1cd649ea4273fd977b6a350bfe8f3b62f1d0aee1408b9966aa3d6ad39ba5af6a

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup (23).exe
Size

631KB
MD5

cb927513ff8ebff4dd52a47f7e42f934
SHA1

0de47c02a8adc4940a6c18621b4e4a619641d029
SHA256

fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
SHA512

988c8fd886a9155b7d190faf2ce6b34d910efcffcf1c6251f18a9d0c804a0ea26a89679273033ac98b200363c536426efd1ae9de445c34e660369abb06f0071c
SSDEEP

12288:0qtavSvIGmVujfIzEQlzlmgGak6H3lP3XJik0YhBhrj05:0qsVrYyl876j0KDrj05

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{35C1EDFF-FC49-4798-BC04-BEB710E82672}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{595B5ED1-EFE0-4A4B-9145-737C53A0DFCF}	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1516	msedge.exe
1516	msedge.exe
2824	msedge.exe
2824	msedge.exe
5520	identity_helper.exe
5520	identity_helper.exe
4408	msedge.exe
4408	msedge.exe
5992	msedge.exe
5992	msedge.exe
6052	msedge.exe
6052	msedge.exe
4552	identity_helper.exe
4552	identity_helper.exe
4512	msedge.exe
4512	msedge.exe
5316	msedge.exe
5316	msedge.exe
428	msedge.exe
428	msedge.exe
5640	identity_helper.exe
5640	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
4512	msedge.exe
4512	msedge.exe
5240	identity_helper.exe
5240	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
6052	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2824 wrote to memory of 4044	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4044	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4944	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 1516	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 1516	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe
PID 2824 wrote to memory of 4000	2824	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Setup (23).exe
"C:\Users\Admin\AppData\Local\Temp\Setup (23).exe"
1⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa42e446f8,0x7ffa42e44708,0x7ffa42e44718
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12608962702543052406,15712840027580126820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa42e446f8,0x7ffa42e44708,0x7ffa42e44718
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,12171688790319292902,6702469927276464696,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa42e446f8,0x7ffa42e44708,0x7ffa42e44718
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,1239655247951308386,3936704576565392802,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa42e446f8,0x7ffa42e44708,0x7ffa42e44718
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,16580627940851624482,17724858447717076535,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6965c1a9-1842-45dc-a569-2b39215439c7.tmp

Filesize
11KB

MD5
13b049ed1c4fced474a6cfea603aa0f1

SHA1
bee32051dbba40a0e9d982b78acdee3e704934e3

SHA256
8369efe01a69343caa4ae293eab9bc2d240996d20e17069a78ee12e05049cade

SHA512
54972ba046b86282ec132f35d7834b38419a58c15d0557faa45591182d987d3798f224dbae945172961e080ea6ee273f9ddd3a7865ce7f2112766281cdaaf21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b656ca8ef60fb32cb94529a7922d769

SHA1
37b58169c4c58f3fd4eedf375adc6612a87f67ef

SHA256
cef9f4a1eca3a198d1377a31b8ce19cc60057d6071d781f7d2d80a9e55a2b1c7

SHA512
10c7b6ffa09978fd02cb685b79a473dd543a3d48bd1d5c391e377bbc72758e01ebf0a3fc4dd0e5244a333e917825211958456f6ac5fefa321bc4d3d49a754a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9838440ea6ac13256d0a48c59d2f3d07

SHA1
22320a28aa0ac7959f83f6fde6f71500a80efa07

SHA256
7977689d7b7f61b3870197a0026ad5d6c1fd2ea6bcb87592e074ff0a3010f889

SHA512
8feb88887da5ff9bf99f3d5e754af81aa26c04007103bb769353f47493eea545d6673775d3d09aea06c68a63b8a1f60ca221fac9afa3e3eadff918b7fc571c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d8a72743c06b5fb1b46f041526a5a34

SHA1
56faac4d3ca006175b7e746ed26cab9b1d0e7456

SHA256
b63e2e70085e3f3098aeed5b144a95bb10670002c4b679b33bb84eba831c2b79

SHA512
3b4039474a9e3d50ea0ca157bccbe81b23cbbce5cda4f5fabd7e9c681ddc5f6628d27713e36440681e800c1395e0ec6780091a14cafccecf31f7ca29dde24a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\525b8583-3052-4e06-9b14-2079683a6cec.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
aeba0492863ae2cc080003a32c614212

SHA1
db54a70c70b2cc7c066fef2484600caf2a5af321

SHA256
d91f1fd9035e1374f4f2f1fdf0921f256c4cfeb41fa70f4f3ad91d53c586a30d

SHA512
dc971fc12d8e5476e0c46f08b63c2d5c1e4a3029e1c31a9eb3b4e56c91a99b5ebacbf233fb3b8b49f1d94d22c7aaaecc7b065006f9184530bc97884955ec2893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
de38e27d483f64adfaef77f77874ef3d

SHA1
08e625219004d3ad807eff1473779be702620549

SHA256
15e6dd44897a6c2cb55a6a6c3dc76533991a151674c5a85add64204eff295105

SHA512
24d47403722504576c17186848e365c5216aa4721b33743d97c3a0b022db88117696f852d18f694608990393f92134fb4e9cb5a68b7a9e9395aa4964a136293f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
256KB

MD5
8ab5f862138267b73c1ea801509c2fae

SHA1
fdc30cb3ff7960e33a4ea827f76f74008dee2ef4

SHA256
6ce684ec12f133b0aa70bb82446021721182f54b11c8beaf1bba57ee46aa611a

SHA512
d5c6626b70be548a37e02738100c98fc6f486b72652c0fd989a3f8cbb298eab80248da378c8d65d2c0619473a7232c1e8bb3c1f7735cee0bad1dbe81a14cc7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
256KB

MD5
a8f8cc179985ef0dd8a72a66890a6812

SHA1
6db4272304d786720b39ac02748869652d38f4de

SHA256
29d8f3d890b972d76dac86aa3722284f24940edfdd71bf8fc949b50793c5c5f4

SHA512
dd5ca9210706871e3e2e7dd78fb49dd6d519accd39ea6e48bbf9acf2af0bfd4289fe12c1941659312a760db10c559a6e97e4ce629c57b9977a4d31d35bebd57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
73f3526eccc9e1d3b11734e981f396c0

SHA1
6625dcb98469d75ed50ffefc7c44da9f4f1669ca

SHA256
9fbeb3d493f092e04f727cfe5eda6b1edd2efbd348bedf4761d9f28778066f52

SHA512
5a80c6ad2de406ca4d0420fedbf4838b825869bdca16417f0c3f9976236ce48e2827ee748c6d4001983dff161d8a194ddef6c2f5254d6f56afcee55c57c5556d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3d25c905f43443ea9adb14235e38e581

SHA1
688c421b998418fcef68c2478d38ba5d2e5fd346

SHA256
4c2a44a95756f82ce12e8b4de3bd5d69d7e7aa3b8799df708972c534de1efdb9

SHA512
bd53ca7df3b0cad507d389ba30a3ddfc30fc1592d97e0813bbeed947b116b88c66d456ce4658303ea831cbb5808cff244fb44657f6fff243dd63b17a8d7b902c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bcefad5ef0d4dfcb9a6e1045cd68c28f

SHA1
61b2d68da701ef4479e1311ede37d30517187ee5

SHA256
2236dda69ece098eed6de08b36fc659436d835e74e8ba1d32b62caa476d48ed3

SHA512
0708e8f1b700aab11b7cfa02db841f71ab20112c8c19781c8024ad47d3f77810910498f36114e30e368cd72deb9fa148f7fc7d4df04af1b3068f706c6fdc020e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
4861bb2dfbcf44423c8d49284299af10

SHA1
00b8b3d2da1a1807faa1842733210c6f944d3521

SHA256
8df2cdb456e01e76375e113286ee9ed073f333c3f5a92e64247f44c02a3a7267

SHA512
7ebaaf66cf6382808c06825a692838f037b65dfcf6dcf432ac10750a4e529b732399de8109ced9b8d57fc95e950c2f3b81f0d1e4be280fd2ef6ca8a9e2960824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
9d55154edd649d26eb58e22610c34903

SHA1
3e69c07887f28ee33164e6b4ef82cc1039a4a24a

SHA256
2f34d04ca2597437c2eaaca4c82a17d0c0b0e7b4cb79ae2cf02cc558abcfa86e

SHA512
81e79624c7f71d7b58c1b9bf46ff434bece1a063dbd9d24d606a9dc1f9263adbe0b6b85f8e9c8b9ef6ea7db3e0c96ce1d60627874ddfad7a2f50de1a992ce308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
76027c9e6f1eba4f0a6060f863672e92

SHA1
aa1de54adda0ed65c524391c50bcd8c1bd0a818e

SHA256
c0133b25010835e060bc1cd4a602c974e84283f66261ab094db8aa66472f870c

SHA512
0db1a4affb1f0f0d0533ce699d00db19126e7d910a33cbded91ea310d0d80e9e24036ec7fdbfa7af54d2ca184bc91f4075a844b437d8f75310d127680f6975a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e3d24d4a585fd3c9fa7781f97ab55c52

SHA1
2e1a7bb10713bf75e0e640740a631a2d434cad55

SHA256
e7bd2f5a5d1e824f86024a6c6608b215286a04af8ec15d612cb0248a242acd04

SHA512
4851cf4c89108a70bdd9e002beda0e946fb21236f7d0adc1af2b1074008a4841db126f87930789c08a09b706312593459d61153fb8d9cd3e016e02c7638bf5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
d0375a272fa2dbe09936fa05e8723753

SHA1
736fbc0ae5ec781998be5cf4ff02d1393b025a7d

SHA256
d832e05d924b2a5750a9d014a5652f7d63c62a97914a4821f0eb169a47e7d908

SHA512
415a5a5e70c5b4a7d4d14bdf8e0eaa0739c3a73312cd5a03cd692877c06a7d5ce691e760cbf91990c56109feaaa7550eac59c382c532276aedf7f75428169452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
131B

MD5
730b1d87b83b4884756251465b7b80d2

SHA1
112ee2f653fc92990f91a11d65e7a1db56be46d7

SHA256
bbd6258c27ff160efc84572e4b354f6177f4f7e7749e3a9a8a8b9cb7936fc3cf

SHA512
b32cca4377f055f1c1313b699db2d7d3a4a953126b37fbdb16fa67354dca85b4dc454d2f54331c1c1dca0f31b62d10ebf07822a469ec09827b210b507beaae1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
0bca7aab20d9993dd0d23e5c2ad5be21

SHA1
b5686a3fa8e6ab308cc39de7361892711cd0fb2e

SHA256
510fa95767713336b5caae1112c34afae2b100a7278c1b055b5f0a1d146c7677

SHA512
8896fb54df914f7969270e7f775d312080e5c835be66a2e187762d0e55cabf3230db1cd374dadabb6076efa329622321228e26d59e5fe4256182c1ba32dfc719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
43c81f50d246141c0de567b401668d5e

SHA1
0589f5cd275998abee9354b87f97d5e8ad58c672

SHA256
ae0beaf33999d60ab5af2f107a90c1931b44a1ef0e927bd4ed263dccacd23de0

SHA512
5349e5a37ac855ee6fe020734c021310613655e3a5730ffc78bf89e7a4e358580db0a261f1a89183a8f84f55ca9ad328b81f5c5675172c4b0e85dc149c7bad33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cdf390a07e511c9ef65d3f89184ad229

SHA1
54d3969a96db311eb06d2c1668efd9e1fbe5e42a

SHA256
db73ba2f69cfb048d3dd9c5bb4e3c546b3cee8d8c8cfc730d409c087ae344753

SHA512
e4ba15f88f93da5820f15fd11361f58e19a49409c0364be10c826b832c3754db7fe67e8173233e167c4cd53875716322633f712d173cb08ae97efb3621e5aac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
396B

MD5
6c4ddd268b7bbf20ec5c17e615475112

SHA1
9dac4d75fb06849fd0ba49db187fd723c0e537e0

SHA256
0759bbf4ef3ec8a25ec658e0728a260f0f830c0ccb88fd652732bc7ead924a9f

SHA512
5f27fedde02d27f1f42b2c4057cd09abf3b52faed0f9f02857df6c8e2357295e09590c2441c4edd00b5154f7f9eb21ab526c859d7b66f7c50644548519dba6f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
946b797b5dbf56aa730a023fa8d956bc

SHA1
496ad41bd3518283b1155b47dee8851837174921

SHA256
cca82748a895a9aadfab6e5ee1b583b61a57f352a310778344b6f7f6b458f1bb

SHA512
cb7566d16adcb8f1d800e6ab2040e719705e17b5b373a8e9c239c49c87edf0b8b96cc672b4f3a9094e28be6d8eb5914c699dff9a6aa950f98872cca93647ddcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
138d56c42b899cd738c892b4dab71e36

SHA1
3c09d2114664a800e9157e76fd744002fd3790cf

SHA256
4210a593cf58dd4611f34e176c8a2ebd5cce31cd968213dd2b1cf371c66777ab

SHA512
ecb136a51ae32eb64091c8a8bffb00de4bb8f1d1fd02f5f26c572579579efe9066a42f27126e998a8afa41231882a10b02bce388bd97238362a61eac6d23a812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
facaf661d73204c03c5d9aec9126a6b3

SHA1
5c4e735ca7e2f61b583af403dac7399ebc9c3c4a

SHA256
c8b6c966f9810e046848bc28ef34ebb1b3d1765640a2ba04eb2fef28990d9622

SHA512
0ccd3bc93193f2a7a80279238dc0eb30e7180c58d70f847a1ac810c4b6e81b5f3e09b70ad293c50cebce3b0f9c11861c3f37994636d56a570ce87787eabfbb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4dc99c4a19f0933340a0d7cf09a185b2

SHA1
b7253edef0840171bc6debe1a5ccd6688bec9476

SHA256
b6707aaed29ac809da865ea96d6e2efcaeaf68ef318ed9cc4b9ef9e25e5e2c5f

SHA512
7ef0d3f159702568dc6012c07a6e570eb403797d23fa0169c7f364930adbeaa52685331f6d81f263d09f7d623989556ae3307f3ba77e05fd9a508da3b27e5426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8605eb5ef0ff1c26ff031e27f105a5f

SHA1
bfa10558827c17a3c850d1a72646c086468c59a1

SHA256
2ac51823a3891d7f0b3aa9b717aee62d7eb9e296f3b7c15a7fef2a57da4655b3

SHA512
a682f5a8cc5882ca234c8d6e12e98b22bd93329c96a4d030700e7a5ad4304716f43cae12f3c444368c3254dce4e6380340b640c8b8350d0fb9f26b21833e3ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7dde0d5e24c09d59c239475f1e248bb

SHA1
c005fa69ac2d9df4c3db9c282b6a6a690c46e24e

SHA256
77982db6d3dac098ad87b2d62880d37310fbb82ff040cbcaf9ee5fd908d59ace

SHA512
f196e7951285a7db04a2eff3049b6a88e4ce3773bd3c25889b582f8d012ba89e21aa1da534df1514f4c97bff5374d7eee93349747d3034424237b0521e79e917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1cb58bd447f6a2358fb66694772bd48e

SHA1
9b12f94c57fc48a9dd1c19bfea1c72d638071d20

SHA256
c53433e247c1c0bafc8149462795df6c3d4450eab0b2090108296286886d78e4

SHA512
cd7681f3f2e55258c3e796e480119da4ef207cd36d61dee4208490ba14cceb7697de5c86a5eb6c223010ed5f3995e4e76415468910dddecb8f305980d01a4c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1799e050c44a76611bbc9b674c5bc30a

SHA1
34cb71f95604b36afa6a1f49abd02fdf805a5225

SHA256
0ac1ef87cb210081646ddba57cf650710418f352ec69502e8b8c8e8e3b1ab273

SHA512
ddd43b385b37276a0e990ef577e69e3ab5b4281a7edbb70275e58bad6d554e7c219bbe78c887d541ee83607582afd0b24b604f7b23e431e183190b6edd2b381a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02c29cf2393c05d799eb08a8b0e1fdd6

SHA1
5484bd420364b95543ff0e6a1ee62fa5f20f734e

SHA256
709cd7f6b0ac48cbefbe8e9d0077a6ed149c85e9da52bb56f497f2a37fe3eede

SHA512
d4caf7ff6babe581990c6ee5ac6826c14e2a11bc6c5de188410c9b6be54937fbdef8076fb16f3d31f82e25c4f1f1cefff6a2bd665749f341f93ce4e23ca3d1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5f1bc8a6ee425284cb44f9763092831

SHA1
4476b3db762b13db3c499a33647f169bec87e8e4

SHA256
538b78938acaca164e65d5e0c5d0621415bbe9b694a2d5018b30fef60c75e28d

SHA512
787e975e9f4e4d7e117ef504d001103c84aef5a66eab6fff82a9bd112f68f2300e04d0d045c9a5cd69a5ce4b9f5fa9ddced792104dfcf651ac936e132fddf6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11257633a191144815f55965296af58c

SHA1
1d0086861c97158115e5770963dc3dcaa1f51a7e

SHA256
d6622537dd220a8f86e128cc15439ff834172125dcc90c51b24c799c4810f23a

SHA512
b38ccd75e68ae93d959d2f7347ac5ddb702085aa7922cd6c83f304dd885f1b030532feab23536af38022dd73e4df64ae26d4bcd37d1c9f9822cab15052a150c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1c2401a2a6afc4c403995a55382ce1c

SHA1
cfd0c1273b4584aae4d422bdcdb86ffaec1a6ac3

SHA256
c5aacb79f7e56b08e484102a90b301671a5fca2eaf6237586b938ed74ecb8c4f

SHA512
4b0e5d2258d4c67da74c29a48f9a1e2e6d65b955a2c854b9c8b2c59ba78b4d5068d29f08191bb6ac38a29f2d874f60173fa97f8bf29f85cbfa7b821e6897b23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
6775932c2bb0e925cc6360ca85ac20ac

SHA1
d72fd56cfd320702f27cc80090cbb793446dd460

SHA256
78c0143718d8790301cc6dd40cf2d7c1ead61a88ee06c75caca1f1400a9fb190

SHA512
b516b951a7601cee776247fa5d77b6e8aaf6d4689ffbe84b4faa43246290205cd0b0195f1b63940339ffb2462bcb940fc4ce4cab81f408e7d4f8b177ca8584f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
411B

MD5
f1133323f5a8d09bebf38a17417119ae

SHA1
b8586bc3f6fc421be967f65d6e8c5f15b6b8b540

SHA256
1aa2b556e83cf2a384944b3a07d6fabbbe83eb521284c988cfe7852905240938

SHA512
5beeaaa82a0258e6fa8dc1942f07ba5f0cff321a8bd86cbe13a9540b382f90503dae61005554371f29adda308ab4df8f3c3356f3857ba7e5ec64804661861a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
e8827f182cfcd44506e3c89466fc01ca

SHA1
7fdb9581b665920c78e6a382c1ed987d513a9802

SHA256
ebe60398886b75edecfcb6a91f49d8a033ce1a25397a8a2fcd62d55f598bfc78

SHA512
b18e1452de21f9f56e038c8a9fe6450329b553cf7d44d87deb130c66bf66783c1b13b219712a026c7d368cb82884f4e5a6362669e98b574d1527e1b6436352da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13354665834383284

Filesize
10KB

MD5
934661bc945b069ab053ae9f722cb767

SHA1
cc3f630838589067535c4172219d9fa34bd2fdae

SHA256
c172d70381a25bd2df3ce33383078af1dc6cdb34cbddfaa44d38ddc2b7467e03

SHA512
dc665ab5a5796a2662a36fffee460b09d5441a0091e7056687c40d9e034c920f96d1f8c98eb4d6ae147cd751a0619418cda57100302ce83dc21813264a39e899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354665834539284

Filesize
6KB

MD5
55b505f9ef005654dd52042417aa7439

SHA1
a882ddc6916fc384ab66671c18e754d203754dd6

SHA256
9f1d3e8e82fec233b756a928acc32ff75df2b546c5119963264f016a0e498b96

SHA512
dddaccac4d1cb5a558a5c1a43f10bd5f6b13b4a1a06feea0c1ceb8990598d1412bea0c9f37ba45609ada0dd294d8afd3df652ca2349cef7af53e6a462d221711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2975e1821dbc092d5123d333d29977c7

SHA1
c6ae3e67410c4b713367da4a390f1846974c11cf

SHA256
39586a00cc5923678ab0a22722cf465566af36a0291de5c3af7ede2661df6f95

SHA512
84a442113abf74548c7d5590b23682cef2c319445a7ebb615ada6f008931e33a5215c2052ba06dbab44bb315660706c84f664ec1a6807a003541433b351d1d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
31ca10d4c44d98f52fd4a652a6ba075a

SHA1
3638573daba1445b5b29e82937005723eb14953f

SHA256
4280bcf9d88f94b31a5400d5c233f6df42ade39eba0a38c4cc9e76e0d24b3a19

SHA512
68ad3e4cda1020cc922482e1ed04d112860efdfed50455fd98727533dcfdb8f485abd64ea7609441a59f6311a2ef431bed10a63455ca81373c1ed0e5a83ad46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1ffef5471df4bdd10a59b70f65f51b18

SHA1
388ae0cc287091408c76cb1ed089a54071838251

SHA256
409dbc0f1f132379a76c8c5ea28206b4c30343a77d49f3a3ca34f062ef30e0c4

SHA512
071f726ebca5c7a77246f307661d26817da64a74d0b88b0f00764a917c7b7302aba3651141e56d1774738fa9a661129f4c6de043be4d403f7969ea7efe94a3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3631303ff1b2be1cc0993595299d90a3

SHA1
4bbf45d1bf67a92cbbf4dec6341b76950ce3ec61

SHA256
4a1dcc2f7a35905e2cb676aa86130957ceee2ab93a965e5804baed04c14e08f5

SHA512
29e40673fd081420f3af7e5bcba7e218360c7c985cd8403a230aeaf83f6256f9aca687f621d86825df0758d24c73b22e64abbc87d8878aa23b450206d4a62788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
931507ee3c2b12cc86a1f6d304553ea4

SHA1
30d7de71e9fa385731cd151992d5435bf6f4204d

SHA256
3be14f6ce6eaeb81543f45a4136252e967d1ba4e2febc2178a118ec55a513c97

SHA512
acd6742885486090beeaa41dce06cb75e535d5396f29515f093d1acbea68d0d9a0b1f3963450f231d76bdf7202e78922bbb22e8ab9c95bf50a427710aecdcd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
630e34c6ab24d0e280073681d84e2bec

SHA1
46da6e930296f4564c58fd159c6de7a82a5b37bd

SHA256
b3012ebe102f095e967907e5155f03e5822723cb131803cf574e95e2eb98f0bf

SHA512
47b993f068d0de2035c0d19c2736ca0d5a410fb0917447d836e4545d657ea1de624067a3d9cd74953496f2dcd6fa0a437d73a5422f60b9c96e3a3cceb8d70fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
0fcffcae478681a983341baaa6ed8af7

SHA1
4a79e49a09a2e84a29f16ea88f81a82154ed5027

SHA256
b0d60a1abf55695e3f52dd599f4ca10c49093670d0e6f62e99aff00f17b2dcab

SHA512
adc9a2b80e1be138daa7b8cb4c7a8d9a55a0e0ded081fe03c52bdfee7ce8c82ebc53c85948ecfac303ca0c9dce69ff8e178002f26a719c85b5b506bded486980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
3ba961b0fdee6b6dc3e5b90f22888277

SHA1
3506d4e818ab9d4ee501633f8ab94635e9c5b50e

SHA256
e57c357d42c10a47f727e7df0fae3cea86a75a16b01c92119beb13da35d97d5e

SHA512
f0ca4f4b153eaad065e4f6cde82000ceb11f7abf53752859e71bcd39f08146b0d11895bb5bc975a888f233b4da9fc704e77efb8e425667cca823ac7d2160e8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
380a1a9cb163aa6af4bfaddf93842c39

SHA1
35c882ee1cd72dd09d2ef573d8db6285c29086d9

SHA256
a3d1c1e54874d2ff8b53abbac5551c052d5c8881b7e739659dd1c098aaf004e3

SHA512
5d7f67665c406c7b2b0210b01cc23ac2988e338308783d6a734b3bc772f248722d05adb43439188f005e9a225a2607da8a38ab175cd8bc9214b709ddf1070eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
6f5deb01a798ca228d72141645e7c047

SHA1
3c3cf12d95e07c7e67182ee86b5817daaf2da6b8

SHA256
66950cfde0ba8429fd16a63bd02e09e3cbf615dcaa34628a2e854cab22848bdb

SHA512
ef7207a711ab35a0b30444d8cd1b2628115a89fcde79b90ee15fae73d4af1692559ec728f12059c116599b182e0a871a79d08f7d246e436beb0caa74b74508a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
00abd1cf510eafbd475ffba669bef217

SHA1
33bb7f0852ad58f3a761b432339c6f502f94ecf8

SHA256
d96e2430a73b151126e635838b3a25fd0f25b63f79488b6d5db2d776b39cc49a

SHA512
4421f2dc1b740ebcab46c81309b1a3a824840549a2effada582b10b092c606c09f09812003de73cd615e3b726f7c01c17ded9959654c8e7a2532290690b0aa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
31af5351b32106a677dce1202e7ff14f

SHA1
042296cbbd6a66e89b11cba19af03af618c36371

SHA256
9c9ec8e8085d45bba465c5375ca7126bb8a8f7ebb325bcea13d5f9488dc30cfc

SHA512
36f4d599b40780577cfe5fbf09b9be7ea845afba57ce6a7246673bc9063e06f907ca99e2450a81d78f3b1f390680401b32714ff389bd28fc3f0542ab445858f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
656f0aa3ef0b23a0b57c7f2ab043e2e8

SHA1
905edf0eaf8717de6a9f8a84e517427c8ef84d0d

SHA256
1922d4cc2f542303a870ecb8150e0164bbec91880a3f8d9a6d4b9d5bc06f5ffd

SHA512
d9c6cc0902b1f226bb828dbde8bfe001e4f87a517153b8aea90dc5c7ed60b47ec9a0d008dbf99cc17367142b1677d601f540bf3fc65bc05b6c88851fa364d1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4a09d34557236ba7fb4c67e1ff3153de

SHA1
3cb5a237a20de65b848829d7ed952faecfe4413f

SHA256
dc5d4f85a30b88ad168cf5a6ba710c9c27bc9c907b6dd37d627bea9bdb13a22e

SHA512
57409960367e1f0441f62c5417a34735b22bd7fef4c669b6294b6d478af060ee7d393c386d3c599bc62b45f5173d6fcf09da057d795e4d9f1303bd630a17efa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
51ec774f1a39cc667076ea5b9453e145

SHA1
f9dd7e61fba96eb382bab9d95f024c805db62312

SHA256
a32dd36f4363d3015f6dfaf0ab31deaeed29f3dde44a6a4b1dd4e366f51e5ac9

SHA512
d47f0202628ed341469f7d0b0f6684adfb9ee1b7dbc479c5a63833dd9ef6ccefca79d109c2c10befdaae32a3ac22ed6829d4a5f6581e4fb4e752796153ae65e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
40975d6cd07685694ce41f7883b961fe

SHA1
a792982253f1fb4c0ac3f7648ba45451a2b6cc0f

SHA256
ca94ad96a34e87442699d4e5d9d27b9ed141ab4d0063fca043747d4b1934ec7b

SHA512
e473f906c6ef94e448b3ea48b44f7b647dd58908c07fcacec59098b5e3bb428083fcb8ca39d7242e1401547a473fec0a84300bdb7c2cc6815c9583aebfe6f76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f6808c9ab364764446a9639f21da363

SHA1
ade293992428b6bb5a01473f9008b2613659f659

SHA256
6fa13daeb62c6b8facf8bd6adfadf74d6b5be9dee55fb167b4945a2cd2ca669a

SHA512
909272a14d278995cdcfacbac2b1415782a927cd1c90fee693c8b3154bf468ff0f4e91484c6ab0c58ca4c7aea6492a5abb660a4d3c41ef648254deac71fff0d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b623ed33695b912a9bf46658b8eb7de3

SHA1
12818cacd8788ca3559be3a171f075952bc4038a

SHA256
1a9fa9c2afc40bd302b883aa885b6a120630e8db53c798355274c05312e21bb3

SHA512
17fef18cf35024e76f653ab080fb37371b6ffb754b13345d4e71e1a778746927faac6b8b6db4a329f417f9f99ac582430a3fdddb725634e85dadc92e90fb48a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42af4d9ca80f0b020d3187e609eb29e1

SHA1
da97eefa54f69a514f48b5c39c4b3000699f7982

SHA256
9e3058e1e1069b0f406dbe89c998e522331e71bb50a296049a00f672e9384b03

SHA512
d782a11f9b7fcf8007508693411073e1f14e0bfd8f280bfccd604b9433d1e37bb1f0476c6537b91436d398f5acc8579b768e45067d562d129e215bb6282a3b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
bde218822c8cc90a03e5f206caa0e81b

SHA1
72c41f15211c553b09a13f7b1197de25cad70bdf

SHA256
ad3754af122c4888465dc09d54100b76e5ac8a7864f560384e696adb604ad325

SHA512
ec44cefadc0b701ff3d5f735af424742a143853d172dd7825069e0ca53876938901d82e88c60a687dcf47d2134bcf608d551d0e1ba6a328c7ee423753709b256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
1ce057cb1853db2dd0711ef48dcb6d8b

SHA1
a265aaf7548ee8851872d1819e323d9210fb0669

SHA256
a9f62244534d8df19afdcb53023a7f41f43587f7353b69a264459cbd738871c2

SHA512
cd37e54f3a66f4c088caf4c7b36ed44bedd46cd8b5082eee7d8655766192e4770bb696ddfacb3c8683b98f130e67a1daf334b98058d94075d1627a9c94e8dd13

Download Submit
\??\pipe\LOCAL\crashpad_2824_HTOSIPMLCXHNOHJT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit