dd547444383de003b6a362dda3a25b4d5003a7fe5b92268f115a6dea4dbdf3d022a93082c3ecdb8e9f92c3257e1bfc21f408a0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
abd30a83c7f19b7e2350891d16e1ad74

SHA1
4d981e334ddae7faa0bce0b19f5543cead019232

SHA256
455766c9fbcf7080fa3bd26f46624b4a0083495fe98b3fcaa6fdd2e8cb9746d6

SHA512
0146c9def5234afb551028ae1a32f7baaa433c4c45ca3f1c14aa83d49aaf5ad72210c21705b3cf60f059638807a2da82bd9d122722bb087c1f3a36e4f7e2ff04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
993efff9c6236a510a90acddb045a914

SHA1
48920c360b15fc9d7c25aa02ecb0be6f1872cf57

SHA256
a270484cfa41fbedc9a9cc64e6c84583fbf51bd60c1fcdfabd6f4ed31a499e7f

SHA512
9d665b14b38e213bfc1cd27ca7332321d83fc103635c661f7ac0836bedca29821e9079c8b10179fef930aa515266b34fe7c254fb22f6778b655363541b75dd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b25efb8467caeab64ec6719fed6c6510

SHA1
926ab0cf9681a2bfe62847a526883343b68ed1f8

SHA256
ba6ef915a7c4055b75efdb1e42f875f280597dfcd0313cc1daf49884bf1231ff

SHA512
c4c8df6c6fd77cb01efc52d2b5470b9a82c12352294ba7cc10fda899ecead17b7a76323182090ea86530cd346a755f0a53d12e4836e52f4678459c888f985f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64d5281ab9b990048d8831b7a4c8fa9a

SHA1
add943b59d96c6bd3b5bfb2557987bd91a0ec59e

SHA256
b0d69f5d572cfa9c7133906f34b03afd1dc465c9c19823e5c42dd48f1fd5b04e

SHA512
076d779cd714fb374cb3486a1a7e021b16b16ed9548d4b5c4b8659ab81319aa5ac87b8118d466feb006b8a60e4b1e53d6150c761cf68601db8274ac3942385fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
36ed5c69714e28765d0d134214c482dc

SHA1
fa9fb88cc80fdfd107b7fdac500dab25f162da92

SHA256
5eeda717a0e436d1842a27d15c84dd1431d5555e170830c3edca819ba81e7343

SHA512
60f28c40ad74e6b148b7985b0282dbd32bff0a35238f94e7f868f92809390c1bdab1e3fb7aa39a963389b1ae3a05322290e417e32d74d88328faf3d818f1789a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
40cf76c3ce42f43ce7f34041bd637aa9

SHA1
956ab715ba283666b67ade112302b111d211a2c2

SHA256
53a201514efd0cb6637a5174023b36e54ad4e5af1335789e59ae58a7369ec592

SHA512
ff7ccadad443b4e05d87af19814a0c4615403e3379c5f965bbdcf785ca0318dd56361caf52225551c41555c29ee360d2d49a4896b0320dba7943ca36a6897b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
569000ff6d512a7add3399d99de77698

SHA1
cf3bf10cb2352b17151d4d9ab7ee9f930db89912

SHA256
c3abc98da66a70cda9970ef6921f97c83b12c38e9f6f18f8d4a6ead7dc047404

SHA512
1c1216aacfe52bf6f8fa6944571749e0c6d7418e3467145bb7b01843b2fe8a07126b22a9c0900a8e11adbf4fe7e303aed79d33ab135dbb8a274b85c1c0a16879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e59a9e43e3e51f502200499706db74ec

SHA1
33af8894faac4d0b9d4cd27e92f463daf8a34f95

SHA256
e3754f03a9cdb58f4606112b8d047ad7c2f867be06830532a851b44647070121

SHA512
a93cc0be5cad6da9566267107a53149c7954eb9ccc15767f385dc20ecadb1c7e0e890e1f612b901f9dd2c7e441b2e804df1c8b754e1d8b972a5ad2e2c6010a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
60e5db68439c3f22a9b9ebfad37f7c21

SHA1
993a5e75f7397ec8a6a03eba5e81daeefa3a5a93

SHA256
7b72bdc9926c97b394142514e33747a767b7bc1200122a7796fbd4a61ca6236e

SHA512
d556cfa4e1d21d0c90782a135f92b5f3afe94a6908f1b29a2956a4ca7ea1288c7c74f0da22fbffb47362c6ccee07094181d892be5d09011bd229c4a5fbcfa085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8bb39bf29e01b3322d371b422c279b2c

SHA1
e55a7a08d1ea2b81c37592b3fbbf82b12303c3d6

SHA256
5478f3eb0b50a24d361ccd7f5c1f927e999f4e9047170d86dd4388e0bfb6cf6f

SHA512
af95cb30d0851b4aaac3296c574294a9028fc4803792147bdaf3e52e056efc58e1e52cc68e97db4a0be4170be7092d294bafb5ed577e220dd773ec4ddee09def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b15b97521ae7987744d09999473da9df

SHA1
3fe276495b7f323fbd08fa8c09c3f57ac584d9da

SHA256
9b19bb217123efb980f13f596b2060927ef6a18ddcd80e602019e34572aaca97

SHA512
749d7c9e1e97e0c9d90ef85e0de852c1f0ad191d5a7c0e9a44503ad718837296c68598082386d604e889545724f1b1c896babfbca634595fdedc575f9ceadb10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
bc494add364803cd9f1df1caaf52afcb

SHA1
a7358c441abb26ad913e38bb635d5dc92b994945

SHA256
312600128f71b5f99205dfa3c038a2565fc9e3657877b58b8b638ce50ee0b844

SHA512
c45a521e46436a401e2cc7d856e34b4ba81012afded57cc350cc8fa2c98d6a86b2ecf2038122d8dc0c86fb4a8bc0303aeede6210f79a3836f03100aa2b9f9aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2256a2410a30c7b85440408c8149d6fc

SHA1
ec0ece4fe87e8e28ac08dedd279bd1a29436a604

SHA256
75312016ed41434d06630272611ae5775a07b8e92f4d096004ea169dbfb08d44

SHA512
55541afe9ade4765712c11c7f1e5f0371dfb77e05b6128175e3d40d9917b8f01adf4dd32ce8b6ad9cf2e4a34c545e830f24211a8752647df84d10a389b32ccef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
ba6ed2cc2279f4f93c711374b09a09db

SHA1
c8ab4bb74004e7d42c3c177dddfe43381eb2f1ed

SHA256
80de08fe53dc6c850a5201a81348e2a33adfa286270d7985bf8203f7aefd9f09

SHA512
16cab189ba9296e32f7b623b3359c273daca3a8717cbe369f77681b205ca30c528b7735f67725c2ac1a0dfafd3b3827b6bf100df3c6f33762ddc4e1be9811727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
4816d6e6f6b76abc2deeb51e0e3bdcfd

SHA1
03f9f8990de52d9cd5a0fdcd414dbdbca03d265e

SHA256
27b94f39cc5677c6138c67900c4912b29f4c670d29832a2ceb99eb9e1175949f

SHA512
6185c13aa3a197190fa461b16cbcba5a243281e811676787343c21eab59e87133c3cdc34964acac72c840e4431155ced1028686688de33963aa42a310346eb33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
9f1e901dee990a3c786d454a55845033

SHA1
dcaa89b7af0a263ff7ad947f8e319164b43cfd23

SHA256
6138b02ac8462b4835593f6dbaed17dede3ae7acec5db467aba1e37fc47a5036

SHA512
7748623f1400c60f71dd8774aa254ed25786b9c622a493d74df8f8ddb0c94f1d84f0775ba4fccca3285f676166a0cadecffc9d6802e1f0bbd9be3a759fbcc4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fdfe7dd4b530898167244a127625a997

SHA1
76520b83ed82c2dc5981fef69ba313bc4e4a1dbe

SHA256
2c0e31777473f3afd72aee024d3f5f71966a7fb2cbb2d61aa230a5b603198347

SHA512
187dd7ecd3ee9f4f537c7e015ef3a5785b9b5034cf95ca6f5cb2d4fbc57c7ddf96725e11ce263d1a03ee7ee2f324726c73b26b79f66350fc1e80c6d5b43b1df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
11c000752cff37a410fa16322e408058

SHA1
f73a5f87f91e84b047d7159d506e74fc986f74e6

SHA256
9d24dc7a437c4b4d9219cf186cadb916e479f52aa85506e4c4b88fd50df6108d

SHA512
59bcd365f7339954773cef733b85d7212df546f4393437bd8cbba4b891add219b86c10cfeb56c79ee9e67acdc2f8c3b8770b5dbe1bbd63533ce1ea296a5b3fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c8e6c.TMP

Filesize
48B

MD5
9cacf582093321a9ec1cfff65e805fc5

SHA1
5ab06b3f6d1b22f3311aa3711544462398765661

SHA256
4d0be520e8c3b86154b94a6b73f7a8074385c59bd2063fade711e4b84a38bdf9

SHA512
aa1aef0fe7227204009ccb2414002b6c297930f91552554173fea165f26f47cc653dd726f0ec41652e47a5d53d0a5aa676746deb773f05a10b1b39b38f77d70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
b674ce3aadf677d2bbeb83dd5ce68803

SHA1
9d7d07f04c9e47f5023fe1e6536b0f03f00187f3

SHA256
7764c7d8de43d4a01d1420a926ce99e77cc542f607d773ee92485ca514b253a5

SHA512
c68d7bff6aec6c85199e7f62c8d854f2db22d2dc68de0f5712604c1323fbdc1cf9779ecd39234c7f06f701632b26edd11b585879aad9935adcbe1d298c1c4b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353099428060376

Filesize
1KB

MD5
848de6629ed2d6ff20e6da35b4afd798

SHA1
b6de1945ae6203a486b5fda819211923b09571fa

SHA256
f57d0e995025a3d6ed26a673ce73828bf602efd710741e626b8d91241f02296f

SHA512
1eb707ad867612e156c15af5a2a37da92e5c8d9d9b75e1d70dac127b3a25c5b58d9f0f96ae03cf8faddd5e8f8f288e1a5395df1e8feeff97c16fa407988e8e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353099428255376

Filesize
1KB

MD5
0df97d17abc8bfbc0f4fbd52c0643ee7

SHA1
68e44d1e8efe9f6f8ee416d59ec31c13117d4791

SHA256
8b7afe52604a8cbe8eea1995f0268d04b21e819ac44d5bb62153d228213292a0

SHA512
f00dbe099744a8bf648e948a860c960ce09084712948f2833258c11a21ad341be12aca0e2de6ebf326e8ddced5657f87ff1f41eca064aff91976bb7de47ddf12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3e796b32b8355e95bd78a276e95d7c0b

SHA1
823927b7ec64d471ae8d0832d0eebe392be1ccc3

SHA256
ab59bed1d07be951f519f179d3964f78ccf10a8de1d461e68d8fb60c936fd4b9

SHA512
ef52a653c4cf36eecebf0f1f46db4dfcc8f05b5a0cf2aaf571b306254809d90e13d3126f1a96340c80fa15f4a1d59e2ab3449fb54fcf6ea57cdfa75359a632ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5af6996c64ed3cb0a0c4bbd1b278836a

SHA1
9daa2169f4a70c182a5e8f06b6e9f9eb2c1c86b8

SHA256
10dc13c19db0fd2e74e25964bd6010aa05a5b80fa529d7405e92ea85a15fb2f9

SHA512
32c1f20f76be661fba6f7a751387146d3b459f5d3bd0e99f9631bc8fd38259e87faaefab6603e20752010406c42bf4cc16913d0a4e45fc23b06aa75498eb80d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
cfae26863d6ccecd431c80e5d2e4b42c

SHA1
12545cd6f6407cc8749e8b03a8f38f2e9ac1f05a

SHA256
3f515c65ac31f5b0c7cb2f16ad87531aa1bdce73119a3d20af422cd716a3f23d

SHA512
ed96326d1c3051ac4aff7754873f138398410b7a3c274085f654f61564dc51de8a09d2630d889ff5463986466cf829e47da59fac970c8d3a5ddc15c28d990249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
e1bede470f84a44c4d3e00daddef44dc

SHA1
c371e22d5c757ac671e021267b392a98ac3656c9

SHA256
dee51175b695974cbac7592bb28d0c6d2c8e089e84d40aadb98e8ecaaa0d5fc5

SHA512
f16efae2c8bb2d7ec3894365e3372e874b9ee37352e9066801bd71a2bc4fad0a79e0d00ee8392fe4006db367d4d622580b8a464daccd14577b3abfdc4712060f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
925690505e0ff43e57ca4ce2fb1b8bf6

SHA1
bc99d0168ba7e466afe6b6944fd7f26494ebac4f

SHA256
2a49ba565e93c5dda992c04b6d9954fd679920f806e94aa3f39c53eeeed4c047

SHA512
2b82f46c90693a0958e990db03a4398ad02483568c751cd5d5a4729b253ebe5440069fc81c14b9c088e38384b54ac881163d57da61530dd6824a47f60cc31ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
dd4676f7e73cbe19062d89cb452ef87b

SHA1
7387652ca5d2b62474e898dd638c4d44e0cc5b3f

SHA256
f01153a4458277439032826646e9054e6da712cc28faf2d435a02f0ac3292473

SHA512
1e6fc86d8ac7a8a2f98aaf38e1eb1ee469e23aba580eee218f4f5ae3de45b27a6c790b1d4cac87ac346fb8af45dd37569fcdb631c38ab4e8945cb5d789927268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
053d7543cd5e46942e8addff5438b817

SHA1
d57f8752eae907d549e65aef5b66f09480439954

SHA256
0aed5d5d167084a4ba4c4b4ba3ab678e4d173a0d2d69cbe35046ca3a3378dcc3

SHA512
a2569b4cf12b697835f4aa3068beb9ee92a3d6a7eaf6bf93f31fb9b4757355c5cbe4b2dd19a21105487f786316ed55e4aa9de4d7efdbb923db4b5f123231694f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a9dc4ecade30d23c69c6bd83ff94b0d9

SHA1
d9134596e214ab6974c630ea49204f164c74e1e4

SHA256
3987694ab1e83e89b8774e15d2de68528fe9d4a3ef294e095b99923a09de2b8c

SHA512
a810d31e33b1d874f130ecaa9e98cbd50bfa838d63c295c88e1b87bbe6a0d689a620cbccd1f7b932a61f768a4fd34a17ed33517f45df1dec80beed0d4d52f60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
61842f92478c7c7af93ccc03f64a54af

SHA1
246e9097837989a3f7211cb041e7cdf02abf97bb

SHA256
f4e0022759cc1a74517b207b087be31a1db0c0d148008859dca73e26a729a06b

SHA512
9ed4fe615d9eb7d2806ff5f65f87bdf4f59b2f23f7720f1bc0df1194e3580a1061fa1c162021976e2fb5c1bfd420a3e797d7a7e679cecae35034f62cd8a9de3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fd7bb47199f5f63d193d41793ce5fcff

SHA1
d4046597f6ea570230a254a930ca6c1719e2a611

SHA256
43c9b209be7f102f075bb402ef7cdbf383f99b1e38d0a72c4d7ded8967d02b72

SHA512
101b507cc31dd63c52e7cf913bb0bdfc19c98419f04e601c5befcb5dc3c94f48102f5e5dea057b7312bc7fa32482e1d0c0f775bac8626d7b86a3afb31a709610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
45996429cd57607d0b43ec1d3c413292

SHA1
70ad966f5c595ea5f516e4769b4583ad6704a252

SHA256
3c7b25f100dae21313565d6a990863b58c55df3c6d6dac1071d2d01eec20a681

SHA512
31e03219d4aeba6031e95797bdc3a322783d224a14282bef2ad875d7f4c5077c57d2d1c1bad8f8d9d4583305a308e30ce434b115a2e997fc75e7622de3a2e9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
fa56ad62db86fca8512437c0d8bb7164

SHA1
69155012581a94ac4e18acf974e5d2e02cfcfa32

SHA256
4f7b473c744a160cbb7b4bdd1f02b77d74bed0022c9533507e86cbdfe7bb05b7

SHA512
69ca8793864a33be5a19d81d041206b86c8fb21a73d69e8d6f8451fe7c6b9f33660714ea0c1475140136a53621118bfd3bf5bca18dce4f6cc0bea686fc8385e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9009a2498c865f8959c6f29bdafd53d7

SHA1
a4148225a1355a8cab8a847a7f5cff4988c7cf4c

SHA256
7602d01db40247821e9c46c3014ce3f2c353c9b0b64a621417085f8400d6d496

SHA512
b5a9a08b5ff6ac45eb9c6d39d3e2621f8167e8aa4d961833543826f47dabc31014f154e86272613b6a381733eb0622cff654c4da91de2a2ab7c1f861475f785c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
12b325e80a2c754b543d2098092e3efe

SHA1
4f066c82737a92a0b3734237d6fd721d1d71be3a

SHA256
05674c20922e195f61b185014963f2f04ced5a138cc79edac059656ed2cf8284

SHA512
6516e023f19cc71460dfb7c1c7e067a3837323b4734f6b7ef0d4971558bd4d356398617501986b4e207f65bcbde1d84926462e30d453e964474318267d3d5505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
cbe0d86c5b89a5f5b86d867eddba1823

SHA1
7b06fb38598e7487b605692ffacbbafc2afcbf45

SHA256
85b7cddce482194072ee63f11d16b48f8bd994411f2d01ed24366d1a81747d3f

SHA512
596c1e32e3161d78fd79d3c195c9fed540f9536db3ced0ff84ee9fa8167cab683fe93f6d0a4053c5542c8811a25d6e8950261745c048d066f7a1880b7ad31075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
7927e55a8234a956c2edce29c860cfd1

SHA1
27d021c49d775ee31b9230ba2dc1c733dd3e5d3e

SHA256
aca8ac592d6224a73e484c3270d661179feea3b86b426844f54bf8569eb41bdd

SHA512
9637857435f17d9b30d996d864cd1133bc047f46bee0387ce0e22461ea20b1d7375b7e3cba18f55a80988293bce4c44661458b341d7957fef900ed8577a52bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a4bb0.TMP

Filesize
867B

MD5
dbae422454f0a5c03b7b9ededa86a251

SHA1
de2dd0306e869287482252ccf5b05b6f568036c6

SHA256
921c4844b89e166dc7ae544ab590f44fc07dd8f580983940f310e65b1909d89c

SHA512
535a5773b0ae78c11754e40bb605231b6834be97b1052df96384949599c36a28703475db2b5d0e77d9c6d3cbed38e5ad5ed88e14bcc7b5cbe8909f91d6e83e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c97dd7c9-7722-4c8f-a86c-d2ca1f2041c5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
1abc700b438b07e8b3e83b81fc91f53a

SHA1
c6628693acb1274eb41e0deda27d14efd1777fa9

SHA256
5abf1a2ff78df559402289c0b6e67abc736bec9ddb8cc240eb3d4adf4cf0259a

SHA512
3ddac70b3167c1808956c822dabf5d951200ca42b2429678dc1b2ba3ab8b13491561343885f03df3c06f9dd916033f128e0da3772b66171ccb205e5cf26aa5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
d33d1510f984f5f4b0dd38cfc74c9ff2

SHA1
d09c43ff36022f00db81b1a38870ab5a5125a413

SHA256
5f173879f112c84c7b1731d54751a3d3c809a8b744446ba9117cb0a075a6eee7

SHA512
c4e5faa2bf72b6bf6240f5cb5c4078ae5b22307c461004b30e5c1cbf6f60d22bc0889d2d2e2d3c8037723b2f9f56e68e5d40485629eb7a72d365a6d4e2909fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
23ff3de6718e3068a962b326b5af2c80

SHA1
c727440023bde453440c747c21fdba804e766361

SHA256
23a62f0f8f5468f691d9c5705a479f9992d1c712eb048b7aca5310f5580f51ee

SHA512
5df625cf47854a1f853a3190f49d4547494be3cb72a9ae39243c91b4a921857ff18210780d010b4dbc08a68539055dd3e03f51cad92a783f117be18262546ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
cd881aec327eb6e92cdc662177ab53e0

SHA1
76ef4e295a177e07d66c153d33b93588e9a3d45d

SHA256
d44b7670d28ce39b992e0266dc065d1a4d862010896feccd721ec763df5c03c8

SHA512
111504f3e783dcce0a2a0718752438a8ce820d8b32be68f093a1c8b838f0aefec139498492cb09a406bffbfa4ce668b8e36a1cf02a04c970fb4b4106503630f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
b2e7ea241b49f2bb64fe4b595ede6a5d

SHA1
9fe621be0ed1052409a8dd3b9386f9c70fc81ccf

SHA256
1c7709d4c50a86988cd236ffc82d47ee416f16eaa50d5464d05523a0a4bbabf4

SHA512
c97033015494227bead456550394ec34dd7b8129a9fc47340aeef2e422925db09cdc9bf3043a0b129f8c9971576a7dc641154475308d20063db3868f6c309bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3014d579eb24198531d54bda17edef6b

SHA1
b6de9d4880952cb3c06f87343211bac1b46318cb

SHA256
2ab87489f1c0a6d08abea8ff724935230dd174033e7c015297e2d3a6aa76949e

SHA512
7268788177878084287366e323d7d0f2152c4c166ffc37ca271af821083cef7907550654cbd77d3f2babaec09da0f4c67c49bbb574cffef36c31ab9783fb0a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a3254dbd57f370b96208d18d390b51eb

SHA1
0351a38f7b8cda6fb275a046c682da1324143877

SHA256
4d4da8cb23e5949c3a0c6724e3b2239378fec2dd51a2c4b198d0b0e83da8ee18

SHA512
6a379dfba1fb9f5c28ebb0e5a34afcb802e1b6aff26918bffa349b34b0cfb8900438676550f9a9d22c2645ae1ed7bd520131e03ebe6d9ff3510d67060d50508f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fdc9315d2940c6de9c4d1b7ed439aac3

SHA1
a9b1e1c802c15a88cd25471246bdab3cfadbfb37

SHA256
8d93860b0102a517d0fc3010ab66b69ecb45fea65a407eecaa8db0b2141eb5c5

SHA512
44700a9687b9b1b3d9c0a7653f72d4ec49305139b675770513d2408ee3cc1526bb926e47ae357def77f2a0fd026d0a078b4a64fad5b927e611ab3cb7a7159149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7802c73e26d8422c99e1e070ddebf2ed

SHA1
65fbea9b7e500e73cfbb62a599e0065d49134cb6

SHA256
b667661e102fc3ea667afbc1b76864ad62934b7ef24955cc6d34fea9989c37b4

SHA512
4580cce1ac4d512c3086aa7ef0eef9aa7975604b2e28faa9590072c0980e63a08886c39a9fb1f2e18ab4d453cfd0a09308c1fb825827862d58994783f16cc33d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3a37a96cccfe73f52aa7ee9f21b8df29

SHA1
ccb52344360aa0ffed556fe719ea12d66245b0b9

SHA256
fc042fe55402cf07d20ccf9f7a3290c84d294ccf0d1597ebed5e4ef2f59c9850

SHA512
6e63864948860d658cef3aa7f86525b2a7fb55941dae6617d237a62babae89212f367a67260f65a34db8e430b48fd4e63bd355749e212beb576bb1c472df9afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
6cad92cb1bb42d1284873fc09725e732

SHA1
28866a9fbcb3e7d712014bb67b32d96a5891efda

SHA256
39e48953208eccaee9a0186ab45861bd8416c5d86fab4581035445c681a9ec68

SHA512
1d616ad9439ea20538148a9183ff7120f69f0ad43bafbecba77fdbc4fd4a09b4fc2db38a12c46a92a6788652240f243f838c78493acbd71d9f0db0c1cbfa7ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
73684da7fcd6e64e4e56cdf4b3c932ae

SHA1
a5709400785b3fd9bc6b59ae07416f8af0fb7710

SHA256
2490b3229185b46b8898277fb6af4b81aeae5eb782a1ab5aa0a6e009dac67a7a

SHA512
af33c03e1ff8706f25647f235ee3edc1ac12d7fb1a5d5fcee5e3644b7df4d7499f0df549805217abfad60925072092edb10ed80d1b44f494b3a4912fd69a44d4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\INetCache\container.dat

Filesize
118B

MD5
599d2221077afda1e1870b652eb421de

SHA1
1549b8a3bf75603c3633be0f455d67310f87e149

SHA256
c58406aef48ad0f2b629bb64ad7c5ea8613020d359f57c332d787b79169bfaf5

SHA512
4ccb620fbb58ac8ace5f48c9eaa3efd4aa8db230046c8f5eae4ed193c3290b48845e825383030e2eb6cb5329fccc0a0d035bd3a32d5687b2f2828388d3fd32fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fcc1cbf4-ca28-47da-b5f6-cc7cb021057c}\0.1.filtertrie.intermediate.txt

Filesize
1KB

MD5
1823ae32c5da60622fdbc2c23ed81589

SHA1
09207873cf89f7e356f94ca5deb983fe9cd836e0

SHA256
fcaca33412a8c4a6b82cb91f78a8c39c48a0b092c9303a0d893be226cbe4e250

SHA512
462f60f2c2d1ed7bb1fc422280ceed8eea805e11361270cbbca12e4a0ca9916598a44e8458c3456aa7c6a3e9724f81b47e587ca93fb3037149269d867f8e2dbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{fcc1cbf4-ca28-47da-b5f6-cc7cb021057c}\0.2.filtertrie.intermediate.txt

Filesize
1KB

MD5
5dfaa4ee136608c83a011eecf667cb57

SHA1
28379a12596d67f22d95c2a5232d0ce4b5045c5c

SHA256
75e74c5f04858f3a33e30671c091e7d5ebdbe6073ee68d305869de21c63c5ec6

SHA512
f014feee9afa6678ccd6c8ff03edab1b4a745856fae28fc85314755389f184117f3b3f66d7a7fd7eef4c2315bb607ac0a097befd6a74ab3d333f28d0594b505b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529865894975116.txt

Filesize
78KB

MD5
7ee9503069d39c4cf63b4c0bd401d9d0

SHA1
991fe20859516e8247fcbe38346fe4a5181c599f

SHA256
fb47e3e16f9adac3d94704b32e8fdb387b60a996a142b9720a97962562679ed3

SHA512
b3312780c5f8f51ad466e59dbbf9c9fabd4d52b1666c10407d82fc153c9989b03a250de1e517e52c91babaad8e898131d78c620c678577ccdce6dc699c402bf5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529866448377221.txt

Filesize
48KB

MD5
abd9949296344c289b80f40ba6b5435e

SHA1
87e1a1587d2671ab2de66f49c9aa3e1a3b855539

SHA256
400fd4d8e26d4ee769a7a8da90693c32686c3018401147d11d3ccf82ceb21997

SHA512
39cac1a417860ef086ba574d73f42c93cfa1837ec44e0bf51be1dece0ed624048fe59213cb30088f2ee4dea0ef7f47870b6c24c19296566226c73a7fdc0f546b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529872433856188.txt

Filesize
64KB

MD5
3e6c409bb01b574c93278add74ea42c7

SHA1
78f762b4d8277944ddadeeeea74b01964016d965

SHA256
a71c83d52af378ed761b64bfbeca6d3aa1b40b89d410897debc0cf4f3fb8e4fa

SHA512
c3797344b7516ddb19c7299a9461f852d3f026e4c4414cf19f31f3d7749c753b5a53d7caea9103c8c873514286532812bce13376377219f0f91e1f55634829b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133529894176520208.txt

Filesize
75KB

MD5
4260140574cc7b2707356d6dd40b3a5a

SHA1
a79ecc6fd378f19c03af5742bf4223e6c85cf0f7

SHA256
2c41f428a19aa827a63d48010fbb278f4bb1a8b9659d0fbb583b67f2fa029c3c

SHA512
728d3889ccd57f345721802d0f664d29119d705c035b09842e203803a2abcecfda99d067d0c208d505902288564257e9a31aa9c2ef22d505b5b238fd99d17a84

Download Submit
C:\Users\Admin\AppData\Local\Packages\NcsiUwpApp_8wekyb3d8bbwe\Settings\settings.dat

Filesize
8KB

MD5
f1e70e437aafd02774fd1e5045eb8583

SHA1
4ec1135b9b65afcbd780b3ea471fc587e46d0f6c

SHA256
f0f88b0fa6615bdced171bd87dbd1c0c5106065ac500d641a557b3d7c10be3b9

SHA512
6b3353aecbf9b9e9dbb04fb6974dab87f7fb58c7df1b6f406a2f29adc2f72351d6d7218c6712f2983200cebead23d24a5c6d62023b6848c87c9451c3be388d7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
4345aad2526a0bf914e93a96f1a85632

SHA1
afc64a823ae8c6ce48934e703398259e6ced9446

SHA256
b5706b31c571e01c6fbd07484363ce5b18f18c3b52ebe86f980842a184643217

SHA512
38f651e231b0e3fe1dca6d8cce02ab2ba55bc920d5a2e703d2cf032afad23b91b2dea086398e663b39d0b7d5304a9d7314d7f9a7fb13b82634538e66fe080a7d

Download Submit
C:\Users\Admin\AppData\Roaming\{9be2fd9d-1e54-4364-9d03-06af4ce418a6}\icacls.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 540210.crdownload

Filesize
19.6MB

MD5
9ff3c1bed8826e682f965e957f3f00fb

SHA1
75adc6412c9cf75157552de10c921954db293b5d

SHA256
510150633dfb4d5d192c67a3cd61bd6474929a3a64036ffa75bd843be4572d82

SHA512
b98f8318d23117dfa3e8a0c0589b1896018c203dda15f4f09bdf9fc192d7bd3cfd8943b5627a25ca5c9ad02b06c4510b653e8f4f8c47672a949605797d753050

Download Submit
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Filesize
778B

MD5
68f606071dedd2961d7d136ee0ad55f2

SHA1
eb4f937b4f0f81999788c01835d6f016ba85173f

SHA256
df7d205b09d8d08620d9aa0ee053bffb6d31cd5b1abaf6ba81f08f888e4027cc

SHA512
87abe5f682159817e4032271e94454fd65721910bc16194db8eaaef09338b4b560b7c77aad7c41f078c537b82e927c3a5609a993d717ec2ada8664b236525bc0

Download Submit
memory/1628-3034-0x00000000005D0000-0x00000000005EA000-memory.dmp

Filesize
104KB

Download
memory/2040-2762-0x0000000000800000-0x000000000081A000-memory.dmp

Filesize
104KB

Download
memory/2040-2752-0x0000000000800000-0x000000000081A000-memory.dmp

Filesize
104KB

Download
memory/2124-2751-0x00000000006E0000-0x00000000006FA000-memory.dmp

Filesize
104KB

Download
memory/2540-2772-0x0000000000990000-0x00000000009AA000-memory.dmp

Filesize
104KB

Download
memory/2928-2107-0x00000208FE540000-0x00000208FE541000-memory.dmp

Filesize
4KB

Download
memory/2928-2109-0x00000208FE540000-0x00000208FE541000-memory.dmp

Filesize
4KB

Download
memory/2928-2113-0x00000208FE5E0000-0x00000208FE5E1000-memory.dmp

Filesize
4KB

Download
memory/2928-2112-0x00000208FE5E0000-0x00000208FE5E1000-memory.dmp

Filesize
4KB

Download
memory/2928-2111-0x00000208FE5D0000-0x00000208FE5D1000-memory.dmp

Filesize
4KB

Download
memory/2928-2110-0x00000208FE5D0000-0x00000208FE5D1000-memory.dmp

Filesize
4KB

Download
memory/2928-2094-0x00000208F5960000-0x00000208F5970000-memory.dmp

Filesize
64KB

Download
memory/2928-2098-0x00000208F59A0000-0x00000208F59B0000-memory.dmp

Filesize
64KB

Download
memory/2928-2105-0x00000208FE4C0000-0x00000208FE4C1000-memory.dmp

Filesize
4KB

Download
memory/3588-2774-0x00000000005E0000-0x00000000005FA000-memory.dmp

Filesize
104KB

Download
memory/3588-2775-0x00000000005E0000-0x00000000005FA000-memory.dmp

Filesize
104KB

Download
memory/5132-2740-0x0000000000680000-0x0000000000696000-memory.dmp

Filesize
88KB

Download
memory/5132-2741-0x0000000000BB0000-0x0000000000BCA000-memory.dmp

Filesize
104KB

Download
memory/5284-2773-0x00000000007B0000-0x00000000007CA000-memory.dmp

Filesize
104KB

Download
memory/5320-2835-0x00000000007E0000-0x00000000007FA000-memory.dmp

Filesize
104KB

Download
memory/5320-2815-0x00000000007E0000-0x00000000007FA000-memory.dmp

Filesize
104KB

Download