hxxp://discord[.]com

Analysis

max time kernel
1164s
max time network
1165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
9	discord.com
15	discord.com
402	discord.com
403	discord.com

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{D41F0738-673C-4C84-BE2D-BC21E4D0F8BF}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{8CC1A651-0491-41B0-9D0E-32C2EB004576}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{56BC589F-7B2A-4D11-8A8C-CAC97A02252C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
404	msedge.exe
404	msedge.exe
3708	msedge.exe
3708	msedge.exe
2172	msedge.exe
2172	msedge.exe
5368	identity_helper.exe
5368	identity_helper.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
5664	msedge.exe
5664	msedge.exe
6956	msedge.exe
6956	msedge.exe
6684	msedge.exe
6684	msedge.exe
4784	identity_helper.exe
4784	identity_helper.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
3828	msedge.exe
448	msedge.exe
448	msedge.exe
3352	msedge.exe
3352	msedge.exe
3124	msedge.exe
3124	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5984	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5984	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe
6956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 4276	3708	msedge.exe	88
PID 3708 wrote to memory of 4276	3708	msedge.exe	88
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 2928	3708	msedge.exe	89
PID 3708 wrote to memory of 404	3708	msedge.exe	90
PID 3708 wrote to memory of 404	3708	msedge.exe	90
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91
PID 3708 wrote to memory of 1488	3708	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa53df46f8,0x7ffa53df4708,0x7ffa53df4718
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13107316932321598303,1293092780551450035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x154
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5984

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\14ee09d6b9cc4c50bf6a29c369e8e26e /t 3704 /p 3708
1⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa53bf46f8,0x7ffa53bf4708,0x7ffa53bf4718
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:6276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  PID:6460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:6852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5156 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2979478058639305586,11415393788721707549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
  2⤵
  PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa539c46f8,0x7ffa539c4708,0x7ffa539c4718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:6804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13973254973375318999,16646042460169036928,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b656ca8ef60fb32cb94529a7922d769

SHA1
37b58169c4c58f3fd4eedf375adc6612a87f67ef

SHA256
cef9f4a1eca3a198d1377a31b8ce19cc60057d6071d781f7d2d80a9e55a2b1c7

SHA512
10c7b6ffa09978fd02cb685b79a473dd543a3d48bd1d5c391e377bbc72758e01ebf0a3fc4dd0e5244a333e917825211958456f6ac5fefa321bc4d3d49a754a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9838440ea6ac13256d0a48c59d2f3d07

SHA1
22320a28aa0ac7959f83f6fde6f71500a80efa07

SHA256
7977689d7b7f61b3870197a0026ad5d6c1fd2ea6bcb87592e074ff0a3010f889

SHA512
8feb88887da5ff9bf99f3d5e754af81aa26c04007103bb769353f47493eea545d6673775d3d09aea06c68a63b8a1f60ca221fac9afa3e3eadff918b7fc571c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96624661-6a0e-4007-91ab-41e497c2d683.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
17KB

MD5
dd920c06a01e5bb8b09678581e29d56f

SHA1
aaa4a71151f55534d815bebc937ff64915ad9974

SHA256
31ad0482eee7770597b8aa723a80fd041ade0b076679b12293664f1f1777211b

SHA512
859fd3497e508c69d8298c8d365b97ab5d5da21cd2f471e69d4deb306ecf1f0c86347b2c2cfb4fd9fcd6db5b63f3da12d32043150c08ef7197a997379193dcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
85KB

MD5
51905554c80db9e4411c6ccdc2e74569

SHA1
dfdc75b35b8e5a15449d1989ba0b07c50ae5d563

SHA256
76e18be1160601b291167bf2f4eee0684f9f09a53c80661b7d2eda79be03b1c3

SHA512
0d7e47fb6e24ee6f610139551b1cdecf40873c54f6e1c607cd90861bf853fb55490076b522495537ac77c895d87002cc2d1c312d6a647da0559641231a1dbe8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
393KB

MD5
dfd1508d18c21c5c3556be0eea8b3932

SHA1
ed593ea418ab326c2f7fea094cc52860082e852f

SHA256
65fbc3d692ed8071cca0a87b565609a1a1bf2d73d8d3118ae08d3aa81646704f

SHA512
65d94e73d4a8a7e865fae21b2d3b30da664d0c8ce32c53336797fd64cbd9e62d09d103c833b15bc64de0377e7082b460ce6ead92c44741a5eff056a3c6bfe660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
31KB

MD5
c868c09c7bd0cf5994902d81b0a88b4f

SHA1
4d902adfef2055301b4111008d0e1e8f67c2ab0e

SHA256
bf2cf3d8b91fcf9d5111b6c969a3b35d585013ec32f818b3b721d14ba9c87a36

SHA512
0bd50a36ef64bb55bfd2ac638a9bc4aec3a6d3355c796b27ecb2773b5cd0d4018ac23c2d82bb93eab8436ff55c184c38fa1dc877c781c1b9b851d754b02b4bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000db

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dc

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000dd

Filesize
32KB

MD5
e51d5a73c3611bb52db26942a6cd26fd

SHA1
8a750003a6fd6321eca6624012d638eb71edb5f3

SHA256
8a35d9b6767a86e337309319ca907cb0837e4b836f82143c58a02ccc94a11e7a

SHA512
597043744a4afab83b63ed43db92bbe813e6003844d5f8beb4d4e7f52cc4e40e3af08621da4eca9407d4ec5db114f03964c4d35bf3b94dac8225bbf007659670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000de

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e0

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e1

Filesize
1.1MB

MD5
60021246cef1f0978983114d1fd51250

SHA1
b4cd22c3fa223376820c53fab738473732a0682e

SHA256
5cf8acb556090e2c26d420340e174d7948ca191e0334ddb1258da8844d4a2f3f

SHA512
ba1395b1814e266915c44e7b72f6f4d3a9528eb60948a1d9a6b501d129dcee6d8fe22125e569a618c25bd89b9128e088b3ba6c0ebcad3804a128f38f0e614b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
b44d05fe9b2e2a7bcb95d99b6a40d9f1

SHA1
82034ae3d509dc5a02378656fb93f04f3762ff08

SHA256
11f92f16b854b5419f228d2c3898c2e427db9a852759973aa7a460fde09da8fd

SHA512
fb7103764da2186a28c67400cbddc5fd85609062a127912b0767b518f4d9074cb0be8b055d6ac83bc33c773c0ed680eb3fccb3d3e0b8b18b278689d87811c709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
7fd91af913caabda5ec11785dddca1b7

SHA1
899ca61852ea102269e55d5684ba12ac4fed4061

SHA256
165b62a9a01a1c3638d91d557f7187dd7a4676634c5b5e2e48a058e9fd50f3b0

SHA512
ee1acb1e83464491c8b0b253e8ee5edd9d71de65e3528fe5896ea50e4badde4ad17cff0abf2acb2d5d1f476ed609b2b101f918cb790b06218316f417bcebb332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
1c527fbbe9040929f619a742bc3cf55a

SHA1
838db761576f76f8ec0294f0112300ff948e1669

SHA256
c1678931fd0c8266c7c77ee979fc4dcc416eabfe2aad79c2641c3ec18ec691c1

SHA512
7ec89ae62a7c27d309592c9baee3d3e6cd286387413d5795dd4f54a03b6bfed5497bef7724edd6e22955c7409a0f67fa552375ba8a73b28bd7d9bf26e8ed6387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
4af9b99c861dd85f80f3ff6574fe23b2

SHA1
00aa89c89122b75dca3c1791a9b7d950c1efc267

SHA256
fe3769a9f595023710e0b0ce3fed0fa9718dbeada289106c9b7e165fee58726e

SHA512
3786a666e53c3bb4bcb1830e560cc5633bd194ca9a07f43b51e54992623a18fe8400a1f457d6b0a1ce8d53864fceef2a057a4f59347bd126d9589c70ca455de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
f23c44304816979aa00939b0098f9546

SHA1
452a8d4ff042ed27aecc0c8cbc8213e5eb1b702a

SHA256
e90b72439d9c58d366e5ba2df92f234c80b3eac4066a01a17f6348b4219d15a7

SHA512
a424e838396c25d0fe15f8e8fff820f3add5f8dd9fb6d0963a34b99edf988c0a7c150975fbff94ce86c12811f8c4e43f25d9b54741f95d91fac4bd98a671b65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e47e3d94b4beb116fdff9afda1e92384

SHA1
a607283d62d2f1d850cea7b02ac2b2dd3dee34aa

SHA256
c319676b61113e9cc14c60e96a4d9fad076d51a5b725a92518eb9bdaf451307f

SHA512
2b790bdf7f8f8db4adf5c304a7e63a7ac98bbba9f997a2fee51888027b186406ea46363aa1e57c91fa8f3e41037bad9a39011c8d9465fbd6c44037e49c9ed3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
188KB

MD5
1873808807ab5e3ce7ef726965b382bf

SHA1
ef76ec3fcb526adba64e7a6509912b9f46d1a4b3

SHA256
0d1c7d6009dcf7647eb8e0b73d5ab8f868a5ef6deafe69604dc62719b8d9700e

SHA512
f399d70432844bb24ca625d56e2760077f9721a246b2496be879471a3b36b692f7f5bfe1b111d56c8525298f566a53e22dce6b65856e82f3ebbac2bc5d760723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
0db7d38f153d590c10bd5759af7232b8

SHA1
a7971e93cdde9d86561bc241b438c038e5a2da90

SHA256
0a7cff181338f62585437e21e607ce1d61d0186652ea7ef94778f31e3d9bfac4

SHA512
a990570e9723512aee1b1b378c5a44c13936c68e3ca79227cf7794a7d2758bc01f3074411b276f942d2c5932f1e5a702603717048e527d7f1da4cbafa32c1443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a52040f1ce871a2a209676db66647451

SHA1
ff0b0e1fec1644277957af81797dbdfdfd173850

SHA256
ebe8f06df2ba7772021596b55e2f6015c72e76e44c535af5a70dbe60c76e366e

SHA512
8fe3c39616a8463b47c2086b0b67c0ce690333b7186a1996297f72c62d35dcff4a803620c63bc48a1327d7509786048ada030346ee175033fba2daaa687ee802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f2ecbe80c1efd34ab1a9faf58497e5d1

SHA1
68e0eeb965b8281fe47032836320fe6fdb052634

SHA256
de2295810d225ceeb4e7bfa7d578a934df83f69e15bb867b2a74adb5d2cd8d3c

SHA512
2a2b5550f44c071215d6fdb72a7b38c9697e9d1fe9deb9322eec45dfe91fa2bc47046e4a1873b5d7133033ded1a05b745a0f21f67d8be8e152183a45d32df371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
61b04c5dfa8cffaace543509fb51003d

SHA1
d6877552fe34b346a1054052e881e59022cdea5f

SHA256
1775e793d9bea7846a6e66bf157a3804a05f033672ee38d66d6cd2d69581443e

SHA512
af324d90040de884f8c7338143d340aff3e9db70e4ec8f47b0ad5e545bdad1a76d3350e81fb9145b48fe45aa60cb169cbfee4c8234f7c5cc5cb998531eca2239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
b9beac2aa4afda372bc55f3017c264ca

SHA1
90c293d09a0b284e5e860564cf85ef4d059b8205

SHA256
4e8eca03bde1a9d61079026613fd9e134b398d38eebaeab4e3e641ba4a1d7a21

SHA512
a3623181c4f6684d7f45754ef5e360596b033038162a2a0c2daa7c65776c7bf9fe172a817313c0e6d4b4e405f81f792cf57b965a8cc7a656f80ec8a1e0aca6d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
6aa5a45cdcbd8abfff64861c4ee16525

SHA1
c8495c3ee70c21e5d08e2c0bd8ec190b14dc2127

SHA256
31608932603e8733b774778bdf80b73612722fe6ef38f7b5459bba7b8118bdf2

SHA512
5b9554b47ecce3988cea7b9118cb792a3e49fb0767a872b56be4dcd7086aa8fc1cfeb000676ee208c3e41b227a20ac2e5202325aa8a5314e8d5cd060ed76b4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e06bc9a409c311d2e73dc7d8578f50a2

SHA1
09701b75e522fef7660d117b54ae8f2847248967

SHA256
cdf11b16b580e0c90b7085744b1ecb813569e90b8533928d340b7ca7632d3f12

SHA512
4572c0f6dcc52ce79c0205d4b05f9e5d3c27c1a1356cd10702d238bfac4dd0568eb64810fe02ed7459fddeb985827a04075175371fc2c146089f38579d770b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
93b4a137b31289422867b807b2f6f20d

SHA1
72cde7fb8079bc66894fa1fcc16b458a39d6ba89

SHA256
59b2e51f2a524ca4b51994be1a1ec5ed6f42fb17ed53b03ddcc4d2e4072caae8

SHA512
61f2fa6a64db79f084f729f5fecf90261d584f4400ca85c7e95cc38f81c18afb2ff32309791f4be3dd41af2ef8e250c08dc92ba3c78f69ffada1dcfc8ff69eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a0bc139238e2af94035e8b8678eaa59

SHA1
578594c7f89c34fa8ba2218bc9140df82a924c9a

SHA256
47cc479463bbf8480f724bf7fa3341a358818d2148ea6c44bcc3bcbdba127936

SHA512
5a040d59b276b55ba159a5c5b5a4fb4ba76f82ec9626cdcf29989ce01ac08f5f958e9dc7897de667ef804f8f6dc35072507453ec704cf01ebe097a6f665b2306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
728c9abb0680482ea06e2bf11ec9fcdf

SHA1
704f24714567a237bb643c52ecf0f536f0876284

SHA256
9fbac5cf6c71a6c86133f59f6c5c4a3a58e73f2af4495205c2e9effeb05912fb

SHA512
38b190a1671e5fb3e84d5acff2b661cbcace5469ccf3ea55182918333f66aaa26bf1fa3d850bdf14fdef08f82944a9de3d331d6ddae9eac5e75c128fb7eb6621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1e96c23e356c629c121b615e322b17a4

SHA1
827b8cd5001d9b4ace664215358bf243fc04f49e

SHA256
2d8fc28fd8266f4da9aa78639736d2943f2ffb041b737a7d7a3fbbc3bffd8abf

SHA512
87472fcf487b4c61e0b724bef2f3c6c4174e211d8241abd073d72bb97ea1bd98847fbbcaed3bc4aec08448c0b98ea256500d13cc97582a5b89b57ab61553cbd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
11ba14cec5d777ebc307049beb689e9f

SHA1
ac149d9c217decf40182618d7a01a9691bc6421e

SHA256
c1187c6697025b133f29c1220d21c74f1e4cd697aec63d005eeb0a3b6164d756

SHA512
c30d57bc5adf2fc1bb5f9963769435e01203523c2d1af249a7afcf353aab28d9981da849b82cfcdc83d8993b6a3135237ba0c447329c194eaa09c7e82de7571e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de66efe1bdb949585b6baf30f3b2a99b

SHA1
90dc8e3781591b394d0e24b127533cede18e59fe

SHA256
ac377989bd46c1fa52cb73c897205443f89b1e8b073ffc77e48a6bbca1708496

SHA512
781ed0086f1ba2086588d0533ac9ada6fcdfc85cdc3e144a50b5ca30d4d7b7ead9e5c1d9b9ecbfd657ed65bf49fb4488ffcdc99e1ae187aafad6f4bdaa7e4203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f653cec2ace757d4fa8327eca26ceda3

SHA1
7ec67c0da5cc2821ac0ae845597528e3540c1b3a

SHA256
2f74fb16f02e4a6c9218b8e1fe79927462904962c76c869dbd9e72a90adeedd3

SHA512
66b43e227d6c7931206ea38f4ee3310e6e18038bb04ccba8f4997da1bfda4d2c62d61e9da014e50e9a8a05502d6563cefa30cc4017970bbdfcfcee2cda90ae88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3559ef23794b649b6ab023d953ab328e

SHA1
e3b60308117361152552d4a4b31c8c9bdcbb9ab5

SHA256
22120f4184e5677cb0edf7f736ca918ede30ca1be8224db1086bc778faf08489

SHA512
0419f9847b17c3923d72c9729c9e7cc6640539b8dce256caeca4c294df1a64c106a5307a10498ca0ce978bc9366c5db25c5a7d5aa3465d36ecc9a2bbf0178c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
339c1853df223b1a879a05905c39c417

SHA1
12831ee077daeda237db423fd4dae706ac4ceb12

SHA256
ad23c0e52c860c0ee427b18d2a24334df0ba85373440100a1ce2bb3624220f37

SHA512
b8c07abc0435e43523cfaa5095abf87cc1fdf7cd7cb0672912f06b940ed2192701c08354e1a1846cec2ed561fcaadbbe5554b25e065aa14ff113929324bd0867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e75389d26443cf47af28d6b41c493c9f

SHA1
1b7ff36da92ce16e7eb37224db8e4e086891a538

SHA256
2f3c81497df97a7e1e33631b9cd66729d3fe12351310e6012e2b9a43dd2391cd

SHA512
c402e007f9728fb86013511d0b2bde80b4e77a879f470339f84debaa573cc69f6a6c097b07a2b64a6095ef5f45e4be84e95978c7086f1a1693ecfd942a0950c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
85061b0cacfc682dfc01d7fc334176dc

SHA1
4d087f6840103f9af7b934cf7faa8c8ad3af9bda

SHA256
10739719bfaf5b07792d609295b2a9d2eba729fac095bedf869c7e218c2ff29a

SHA512
b3a51cda505d338677d56ba36ee7dc8fb640a4e8736b821f357314ae13353e3b0cb51a19397f6dd7db0c6dbbc7479821496111e15229291bab25e9daca383864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b745f56364da36c8a3f150e78d9bb4d6

SHA1
e70810f19b16409d54d27806afb51c9871258c67

SHA256
ed17e3315e3d2f37e74a1c568a644f4c6b9f5fbcd1780cadc97ee99f0cde031c

SHA512
cab0600c07d79c4a5f8abeea651f1f8e47f0904b6005ea17f4f2497a6543429f6b8ad84b3362124dca95ea5841b7a0d42619c33a168ca51a30cf785dbf38ed29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a351610fb58d361596e07f3da479dd33

SHA1
b75859614140b6b85c74ae125043af212eb536d0

SHA256
3e03fd92f3b6e9cfbbcbe05b320d49db1397340f473761866564ff717a1601ab

SHA512
ae0b0ba83fe8f0521dd62b3836860f4acdcf4d09058bcaea6e3d8264e84534d887a26d1953e506e1c70d5ec2f90015ee04ecfc2d38c77d604a6b2d49fc1c573f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9cca504549169ac08af68903a0eb8c24

SHA1
bbbc2ed04d2f9a3eb4c0f426a87ac2feff5219fc

SHA256
f74ca6c7f27541b43ba2f9fee79eaf375cae010d15b6bfb872b166d50a8e3740

SHA512
23a66b80fb3c7248d73f468858fc7c07aaa614ec9babb71e3e6ecab9ffea943f535ca1744f37c21d670f4064982271322376cb0a5dd54c2a9f7d15f7b8544b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
adac8e01c0c73544b2b115e28982a72f

SHA1
94773b792d8938b4780c3df0fc88152d042213e4

SHA256
487e734eb47ccd53103a9160f1ca20d565abf3d93463fb21e578dfb1792e7127

SHA512
61032e5e56a188930acaf3b124573864b1591bb4bf3d1fbf01c92df88b547b4f08ba499d647a3804774ce6f3bd1b339a379f38fea0caacebaf7290a1253ba59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4145fdc8c5b78ed7855ab77665a5bf6c

SHA1
23cdcb8cdde3dba1ded1ec037f764bf64432f2a9

SHA256
b23b3dd104580834c9b504e540d40f0bf3936aa2db2818f7eb5901df5cfad9e4

SHA512
4d36f0ba241d293b2bac53fa8cd0f51982d7586da6ab458a01b793373b0c3603057b253d772b7203783fef7a3c54131a04592fe6989f16681aeb3a51900e4967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
49a5d961cf1fe8816bfbe3a70ff2039b

SHA1
55dcf0858a31747a445986767fb35e553ddcb752

SHA256
de9e3ceaba16053d8f4bd3cdd68ce51efc7120ca052cb55e12df8778309e4a24

SHA512
91b3abb75b8c4984a114a73ae9f6f000a760b51ab87381e0e3bbf37fd410e8ddfb4e07386c79466a92c196847e677aa72a0367dc285a15eba6369c0c85a3dd49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a09325c1a57512292821f0f595070504

SHA1
fe2aedb4606fc538eec10e7d3708cf16523ba7ce

SHA256
c08a3f7bb01d87b447f4996775414294bc2041e509dd40bad3c1eb200aea14d3

SHA512
236b2a404774b3c8e08d07338c15bef6eaf92983cabcd195b3fde3440acb26e071aa12a290de084d55dc6077c0505cbd1a0a74601619f352d0093d875ec028f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d5c75a523a3034cc03fe6dfc1c7345d5

SHA1
5da643dffa7876dac2471d05860fb297fefb5403

SHA256
5e51979d17a25e7aa27d1c8aa3c2abaf677fb5c14c75d020ed7ff95ddb62b189

SHA512
0b36028a293f056c21ca01c92d06891b582b92a45c611c83f7666ce56ddff3ca8de6bd6cb63e6ca767dd43a77edc45796bf7c9d1863c90d48ea3a0a26fa4c69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d0507ac0bf14267d86ab5e7d65f828aa

SHA1
2a8942162f06cbceb6ca7c76232df6a36b7246a9

SHA256
0b5f36335796ffd04fc49d78bb3eb9cf2d3fc1061f849ab92d02e84ff95b6e7c

SHA512
ea4068b4bdce9355f6dc412a538ebf285b59aa0f64d80b28f6adc388c5d0f4f4538afb3c80e8a5d3957a6f8844effcba16aa03b4c91b069920b02275822f22e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
aa6621c00e6661bb50955ca4e269a0a3

SHA1
63c6a36f5c0f57fd876df34f1c46430382009554

SHA256
e957256ea69692ee3122930a94ed50eaa405d07c0022a46fef02fbf384f2b00d

SHA512
53f06e6c0180944ed952ce16a165a9c021b2b031241e5563d38a24761c4e7c70777db2cd6d6863085b957d0f3df0a540795a88c4629dd0cc8bf31d589e37487e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9f44cc5fd963d0dcff380ed3ef54925c

SHA1
028482ade982344f4afa8c29ad759934686ae126

SHA256
e7cb775919f82c9452bb76ebee7ca3bac55a9e004ba401652ce8fad24f545c1f

SHA512
40dee77dd7b86ebca712eff56b348cb69c78d02180d433627fc93ea9ec53c82a0724c112ec22da1de635262aeb51a9505566d13efed1de4ee74307748ba2cfcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
889f10d45459371564e51dbcf9921c72

SHA1
e7e3c9cda28bffb8472f466ed86d0beb07841bf4

SHA256
a8ca8f09e7cc69709c0cdf3c6ba442b22ada59513224cadf41f560cd10193ba2

SHA512
be8c92cdb698d48544d57437c4acc049df13f5155959d3bdc1ed109f66b49996db9970a578a87658feb957053f888e32e1705ed3192524d07237170c6a2b25dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\3f4da809-fc50-466c-9087-348871a52c26\index-dir\the-real-index

Filesize
5KB

MD5
78e9b56f659c057b6b60c96d6a8429f1

SHA1
d519b1d89317b00704c00db2bea8b5072b0c6b8b

SHA256
9348c624b291dbbeb5e757e44a4f4081852462f0c2326a6c1184ccbe369f563a

SHA512
f35cabd04bb7e5554306a87250d20be327a89f2eb02ff97b92f91492de1cf3c6bd7d5d7f6b0c0f0e375aa31c1a283f8191e9df3a899355bfd9c4ca6e929d479d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\3f4da809-fc50-466c-9087-348871a52c26\index-dir\the-real-index~RFe58fb82.TMP

Filesize
48B

MD5
b418fd02c8974c312af8698f71e802fb

SHA1
b950af6f8d0442ba5d57283f4ec83b11b6c00139

SHA256
22aa438f775f1da17308a13d84157c051193d57a025d240181b6342da7d2b0b1

SHA512
99b809340aa344119bdeed738bb6d6028880752e59ade01991b25c07c7cb0390a81ec4a23af111b8911bce5993718284dcefc6597d4e70b1dcc3156393d5c471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\45b2b6f1-54c2-49a6-a6ac-a9bbe9edc0c4\index-dir\the-real-index

Filesize
72B

MD5
4bc8f1063d9d312ef919d71979dc9b43

SHA1
182a60eab6811a03ad3ee10075906698b86999c2

SHA256
9aee9ba6f306858f691bb2fcc6daee78bdc432c1cb8ce15d5bccf421deedda3b

SHA512
f76ab594188246646d4bc8696810b40f98738117bb4e0214561ec5776ea014a574b80c641fe30c62f767ffe39c3eef471dc46168c30132545d7e9c2ad8eafe3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\45b2b6f1-54c2-49a6-a6ac-a9bbe9edc0c4\index-dir\the-real-index~RFe5f3b9b.TMP

Filesize
48B

MD5
14a0cfac6c66dae81df1cc3a30a4c688

SHA1
78d1fc4f73b96a62a01c2ad20cd68fc0aa5044dd

SHA256
b335502d6715cb3ba9831fc1802e98462e7660f6573329debf7ce8c1d0311a8a

SHA512
857f1a4a54e7796a25710a80e9111316b878613f1c47d1e3ce27e936605db6e7ab074423ab2c5e9301973aba92e15463c52752c795ed4f6ca39493642bffe51b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\96dfef0b-5934-45e4-a810-f7ea525f9600\index-dir\the-real-index

Filesize
72B

MD5
6436f05a04fb627f855899c602ee707d

SHA1
59aa964b37ba32abfe87b4b464a77aefffdebbe5

SHA256
7f2bfb89e3f09a93eb771d6682032234dac87d3b906ffa398ff7c3ffe09ac07e

SHA512
0ed68b7c568c0abb9cc009da236411101ae7f091d3fedefc8c3c4d39160f8b5c3955b5d4128440d488119e7e46a88a1d5fc0df3fd7f4be6cd78905f25a0fce62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\96dfef0b-5934-45e4-a810-f7ea525f9600\index-dir\the-real-index~RFe5f409c.TMP

Filesize
48B

MD5
e470080ada9f547dea6ece62b9c08422

SHA1
6addb30c34661f0507bb4eb8ede10b5f4bb1852b

SHA256
eebd01e0d40740f48e78b304bec2152bf7bc683ae28ce9aa43741d7d6b56ff77

SHA512
4740e30cdcbbd37e4e3d82049f18b33727657d5948a744f2e7c5e7e342395158aa513cac9a705a41ecb141e9a4116d781a649311046966c068ba021cea524ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
93B

MD5
daba26ae10cb24e732f155f89408e03b

SHA1
c9da18d7cc06144d14ed39e16a0082a4d70b4bf7

SHA256
a9a54e7ce723d989eb49c5de4630b07cf5f5fe487772a6b8126f1c89f4cf6740

SHA512
5d7f4c5a8083c435a92fa24ab9d7bdd52e479560d6a5a2671866ae1a0abaecce337949087f4c4f2d6665e73a3231d7a964449a6c08d105b039c48e8954b7aba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
160B

MD5
470c892a9cb42099530ecb5bccd03c89

SHA1
7f352481fbf67396ea7e191880eb41ecb4034570

SHA256
bf84ace658b5b7cea25b4a4e14f90306e4aecf86048183c98900cff764db187c

SHA512
231a6a5cbb5c66d844323bb2e38682cef034de15ddbdd47126e8b6bef89f2f257ed60af7d00d031a911a3f8afe124b4b6084ab121d9dfb24c0dcdf9b68454271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
227B

MD5
feb182395a0cbdafae53babc23f30790

SHA1
9e4101d935b558953c118dc9ada766798842897f

SHA256
72c6d704f1aab29e3dd6281a6d1f0f09c14a64ac3d2854b215c81a0d23b2b67b

SHA512
0acb4204494651d281b3cf1313eb0050189179f95ffd4848f3e3e7b4829842dadde2bc4577baa643a8c73c48a1d306cd5299a4781d9259d38d5b4bb0bfbaf633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
89B

MD5
9db5b5b5a3d614b647e320e959f632c8

SHA1
c8ac97dac9ede2bcf3dd5943835d5c6f354049d1

SHA256
6a979440fe075672ee6578cef98b6c7555a37e18922d578e52105bd592276b6f

SHA512
a71f4e9518b1dbe10264a488d80a2dd96a3faf60a41305cb5b995bb5409083af2098df6a1669ab545569dd3c3dd08cb683e5982e304b2ffdf1ab19fd88b99758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c1eb0cde2406b6af565f825dcd492589d40ab644\index.txt

Filesize
222B

MD5
14a3293cd3ddaeadc2f5af0f3d969b17

SHA1
2401aa7e92a8c9e60bac7a9e62c546927a7756d6

SHA256
7b53ada56b8f757b6cd56110c74dd5eae4cf086419e68623ae981287cd4b7f92

SHA512
a01143f43eb8a6ea7eff39f9575f5a3bfaea224e847156ef4e014bc0c39bd65d5994cea1c17f7d83a9d2d23d431d4b1090703e4eabd9da01d7dfd93b96c1a08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
69b912f4bf17369c77a22f3b5d66f126

SHA1
b71a6e87ff68dc12eaab84ce791d070838866d7c

SHA256
e4592eb9de91850052aa8b926fd7ee2fffee04498fe89e8561ade8dc60ef7334

SHA512
43c9dddcb16f6abe0fe5d6fdcde364a6d719c28dd448b801bd5ec29ecebf0f740509da3db5d7a4586a5e70ad64d9c1c6ad0b59f43a2980e1773aec499db80271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58946b.TMP

Filesize
48B

MD5
eaef16a83cfd552ff1d88d8b8de540cc

SHA1
610a98a14dbe5c7b6f07ff6c23451976cd40d6b2

SHA256
86a3ee221d414811f8586b0a559f29f18cbe776db577e5b6c9ecaf06a73b893e

SHA512
302271e18db2199bb0ead1119c1febbd1b288e47d46dc73a7673a4c7ea45b2ae7126f565b5519c6c106139e1ef46c8badada42f9578fbb11a1c6d0a94e735848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d40e62f5abb6f1a9407dc22561a37fc5

SHA1
87cfabd1b8fc791ba46328552b15bc9b54ebc9e8

SHA256
4648022b63ed993e823b3e7ddcac87e62b089987dc66df6578ebe001b6479cdc

SHA512
3a2633b7e90cbee40ed0ed1747666d46233869394067bdb8b5f99d870a5e88cbed9f27120ebf8331b5f18a1c595f33d16cd9f6cd100c3eeab2dee7c53ac6b819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
00a920c0dd1c0ecc0cc6a0bc984ecd08

SHA1
096587f7dbb590a13acdf44b6601856f7233f840

SHA256
aff525e6fa299359456351062c3f180072e4966410307861acd7e8630f76fba7

SHA512
05f9e2cd8cd5aaf5fcb31f2ad9d7a1fa6e91e6fb0c5181591832956528db95ad9e318bf296927d84663e234ab851122806807fb02de20c4f6b43ca05a1242cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
abfe454fb1cdbb76c0288d56c54fd855

SHA1
059880f25c8b3e5674eac237cbaca0b49e3375a8

SHA256
882805a4a038f90fedd4150a8949abc4573ad3cfb2c7344b7469024cdeaa7979

SHA512
620f24289fb7d5ad5408110a6382ff86d6437569d0684c36a3caa7e2d5cad1155e8b04d146b67e78469c98231f52522c6594f4e269b33efb6c2e79b1c2906b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fc2254491d955dd2bac45f0d870f1fb3

SHA1
90fe384ac5d8af809e4bbaade81d85c51acdd489

SHA256
2e812910a4c9c6c1bff7294425880616234fd962afd6f8f295a3107e54d2e0bc

SHA512
0508b0d3b54f0724bca3000e123f7e7ec6b237569111887bb50f9702130b2d3b5eb4a0fae1f700d1f1366c89e1a2e4caf88353a327e0c09c57a55e4af0de236b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
17a509066b8affea435f4e74e3ad4b4e

SHA1
a8f541eb2c80232f241757caa2006e644eabe442

SHA256
0f6723279c373ec928cc6136911217282028a8be2349e51fa409764c7662efac

SHA512
4c88c9b08bdad69ec97ba8e97f4d1f75c2a88af32e4fc548512e809fe84bc2b8217f1acedd9fdf138f252d771c43e0f44530889395d7b05b02bebaa2ffccd74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
005e76f7ad7b97d683ccd72989df31a9

SHA1
f8849a11f1b507edcf6ce2fbdc358e19d5496723

SHA256
7dfcb1ebcd290831b395dc945ac365a79f43da6f41f8f500749adeedf28af349

SHA512
9bacaa110036abf73893fd77f32431e03b2b25b021e4c0f622c0563d01058eac8368a72ea9db99843db735c42c1641a3f39e0077165d09ffa37231fcd7226148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1ac9dc6d855fd766362631ad80cf32c8

SHA1
ebb055e18bb4dafece633e5f9b015ef1da3a67f5

SHA256
32e75782b451361081565ee1387031c979e524d97ea9559bc5314edaca52aa9c

SHA512
cb3b0b6bddc51dcb50fe4006de90f0b294f942803e6f2d173b429c5784fe23e1eb528eddf26deed21ba7283517920e09e28cee2c222804a417f33a0615da68ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
517b22a522da309dbd3b36a5e7fad66d

SHA1
9dec0f2381bdf32de4cb7d6ff9efb7b8e4d904d4

SHA256
765547ca635bab5578d28709c5bac6b1998279a4a9b97fbb893ad5d906c6a868

SHA512
f882466d86bcf01f99140072a57b55792aaf389a8905359b0166eedacf9b2e2d4923ffbe4656df63e8de69f52aa7396da0ff099595f0e4b38adf015728db33d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
53b050491ad2748bd4bd28f32532a3eb

SHA1
01ecd6ccc72bfe8f9d450edab5a16a9fcbe6b0e1

SHA256
7569a92ce80f6e1dc451455de7fcd482d157b31e44a9c4b75da20062fd6ab821

SHA512
e17c51f13a8d93602400f4c0221fee66e9c7d8a6402bab9982cfbffc7ea4298686a0a0b87a5792be4ce2ac7d1a3eb699c062d778ea1de714542d7ca83364e836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a70f1339dea35c27bcf200d97a62928e

SHA1
07b6a9e4e45ffb7f7176aa5aa7d1ec7025c42c70

SHA256
a69226590d4918f9d0332e5c0c3b3a6078199fd9267864fc0ffcbac11db0c558

SHA512
c2b8e4aad80bb4008ccf5121252f130217eb9e709c309757e843630222f7b29177ef3c60841fd06aa7d9ab8e732b02bd1db5526dc8d7d03e5441785e43cc8c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
47ff13bc0b9e897bfdca10d2f0a7c94c

SHA1
e0b019def251ef0cfbdddf1f3b7e8d4d2e3b67f1

SHA256
e8216675878caa38c924f4b27b53373161ba53b11c6c8ce90793cd85dcfb0a5f

SHA512
f8fbde6b7c6d504927dd400b52d2a353f6ff725524cb371fbb096870dfb71f012881a8e100f3992c9d7e1108622b68d12f855eef3c5f38f825c888d57568a4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fd9320bb60499303ae519160a6a468b1

SHA1
d073bb721492f4986033d159934214b42a963d7b

SHA256
5534f10998f9dee53b717dbe790d88d1c2f4c37a1189eecb446ca925f6803a34

SHA512
4fd410e54b4dff40662d17b72dd9a21e1b522703da0e931a3ca27276bd3327c48b682b40883fe42144513a51c69315a81ef4da8dddbb2904edc0b3e59d45f9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
903fcf380fb0690a70e4bd411714e085

SHA1
6b0e0cc0bdc71693c5b9f22cf8c44b251314b316

SHA256
157a7e8ce9c146cf7366bd5e368bdfda227f5e600c15b73f94d32b4845d5f98e

SHA512
81d4fb773a4363a3ce4086dcd482b2492ccf437d360a39005d5f111dee75d4ee8897b2f445487f8a43791cbc05717b9c77cc023fe51bca10077aae8315428b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3c8f2e969989a434fb92cafdaa1027b1

SHA1
f5f31affba0985d79365111dfee7fcd6569d9f28

SHA256
7dd1401bee7e4e4ec8849e2b0c556da1d5e571407c5216624e2e5b6cd5f442c0

SHA512
7181f3686d7114189e238d7313d543f8dd9026ec59a75e4b98d3fce93a5cbc4bfba6ad9003c66a3174ecdb6162189c94ecf39a1872896e2eda85834293fdcefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2bebba1c546b116d70918426230f750b

SHA1
3aa304e8957a4363b74570fbf329e9f9da6d3966

SHA256
3b18a07839f056384d050b61f34965beb1fbe41869bc19217fee8a13ec4dc13f

SHA512
d3028a033c152d734ee990790b68528c2bfa0a399393b6575b7613e356f4e0e2e806ac9f6a7491c0cf0fa16c5c1ff7e0c396b89806f48f0761b5278cbc02225a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4ff93ac2d283174bef2ebed85f20d5f

SHA1
ba994a94f742b0b81687efb29a0a550d6c55e335

SHA256
9a85e35d87236a522bb3e91cf42fb645f509902962fb9c046e38b401f8e97de5

SHA512
7953d71e3e3525a2e09dee90bf3bfa6dd7f4fbc5f1931896a345715ff5a06d1088e3fde42f4679150d7e42ab2abf69b04083a21c4e7c7ccf8a03d8a3a861c9cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7c9917860624a80ef91081539f48dbe1

SHA1
2dace4f3edf47fdc81607328e4bb52d69e7a923a

SHA256
039dd9dff023de760b753f6c376703c80472c5edcce7da14eefb08f9dbf440a0

SHA512
cfff72ba46605b945c78c910f2d2e42cef5a4e21ed7f9ff546cfba5025daacd336f99c714cb774d7ce654f8b90f492535e330d1d49c399122c4b05804a835dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ae58f226dccb37500b8ac9fe90cb2222

SHA1
3f226937506ae33a0bb8e3a916aeb98d417e86a4

SHA256
645af506f59df7d61c91a3ba9708327b1e7ca61455e06e5fed0e1acca2ac097a

SHA512
69ece717b9987debe3921e220c7f16eee533e5fcd69638cc3d760c1005f99384a9701ae826913f06518ec99df84f68f5eb676abc0a9cb5afe376812a3591eaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3d9694cf6a18bda3a282f545487d7670

SHA1
f34d67f167e31eff970d3cc45e4eedb595e1519f

SHA256
e8d586f8247a0408a8234e03cc2a7edc31f1c2cd15c1c315ab4fb54ec0645dae

SHA512
0b79ab0771b5d76a7d3e8c943512ff079f3db1f62f99cfbefe96b3119059f1666d5a5572b44ddcb1f02f38eaf3b199663bf6e27dd1780a88ecb22a29b7dd5586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
beb05f5efbb0531637d72c719921418b

SHA1
b324f0826e69e7a328d647d96d154f03d3611a6c

SHA256
da82d219935b49286ddb843ee580f94f24889cb3bbf84e9252c4046ff481dc4a

SHA512
4bc81a8255448523902b8e360a5c42571e8abc3fcbc51cfd6585ca41412061dd96bdc9adc6ec9eae7bf9318a125bf384120da4db544e8ce0ad2e67f89993e775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b092ce59736c714a3972722180cbcb21

SHA1
81946ebc8d05b2d4045fd94bc0e831f763c0c116

SHA256
1ce2fe348c27dee63a1ea9042edf50f502c076562a8f886ce920d9aa72264ba5

SHA512
21ca51c6209afd8423c6817d7f78b0b7b8f06bb15914664723c21e5e607b8b03a10286a4b76c3a709291a2a1c6a3791b1bc4e360920b5f9a54719c434d8b3324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
657455d414a4fabb5652a43a8d4fff1e

SHA1
f94d66b63759e07ec363fb8a6c58cd0464fb4b1b

SHA256
9955d55e9b0674f388577cb9e4fb8fca8f2c2612a4ebd86f942f36e04f3dcbf7

SHA512
3782e01c01b6a846f5095ac4fa7f8b3f4d037f567e00513d053be08b511f5b3e42ca2935f92f6aca381253c7d648994d0b963862b53fe83d32063887c406caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d9cb7e774395290de02cb6dc253cce26

SHA1
422bf842e6be8e9832f3a307630818ae1731bcc7

SHA256
8acb33e826b9dee24ec3a6ed27965bb65e53e44ec26a596c3714bff38dcdfa0a

SHA512
5b9fd37260d83441d3147981fafd1ff77c2cbf64d6b92b75ed580cf0f07d2017cf1e274bbd149586ac8452aa46246c08ae919d40240e6d9e3a640d659b9fe6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bacc5d24e191fcac5a32cc6cf9afc78d

SHA1
40f6d787cbbb781884f3c505dc9a8f9b7ac0b254

SHA256
85042050cc0a7adb3eb9c021227e132ed1a7c797eecba1f71a19d6f792e6a64d

SHA512
ad8197b9bd429eae1dc59aa6dd1b433f45cab686f937de3c3adabf65927368547463ac6575d3ba24351cc1da9c7a833ca45a76408952ce028345d9ebbd0a29eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
627d4a0420117120dc49753aa3ba978c

SHA1
37988f55da2bf5df8ee47495df6a432817cd1f35

SHA256
4c665f57eb60ec1b09ef86a125a981939775706d84ff99b9aa41b9cd012bf98f

SHA512
6f80b81dada04e2c572f6fa4e5607046e9b3d43bc35b67b8597d685a2f67844a99956dab66e7791ca7c819b1bdf820fd0c3381f2e71ae0f1865f3b4272e56e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
36554c276152975e50bf197189ed94dc

SHA1
e83bb97d7bf8a675f5a489ac2569cc9ee78b341e

SHA256
591a3e483026ba9240c88a8055852bb10099efbd684bead017c201e57996a38f

SHA512
f0921555354f7747bb718dfccbf8ab82898b47b10e174a9b48b58d7fc150ade0632d9c308906b3bb021b8df448c2df58de64030aff525dc41f9a6cfa9cfa7d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
48924493955936d8cff9deddd5e898ba

SHA1
86db6e430ef83688b594ee41e6b7641bcb29d21f

SHA256
69426ab21894c24fefc985dd44962015fa6b4e072c702bf15e3c0324dbd48986

SHA512
7a5e98c3194977fc985f39ecf18c1f00b76553fc0c19b75644998279a65777cd77d9b5a5d8463c3e2396796a6d70d42b8c66721bf2604c2963541dcf15bdb48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6360821ba773f30f367762de8b310261

SHA1
6ce4d9d42b4fc699b9ddc92988f3a9762fef7bdc

SHA256
89edb48a43f7fffc547335c056021457ba386a130da10dad41f434a628f5adee

SHA512
8206db9fd4dc9263a08d638e93ed08ddd528c8fcb61005ae246a2d1cecd38b10ee5c694f8970611f3d4d2f08be3393adaed9201ec9e537f67e7fea1e40e20998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7eb2c543366ce7d12dd7d736dc9f3e46

SHA1
e332ec05d0da9d28d66a53f3253100f9e58951ac

SHA256
6dbc0a6345f71bd2c46fae7b65f546dd08463dcb0313e2a6baf155cf4c7b0e28

SHA512
7133260df19c53caa71cfdefab1e86c560f0394b46368e1eb46f264dc2642fb934a27b42d0621c85b27865edaa17f4e1f14346e1f76a3f05d3cd52bb8998c956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dbd35b6b52303e013bff75defd780c71

SHA1
d1c6081839e85f7802a06083e64fa1c21f8a0d4a

SHA256
3351e26c7962c3e6373a948af17ebf066274b4d59b50b892a90d9279255280e5

SHA512
75a85c625b17b498433d727781a6fd58506a7e8a9278712b8d0f70c71c2dacd869cd830445e08a43c335ae23b1969c662209e937ac2942421c1238b1cd321a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7f28dcc64a845645d1917b5986d5a70f

SHA1
06c8b9fe9b13e63ceed83492c7a9c521f963d0f3

SHA256
cf9e4486ec5db51a603c1d328f8f478d8a3a3fc1a28d3e66c4296aebc89c5853

SHA512
db556cf3e2b021f350391977a741eefd166634347c3e61d87daa70cc5aac84204c3a3e122c6a938067dab12b1734464544220adfe0b3fffbfcd47b6561233a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
139f25922dc73f84b802efb52d77f710

SHA1
7ad68ab62e65f8216f9e5583d81639fc1edbea0b

SHA256
829bd07d917349ab3b42fa010c7080d77f98345c2768931b4d087ff0f9daefcb

SHA512
d676723a36a832c7f021140deb51bdaa4f6aa6197079299bc613e75d8d28e93eca7811331c7f11da62be0abe021bbe0b6aac2abe148893c1c77a35b79da4ea8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579c30.TMP

Filesize
1KB

MD5
830d88b1e418f00b04c50218020a2fe2

SHA1
8bcf6d21cb631e247ac9fc3901261e24a85475cc

SHA256
27ff6919606386a142b103c671126b9ccebf19276358f3746e94e480a5c3fe7a

SHA512
5c87a87d301392454d407ae7f063c9344038c0a7c349589aa329545ead98cca4fa1b3c47ad96f9c6448ecc2d58f55b003d4eda3cbca3181035242f502208bfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
73c7cb5146e0def2c68ca471778beefd

SHA1
ce26203939ca429e62f16490d3de458b66d79936

SHA256
4cf52c52ee79a8978f2271269956da74cad5735d78e784e98a53ba14c5bdc450

SHA512
73349cdfe5294c63d01769b3f4b8db3998f80fa0ff35336460d125dc622b7b5e99277eac25e404913423ffb443362d1ccee1507f65c2955c82feac7c53132503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
583ae32ec3d6ac394b44cedb01b51461

SHA1
d2015230acbed503f71d05deb6da1a732e2293fd

SHA256
42b61a5f32299266129cbe5916dcc979e152ff957886e3f8dc505358a8aeef96

SHA512
f66ab133fa79097a07b09ea3a5e2a9f85a031bdabb784093b6582c941a9edcdb58444d193fa63c59acb96fe5b5a5630c0d10f98eb5252fd73afb5ac05dc868fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e7ed15c4e2dcd586fddf8672d9114b8

SHA1
bb81454091e27dc155d0fc3e0bdd4b68f112da54

SHA256
95251edb1b41888e8755f407a182edec25f1c9eed14d50872f2720c8d344f76d

SHA512
ed086d40898e66dd2ca318551ca626524ae2c0ee542a359e778c9da708213a953fa10b9aea438e2ad8678df020d800a753b4ddf090cef13404ee3fe6d5a9eba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3ad8bfbba0573a736bd1cf59f3922d28

SHA1
dd093112f01e28491a00cf422b8bb3108949b966

SHA256
39bf46731fa9810f46af948f0db2aa23df5885ebd819c35f430aba6506b81f93

SHA512
0289e4e48d3a21ea0c14aa3d88b6cef2d7a0817030aa4fe0c85ddcc2208b8c70cbc6b46ebbf566f91067e214a104dde695f9f9cb0406cd3680d3a5c6765478f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
00ab2c00d572a21e6bef79ad59e1ec0a

SHA1
cfe469d9c0ac54a5d7b0bf4ba23cccc1e9b0c8d7

SHA256
456cfa89d4e8e411e1a2a97769e3370746f30c7908e4fd20aa560d70b5783749

SHA512
b73c0e4cb59cea98f7ceb95ac233e5b461c757d583468bc52103edf90587d0e689473847ddf612c35cc8bc816b4125a47e315527a41ccaa005fcd212e5fbdd28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0f01cc0a27e3ddf8ba512cf84c245f7b

SHA1
e8d66b506183969e8a94a70016ad1a2e9b222196

SHA256
da12100cd592999b88d5ea358c3a75ca3d4492f6bd902ebd14c875c67c5c0bef

SHA512
783a57ee3b560aba6022e1410bec76e44bf5aab1d0baefe253841addcd7aef0a5895340d4b9b3b3ec6026fa7b44a94533f4648f81ba8248fa3ab90b68edf3f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a9ccda9773d4fcce5dc3e53d7856a118

SHA1
b4eeb4d5e49f1973731641322621c8812fcc1ae2

SHA256
67f00720f8f05f2525fb7faebe1aae453e4ca40be40aea3984cf3ab2c1726026

SHA512
67a4b8a582fe40697e0a6aff55a1f63da35fa3fefb440057c5cd78f926aa208e8dfcf3f538ecb575c92511a92f95e842ece88cdce6965d3d003b915b9ed81929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d79f0c3f-b55e-4035-945f-f578fb241213.tmp

Filesize
11KB

MD5
91e738640ad745e1d1672fe2cc66d33d

SHA1
78f4a67bfbf63b521e15f8e9e49572156106b5f7

SHA256
ecda916ca023ac0e854bbf75e502a165fe3482fb5916a8bdb6df40db1932ff78

SHA512
2ebcb01155cb0fd3a50fead1eecd5f2c9e543fe6fbb09cced45c0fa048c81e8aa05ac89fffe32711d28563f7e35f15972a6553fa2a0c44d7974ae70f1a823aa9

Download Submit