hxxps://www[.]google[.]com/search?q=robux&rlz=1CAXXPU_enUS1070&oq=robux&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzgyN2owajeoAgCwAgA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

Analysis

max time kernel
1361s
max time network
1364s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
26-03-2024 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=robux&rlz=1CAXXPU_enUS1070&oq=robux&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzgyN2owajeoAgCwAgA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{E269C972-ACF8-40FB-A4C8-7AEE293B5567}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{F6579D55-6C77-4F0B-89DF-14BDBBE6568B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1308	msedge.exe
1308	msedge.exe
3544	msedge.exe
3544	msedge.exe
1664	identity_helper.exe
1664	identity_helper.exe
4888	msedge.exe
4888	msedge.exe
5600	msedge.exe
5600	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5932	msedge.exe
5972	msedge.exe
5972	msedge.exe
4940	msedge.exe
4940	msedge.exe
3380	msedge.exe
3380	msedge.exe
5964	identity_helper.exe
5964	identity_helper.exe
2788	msedge.exe
2788	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3164	firefox.exe
Token: SeDebugPrivilege	3164	firefox.exe
Token: 33	5740	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5740	AUDIODG.EXE
Token: SeDebugPrivilege	3164	firefox.exe
Token: SeDebugPrivilege	3164	firefox.exe
Token: SeDebugPrivilege	3164	firefox.exe
Token: SeDebugPrivilege	3164	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
3164	firefox.exe
3164	firefox.exe
3164	firefox.exe
3164	firefox.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3164	firefox.exe
3164	firefox.exe
3164	firefox.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3164	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3472 wrote to memory of 3164	3472	firefox.exe	78
PID 3164 wrote to memory of 1912	3164	firefox.exe	79
PID 3164 wrote to memory of 1912	3164	firefox.exe	79
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 4620	3164	firefox.exe	80
PID 3164 wrote to memory of 1388	3164	firefox.exe	81
PID 3164 wrote to memory of 1388	3164	firefox.exe	81
PID 3164 wrote to memory of 1388	3164	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.google.com/search?q=robux&rlz=1CAXXPU_enUS1070&oq=robux&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzgyN2owajeoAgCwAgA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on"
1⤵
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.google.com/search?q=robux&rlz=1CAXXPU_enUS1070&oq=robux&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBBzgyN2owajeoAgCwAgA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.0.888104183\798438498" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1a3317e-3903-4a65-bcfd-1374f939daf1} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 1904 29f2f4e0a58 gpu
    3⤵
    PID:1912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.1.1859058453\859115566" -parentBuildID 20221007134813 -prefsHandle 2236 -prefMapHandle 2224 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {859ca561-c81e-4722-a493-cb5c99fdcf85} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2264 29f2efe8e58 socket
    3⤵
    - Checks processor information in registry
    PID:4620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.2.1210216964\714114698" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 2984 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {865e6ec9-1424-40c6-9424-c6bfe36360f2} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 3068 29f2f465458 tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.3.809638173\247496563" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcf103de-12f7-4152-99ab-df72e199831b} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 3548 29f23171e58 tab
    3⤵
    PID:1192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.4.282473757\568340342" -childID 3 -isForBrowser -prefsHandle 4796 -prefMapHandle 4852 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36a8eee6-1e9a-422b-8d1c-948845057e27} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4820 29f366f1558 tab
    3⤵
    PID:4072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.5.1125336198\1331702601" -childID 4 -isForBrowser -prefsHandle 4988 -prefMapHandle 4992 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ed4c777-9c16-428d-b7f8-d08c4e9f3eb1} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4980 29f366f1b58 tab
    3⤵
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.6.740561342\1006169344" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1036 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383eab2a-5e7d-4fcc-b78b-64109123f571} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 5180 29f366f0658 tab
    3⤵
    PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa3e93cb8,0x7fffa3e93cc8,0x7fffa3e93cd8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,12043808362629862141,11431097122238871699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5740

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000046C 0x00000000000004F0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa3e93cb8,0x7fffa3e93cc8,0x7fffa3e93cd8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3972 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6544 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10453493453557336634,14330533732881762198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
07b960942947617abb521fc19f75888f

SHA1
76b1bf27ab21f8055c8b3d29d2e49a5dbd102f8d

SHA256
5c9c466d9723f2a1b95888496a48918cfbf92e75ed9482438619faa9832fb57a

SHA512
7fd342dbb5d9b103dde8fbbeaced69f70b1eeb6768fdc58a22149ee85c851a2273c93f5e2bfb31c5c871aee778ffc5e544e577621145e9c8964b4a9906895c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62668f9e6eda14c361a71620913f82fa

SHA1
4b7e8ad6d521d497527dc00244ee158f9bf71545

SHA256
542fb21c5e4124d96fc3b1e74e2da699a9c049a650b6e671cdf5b2704bd65027

SHA512
9ecd4c71d4eac0bd3744fa879733550909585b70a50d0f22b6ec42fe3f867502eec780a238b36aa02dbb2e020af3c6684db63681409d74c660e498ac8bb00d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d35d5925ca649963e889dbe85855ad42

SHA1
4f688adbd66756fc0d526831765672027f6d69ec

SHA256
5608349723536d90cca132976d981ef1e856ac13039b0ed8ce4124dac700a9c5

SHA512
2c2b479905b8d0b88beef0498406b3ea832ee8591722b653f673f30e8fb7d06731afe0b11452563c63378a6cfb827ef2609b16e29c5ae95b94d41f4de79ef296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0100ae7f6c1780d16568efb39e988e02

SHA1
b6a7ad1a6a343f883e65ea1db0d5eaff98f1ddf2

SHA256
eb66571124def41f62b90cc2f7a87af5fe8c65757285c792a81f839807beb13e

SHA512
63a87e859a9e2855325765b484f98c76f4df5017c390f1c5cd91fd982055b4e655e49e2c46e2605a15e87986c2afb278149698440f52bd767f38cec3655c161b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
1ce3f0dfe4e003d6cc7416b0961fd3c8

SHA1
0945c49b435c58d318030dcbdae506111c85781f

SHA256
c038528eb7a21f0d2890fed4750ea3270edcf6d9685a53b23df917debb46dad4

SHA512
ac29a0b26add7aaf7d5b3e79dff008b1af29251b468634d68e5c96a6bfdd8916288b6c86d531fafb35f0673d717c02419a34d9cd52f9b35dd438bb52db700f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
3b3fc0558f8ee1dcef9ce2de62499d7f

SHA1
a8013e106ae3fa4b526e690dc02914ba6d7f96a0

SHA256
6284da40a7dbda6d7e55960a8511b8f70e9056c1dfe4130a002afeaaa5134032

SHA512
a19ae6471831cfce18915d553c2e01cbc0cafca7ad943a4bcbfe7a99bdb07ed44a39c8b33ebc3ce1504f403acb193fa59229ccfe701e9a31ffc4d6c16a3cc5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5

Filesize
46KB

MD5
338a1695b33753932c528cd171aa7381

SHA1
2ba3fcca33f92e78d66b94db9ba619124763fda3

SHA256
61c7793412971be067db1603a6c5c0590e3bc1763bde7864f447d9c36e54a833

SHA512
2beb77dc52fd301106441072d5504b9973c1f7e82f6b663263d0aed6f28c02a4839754f47de571b40f2138c00246cf36a794a83a5b1aec4a7cfe8289cdc8c437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e6

Filesize
3.2MB

MD5
aae78b770d9dbda1353445a3d7579040

SHA1
7cc1f0602c6429e78c8b72353a9a7c7792a0eb71

SHA256
1c99cb2de5782b64d235fccd175543f466dcd680543535bada961168926c5192

SHA512
75992ca16ee4b825a1f5de71f97aac946e3a2831dddebfd85553152afc54971514537dff38f2524db30dd2faa820e99edcddb9a220855979049e4dfb65b5a847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
cc4139ad379d7751037d3120f96e01be

SHA1
2979f22fa3e457e0eceaab8121dad6c2c55f87cd

SHA256
8d09a15f1dc84e9714d1f753755cd284c9b05c9eb4b3139cd423181ee2e2c127

SHA512
2366d218c810e19dbcbc7a52fbdc67368b793fe4c783617b5c0088affbad5f30643c677f01a490be7a793fd5dbe43752f713df8084a2f0bd68369f1546c0dd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d136c103b94504527fe9356091061aa4

SHA1
5caae8b64c3b0e2f2ef491a68c718cc0ce556c42

SHA256
7c035c7c68ef5bb0b6ca76ff288d72dd7975690526065306e05382e67073d6a9

SHA512
83333431ba2cf24dde3332c6de6a5182a70ba48144abfc323b80657cf6581510f2ab098f3be9f3410c25b661daec2191894b303880664ec903ae6ec9b60dd9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
483420e675789caa24fa03d901ea1c22

SHA1
21ad12e0dc6f05073d7716e49e50d8f35bcb7265

SHA256
637798c04b6aff9ae0e000f2a98ca40fa6bcf37c5aab5a473ae1bc731f8ad0ad

SHA512
d58b3faf54ebc615d2b790c56563e7212cea1a911573f5eca026182db89626084b42c41b0ed6f7222fcd2ce26fcc3d0de749dae6212dfab6e0b51d9717147a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cdc8f5796bc2aefef093048310b1f1a8

SHA1
cfc9e4b5927269ccaf14400c6e2f5f1aea6a16c7

SHA256
75c06c8b6ef71e048b516f956785a3cc05344fd5cbd753e737635bea26d004e9

SHA512
1158703aa934985d820b7843b96cd16ed5aea9852ffaaf18187c3c25e348f539ba8cfabcd583a0da5cc132080f9a57e48be707db6cf20a67ccfc52bf81524e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
00d3aa72d6a9a63674798cda7e759f60

SHA1
7986d7283c4fc0e0cd5ef49188f1e0762f345d63

SHA256
dcb7175b9c9af553dd0b9b1330776f2d65994a8dcb9de2b162e91d7360eb55c1

SHA512
b5d7bfc2b5d45bd91d0eeb8c5a84c54600e39898b234a5e3436b6057953a2c73e59ef84988aff5c082f56b79feaddb2e9ca04fa08549603f06276c04ef8329e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6c5f1c65465c299e2d4a8f70b326db6e

SHA1
e7f122a4a1e60ad02e16aa29fd5d5a1edecc22ab

SHA256
b7c78f9e5d01a05041c344ed43d48bb65ebcc895a9a5e4dc2a2f79a55e0a757c

SHA512
7b97cfb0bf7e4e1fbfe3925b3d93220c4a3332f0b1b9b0a6e9c92186172932717bbdd0fefb6947a5ba78cfbe0d01994cf2c4e705ee72860bb61bf7ff519ff679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
e05c62cb93177cfd622214f74c1925bb

SHA1
80cf2e8104749332ac9a884081e5f5481aa3c6b1

SHA256
b7b0b66e000a6dc25ac2aaf0ee9be29c2169196ebb96bbd5650e03510c12ccc7

SHA512
7bc986083637821b16dfc3e3676bcaf82f035ac52e2aaac086ed2c7b4f384c89619b0900c5364ea2c346a8df06f45500c1dae4dce1178a8d8fa89dc8492447ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
482a82bf09e860fec7039d40cbd8b50a

SHA1
347f8aeb87a5cef68f772f955e9e76363bcef15e

SHA256
1d9bcee02b1899216c37046299869e6a8d0dee5f0251bd5bb4b673d93c97d54f

SHA512
0e82dade49ef4f9b104e93b0e944715471f77db143a06ea1676d4972e2388581c5ca1370323e4f144f438d25ba0d3ed68f6626f03007530ef7627052478da463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
89d3b6339ca1e2790819fcbeda2a4eb4

SHA1
d30b7f2c37971d67f0d1429e064d8df14a6842a5

SHA256
8a48cab7e696df713b53b75611eff4d4d6633f0c89f0a4d4a2d6411c788cc654

SHA512
85e0962ae96a89a897d55fb0998850c988d9150488396bc7b0b68c8637633e557054c5218b34f70d13c695b758b859db9df6e4858220bceda29191cc7589d909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
64c3a99d5e2ffcdb0f759fb891aca3f9

SHA1
bee692c2d56d2c18d4050b6126ab700f248ca75b

SHA256
f0f7db813a46eb696c4694b0f22abc07d0dbd1281e16ea355707f4e552570397

SHA512
0b582677fd06e56ec43d34959db85349127449c5e9235d9bf15360dc52bfbfa9ad1177857c448ebc81798fc7abedf3055fdf318fc134c4f31edad67b7d0a0324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c6d4f46433f92f1545871e8a951d1840

SHA1
42de6876362dbd1a37b1253593532f0b5ec30e20

SHA256
39ebdf61b930ca9e8ade8d4786591c66bb3d7f8a6743768fa6e1b1f0f524c6d9

SHA512
45b52eb757b188392be2d3487b5fc1a7f40179b1e8dbf1fe43b0e89989a3fb151deab4f17404e8e156d2dcbfb1b2323591b5d6d766d8ddeebb4bbed9a8b7ac9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
f866df5062dff5356e80ca164c9deaf6

SHA1
d68aaabbf6e74ece87c95bc734eda09808af9201

SHA256
be688c2f641b2a1a4fa99e8325c0eb609b54b63d3673b722478fd6a2e9415cb0

SHA512
7086ce709bb9db3fa59924413e3ee3d196e46668d5e5d3bd9dbfa28c372c547e6b750ad1b41e410e6af846fecd76bb59e13aeef470579a3de4107726d59e9871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
be3224a98de78702c8dc922a32062491

SHA1
d54e1ca98e40162371be4bbdc77b474bacb6ad1b

SHA256
fcfadde665553cd0e57dbed5044c347b87fb4095c77434465eb54a2c6211851d

SHA512
64b9d825929f5cd5fabc2223b279db0bddaa35512b92c164d77f78aa048054f155d807e4ad5e38e3b4ae83a385069c60be2b28f7b4fedcd27f7990f9a8c49513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.twitch.tv_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
0302b400fb7c2c612e7a11761da24e94

SHA1
348de73127f77231800533876decd5b3afcc6473

SHA256
5acf223a4131ac48a9761b2beae2195f3986828d427e56e61b76a7cfd21faaa6

SHA512
5035c95b531f4487f12d643218c02fe565cefa5d88f6d1d160c8a71d7887fb555d3fe76c3c091575aeaca0659374156a34c5ab4bfdd41e5cc73a849f915e12d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
10deb167e761dbe5444eee3b2082f16b

SHA1
7edf4fae5707a86809b9f9c5339b72f4dcb947c0

SHA256
8e402ade08f0a71ed73c01d41a726cb1eb2b9c932a65587cb06bbeb37529f9e4

SHA512
244795b97ae16fabaf49054d06156120f209da1ef24d4cb73ad582591088f76b967322ec04c12579b3211d353165c9a8cfaa655ba3708efea1bf9e03ce14e749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Media History

Filesize
76KB

MD5
50e5e8ec36d4cc22dbf2fb69917f1ef6

SHA1
a1543735f665bd567d6797e3edc0446947cbf087

SHA256
8f3059609a666663327c247dad835ae232abac305494cb05cad4b45d58556816

SHA512
2d64c3f253ced05742455374c64205ffd6abfb59b9e79214f089a360acf59dd7e967a37da46396f9e7956f8fa3a79be153b952dcee113776176892fac9ed4ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
44f2c4bcbf7a0a9a101d09d806587322

SHA1
92f611fa4854f1962df68a70765f03f09b5fcab2

SHA256
a9eb342bfe36e7bb40055df74401b5502a3a44e93c0c483d2a37dd97046727c2

SHA512
87926fd2a2a7e3b0388825c597a72a498b53ebcabd8c7ffc0afb9ec26c47c2023b8cb22e05ddd3049612d0816db74e09ac5cdae5e67f77e36b2c85321f289f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ef5c03f0be669cc6d8c5897ef33a84ae

SHA1
6a45de7d9780ad77a8ed30b181d5e3c85182c7ef

SHA256
3dd03003d7193af37cc4998c0c848ac2c8c2dbe6db8854f925e9facecb0b3efb

SHA512
c4620ca2c4876c49bca536f885a1896c984f75707f2e746beb55eb301299e0cba29bfc07ca7e0bf27cef1018dffab260ff4ca20bd5dc65c229b3540eec0aefd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
37e93d8bc0c10794973a3f87bfb48920

SHA1
dc84b1770e0d77a8a3c06e266939ef8056c61fbc

SHA256
561b378bab5838b5c865a4fa612ef70c680c3dfb3ae34b769d1c522e1b8fd9d3

SHA512
b9e1267e3378ffb20f1ba55f7cb474db2a468c0048fb313b30244414f234d91041f95dabb0638f05ae9832e783386517ed45a129a96118493c948599d158dce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b6acf6af485a7ee218864bd3619db644

SHA1
5d14e9b87ad57c380fc38eca6654ecb2d40efc83

SHA256
9660c1d7748106bb53419d4da21e01e09446c9bf7465e6fc4a7b30af1ef84f64

SHA512
ddd4377d0cfa39154ff3d4df03be8e43c7b5bda8f2882df18858d652813674942acb26be01f69a13102901023629044843f02ff3ac797f52a6627c6dc96f542b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f7d1b4e0b94bf384aa12deea3e37a90f

SHA1
f045f7c0ee6f93f40c158d212f6c1ab6f0f89f63

SHA256
106643419bd37105659cb476bdf46bc382784d6d203300f93f471cecfaaba41f

SHA512
411d8257df048b707cdf016306f98de026bc1b1189911244d9e344199f2c75b1cfe8cb9047656daba2546e231a25728e183019ad103c26c58468c0f82abc58c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8dbf3a64b2eeed2c6d27014d889f5147

SHA1
a230db29be79bee6ec63e746be411c3f8593a4d9

SHA256
d152689646d850feb0521a9870984250dbd3d076778363864d86ccb3559a9bdc

SHA512
524abf82898c58b3a49440260a9457ad7ed3c17762e99602e787bc7261117f725fee16c8e783a2547953f0fa37c7065892a9e0447cc8f32e2980cdc5a70ce750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55647daf1aaab3d9e18d1aac32b8393f

SHA1
a75dd2463e6ff262650373419c9a4d02a9a5cdbe

SHA256
0312363b8314fdf2f499f3741e90cf12b246cad9451c269897eeb3fd22534d0a

SHA512
7a04824a0f4595ec8a9c36731cc08c6aa369abeeea83976f6a86bfee0e960eab624dc47de546b0a9e2f1fe6b4a084bdb78828717112ecde4de8e9207f4637b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8ca15aba0950d14b832c90f6b29fc27

SHA1
1fab486154c06efc655ba2453f209e37ea3146b6

SHA256
538721ced8c897c317988f256475ea596b7023b2b774454e90465c0a3dd88a72

SHA512
847e5ace8bfa4d34a482814750c9ee7f6746d6ef5dc027ca7dc66e2f14a62df558aeaef1e6c6e7806e251d652693acab4701bcf1229ac908bf5752713b2f56a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce3b3d940c6af3c01829b0fba4267595

SHA1
6e708be98c7c6965178c4cbafaaf613290d4515f

SHA256
69e1595d6d98da68d5f51b59612394757400bbf83a0f2a5c480c3f7ea7e3cd1e

SHA512
b3cc740c61ec4ba4698361753a7b84b0b8dd008bab134ad59715f35ac0cec5f8d71005c605790c1868328f2ce9cd8fb0bb49e41c00928a60a2465c02471dd2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26dc26c5d30db35862de705dedc30cd0

SHA1
300460de7e3ecf832734478d20557e8867b61668

SHA256
264b89d054616db83588d0468d1b8a0434e22d28dd5f1cf4e1a7a917f0523120

SHA512
7cc4ee788e0f5a92f5f9844585cb89dc2b9e840ebb02ce7336e568b0abdfe1e19f57894edd2273f43d7e16c64cb9b7cc7eafc2f43fce30705656be6ffc3fba07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bb472473ed8f78350628618ce773ea24

SHA1
33d8b4102655de2479ea96081afaa278dd49e1f8

SHA256
4dc949eb0f25462407ed2e82e2c1fd06936a6aed8ac7ea78590b875d65dc5d44

SHA512
0c023a2f3ad464e244cea86b40cc1c18680fd57c7662e533063447feab47ccdc3b1623b71bd38791c3e2316d721598309da7b17cdf90893687c6fef0f09fd548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fd893c3f7d86edbc3e49c8803e42afa

SHA1
cf44a08d6ea9a6e397e7cc50331eb0fafc0bbe81

SHA256
0bd142298a4039a76b8ab156981f107885795e3e8736022d0ff1146d485a8ac5

SHA512
659490824917c4bf6e23af1379296c8e0ebe853ab7e13d30151149be4a48de865851b5ce3e17e7f49212e19e42273b4113bbfc11df2914535b9bcca7e1c45e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
09767ebb6591ded6e567cfe09b0eb682

SHA1
aacec06d85ba29f648b46a3df8382aef40382be5

SHA256
0f44347c7cd17d4eb0055e80725117f2922eea99c33fbf7e28b9a165116a69c8

SHA512
314489ddfa10b03c1ac3faf03a691d99d7acdab3245180c7dafeb00dd683e777feadab3bb1ff2c4676ab4c87cbae040299af3a5d6cf806e48510cf1c67e91e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9369e25d568b16d81d8074214def20d3

SHA1
6b18eed5fab9de8ab0e5695858d7352be0f022dd

SHA256
de58a00ba131442acef32257612782e4af0acdbc322039d12ee5fb28d13e6244

SHA512
7824b1327cfc30b35cae602c4080d4c412267d8f8386bb58dbc8d292551dc08898b4470f5fba7e225b617c8598dde086badc3e955abd975cd0be2797b1926a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
420bcf931c2264e5c62943c97ff5a19a

SHA1
de93b2ed0d0df50569d0af9c69eb22e8936b92bc

SHA256
b14a06240c549b4761b3f33bbf0c60f560b6146acf189c570775c7c036bd027e

SHA512
56df881232fd9de3a738e191504036e357f3d15af3e4a73911641a89a60bd8987ea708e6fb5bafeb835d4cbbccf9b41859b8eabe975bed7f796f8f0d1ee64d82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db0877b6305cd2305f98f21e28a90909

SHA1
d2ebee5c8a7200be04ba9ef881afa4ff8cb44925

SHA256
160ece561ef9b6d5d82e860c65ca6cf4768e7ed50db8b3295c2613c68c0cff15

SHA512
5565886d08174e91db416059f24804726831707e8559994b6b9d6b0f78ad145f4b27b38735abe5068f3730b94134b5b438cfd0338f9641a7cef5c383d5fdc162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f7f43195d4105d0512a426e3964be08

SHA1
c9e00e95eae843646fd5d162dc833d96a692e9e9

SHA256
fd62ed25bf413021bac5bdadbe2a7e2967c87054b9c7424028cc93c4982cfefa

SHA512
85b6983475b821a2d80480953d7f9be3b58914763d04b0efebfd0b45be190693a147c1bb26a14a42560ea0a108aa1a204564180084f325fea59fa6eca82b34ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
691B

MD5
dfb7806e3a64f0a4d08301d2c6d7d928

SHA1
8b6494ef5613cbdc43df98eb7b02686c277ffe21

SHA256
7b66e26e800d27bdfda10c14fd3f152a7e23d87f406f4cee40b8c5928eecde06

SHA512
23c9def6d0696547a1e2bcd46a87cb7630153e958ff5484d6b3f48b59c30915dcf2f728a27385e9f34007870cadb0d838e31ac79535b5a3b96e939e16fc8005f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
2bb7ba8b5acd583e737d70719aa6d51c

SHA1
4f9724b708f0602ce70e1c87156e7a6319619171

SHA256
e0a7f399af6dc27516e49b0a57cd591ab624dbca33ead513c285e006f423e99b

SHA512
5eef12946eb016da79c00cae141f713420b64d4f6e37c52500e50e7e035bf11624f02cb643bacb0c0ae6ecb72cc0a627a38bf9cf88c8beab4964fad4132ad7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
306ce64ef0130ca58c019e817381b34e

SHA1
fcf891027136db9b8d035597e92a10c628a32b55

SHA256
2add488df12b6c77db5d1a43ac2ca935d444642eb431788276701b06f601cf56

SHA512
a14444815e4358b89d56e4551ca628dad9e71f48c513a7bf3e5c000a9b476c5cce58641d6d47f048087019229b739a0168ab8ccfa892ac018b4aef949bf64be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585714.TMP

Filesize
48B

MD5
d3bf17e5a1cfecc85fc3d367436fbdba

SHA1
a078886a3065106d476b76269ba5ab983c8b1143

SHA256
dde1d5c1f3a449e9fe6e5674a81ba4fa827d4a80bc9eda1301a0873d31f551c6

SHA512
94406e2ddb0490768761ddb2ddc9ba0afeeef85e8b2459c64c3f8655a641d7e7cffb722f5ce18521faef0ed21cde3b86a06faa079945091a3918637661f6fd25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
46e60fbc2e8fd146155bf5fc4636697e

SHA1
c2157831b7267c6d47b856596ad38f62d8feb246

SHA256
683b5b4e3370af72c324c2c2a425218db60d7eee55bb5d2911af25bec876e461

SHA512
322421d02b6b43576940c81ca4ce179faed253ed99d14aeac28c3aeb05b89d8a0f3360be04051889cf2785789fbf1b587c8471a3f96549f03cc627dae8e32b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7355f38006d2417d3892e7e070017f5b

SHA1
c303cfc0cae60f8ef449b299cab628878ee6696d

SHA256
7d0c8311b6c095450c1a84259df0f3cf2273555115a5aa1249483c2a41c4bea9

SHA512
487ba611be3f3910a07cad7d593b4dd547b841da401cef54808fc519714a455d7547bd7f174bee00052ceaa28cac7ce677558644afab9d373d773c1c7ad00b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13355931196311668

Filesize
10KB

MD5
ff9e155c82ef076db7070fbaabf72444

SHA1
018d0228f6b20d60a2a5aa8e8877c89dc5849216

SHA256
c99a0385aa42713ce30995193f69b2e20e677db18d69bb555796e86488155eed

SHA512
d190c0796bdcdb79dfa4610cf6b5cea9fa62763eab4abbd7327222865c339027463aeb53dcf3e1e0d3377d24d7ff3ed6db45509359e421e33a2205e6ab1f38b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
187B

MD5
b58474e504066390da050dfe38d356d9

SHA1
e571978f86024d0212bec40e7e44b8d6ac3e2637

SHA256
5e1ff6f0d2defc0351e2d745b6132bffd4d466f845aa63fbc43171526665d1f1

SHA512
337a4ea8d04b3f31e976ba9f41779fd73232b2bd972d8ff9138162fceefcaf5e96d78f80eae9c762e20ad5c4b9a21303b4231e410fa439f58a482f1297e7c7b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
ea7bea915b58b21e9c6a5e5aa57fa9d7

SHA1
e9ca8b616edaa5a0a9145a4542911b0b8718aa77

SHA256
7f71c01aa1de433b4a045952a8859c0b16f9580d0102d09e38d95a3b40e3c322

SHA512
77a4bcb6898246799385768ffe41a73c895cdf6479ceff78bf2b0d17096c8a93f08ebc666b37c47bd0ee5596b5c49e177286c0d2f28bde1c323ed10ca1ee5326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a39ed141d542379a8f47976734d26c43

SHA1
cf6059061050df3fd4625abbecdf8e1dc4e97726

SHA256
baa846a70f2519fcaa1fa80529ca13d95bcd16a95e39d278a4bd7a6e623c3d27

SHA512
b725f3ef6202636ffbe369dddd6d7759c93193812928e6e3667780d2e5ee96b5a3ac4e82c103d5a43eeac8e09adc15e41a83437774e98f52d9ef16cd6d1d34ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5dc6625215e309ddda1aeb9575bccf10

SHA1
52ac126ca2166ab0626988239b306caf2e206d20

SHA256
68aa3bd74f0bc2a9b031d693cfeb56d4a6dc585d5b6e44ea215aa45bb9f76ce4

SHA512
871672e15b146234840d43a10a34503508c762ca2b2ebb29792483eac2d817f7f85c683ed6d5b0379880cf53972fb7afd5f8f22f74826fe725336258b87167c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72494303b72797c14625e3b54248f8f2

SHA1
f6ea7c3c72c46c6b6a62a9d2b3633076116e31db

SHA256
226319e1953e867b8989eb557f83a6e397a6842c5bd65c46a102decd7e1fcff0

SHA512
0ae4e60fcad32c86b49b7dc294b2f6db434e81f24c929c79a7007a519bd6eb94cc5f3bf09e7e3983e7748f5870f36d4455449275a93dfb50f848ae5fa1cf2a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2887a073baa455a5aac77671a7b24c8b

SHA1
885a4cc3ce8e1d7d73fc9d6fb9307667a2bbe877

SHA256
095337eae5a1cf9185ac7f0e2b1a7e8c217eea760959ad854af0dce9d02c7d0e

SHA512
5f1f7b6a71656ce4537f034aed07192aa868386fba442430b219334efeaea574abaa03e813e30380cbf22c04677a76bf78fa0e5eda8d13e59fca3119277f27e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66afbd225c65bdbb49601340b2cbe6d3

SHA1
95b436355733ffd7cbe704a5caf77e8b19a30184

SHA256
cb0922d21bf84e3f13e63b9ccd59294e6e0b9503de6e2d207a760b3b242d23bf

SHA512
673506e0a8664338b01b8728eb692422dd0b20ce9a55d2858396f35e2eacd05dbe4f3d63911196e92ce81499d6fb1a5b7f155447bc4e47ffd3f19a13ec0c73e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
879a1aac22e362a8794557b8650260d9

SHA1
580656298563a66e67ad4e85ac22cd4de03d2228

SHA256
2a640d9f4c725f154a6635d193ff801e39635075123b2731b9ea583d5c920b78

SHA512
39bf093710ce51e9beeaf8d087907e3be7cd3fd79d377a31b637459cc5234f1e01be897c88393ced133c72865cba18cf92c00b50b75af66d66018d40c2f9e072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c64377bd87a5a6c3ad25a057c95f4e08

SHA1
cf7acf7ff186cc32ace2f08b5a797d2add3ca285

SHA256
8e83e6cb9a5e5320fb8dd6c91e764f49c2ce376c37dda4572f8b7469a1996424

SHA512
9c7e627ba891317ebb2ad7fefa792cc5842014650a2d71314245e435a933f8cfeaaed426b70d86e364b88310fff87ed023a248c86cd93f20c0c7fca379938b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1855bb1e402436e5cb5724794e85f45

SHA1
3a853cd7165f2cc597f11711a158ca22f9cf2e5d

SHA256
a5588b9ca3882eec94a50b382501e0bae4ab25f4f922faa78f3b419d9a2f92a1

SHA512
b424952781adf80dd36547e4767ddff69e4f4b1cb08b1398fd932cb235e36fcd9baa3e0803e7568f350f022506ddfc22b5e5dac920dc48611cc843fb4901ed42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1be23c6e38656c6a83a3bccd18fb29ae

SHA1
2905416434aeaba0daaa1b1d423f702221b5c7a3

SHA256
2eaab2b3c4b2a1e84a67a93dd239f3f37218afa47c2bd59738e6825f00151fc2

SHA512
31934b9feda301cf803267ab5a1c5f1e7b2d25135d8aee9a095639db40072b5a01a652d8bc39b325c52f6e30dd631065b1b5e3c92fcdec4f5aac030ea6a7f29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5a4af70a6c24ef9c4922901790e3d98

SHA1
a14dedf05f9698989cdf67de8164bcac9236b501

SHA256
78a6cb88d4a3edcd405478350dfb14e4ed3076f2bcf5153bf3e194717f9b078f

SHA512
1f6d80572979003af2f76f282fe122159fbab1fd123f17d9b255b6f24215a13e2e03db71ab2a0d3478d43e5d3787a0975a0430328a5dad588bb1a17e10ae7cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8fecc2d22e57e2a82893e1c88a4a82d7

SHA1
0280a703fba85976ea03c8bc8208330f61515837

SHA256
b09bbdc20bd412078c87550a805b1e753b3a29bdf17c666b26dc5baeca52a1c4

SHA512
8fe7071ee489c5018232cae389b9c233f02f5b3b6755c08c4d8135188fb294ea6c6871354ac8ea018b646a9a2dbdd610c41f8cba3975007b96cf5dc18670e915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b5e91d37feea1a07651442d21e6dc8d6

SHA1
fa4093e4bbb00222df16fe3fa541af0811fa3945

SHA256
d32e4e273af359c447038e43b00787d78497148c5d4a40adb6bb65fa012eb97b

SHA512
846b11c90e668ff29c9932e6b339a42f8f1ba40ec5faeffa754adc0cffb05bf696b7cbd92f545bd91bc7d4ff8554cbeaa61d822dc6d1c8f9349fe91c340f9f33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fb4aac4ea8fcbfcd669dc8fde709fc45

SHA1
530ad93afe89796b58bf3338054994304d2d5f2a

SHA256
4fd930b35053fb4471fa1536153270a814dd449ff98e109fe1a5c13d1153d575

SHA512
46664cb931aa82b27c30312cb3c40aacc8bc7dbda1f92a7d7cb95698a7e7d4f63cc44a6124504a99f813bd32b2aecc1515312ab5b753f796d6a56271507bf37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581bd0.TMP

Filesize
706B

MD5
f0152fbdc1c93337737600fb890bda5e

SHA1
a8250d19e26e2e7bf6097350b0e89801010d7e86

SHA256
6679c9c10e9ef957856a4b187e3e85b24ab1eae7604b431168edc9d20e611822

SHA512
219a328983338c0ebb9e8cc679430ca98cd1e1c8be3d51621309116bb9c9ec644b4af33d8ac11d492c0be8407e5fc5d3bfd2b5c0335a1647f2e24f87d0e88655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b325030e8205a3c86a21b92408e9ef35

SHA1
f89558f701e371cd20efca10375185c68c96399b

SHA256
78f09b22c24b06d65ff4c47989118a34f7f0d771471d6efebadfc8078a6cb9b1

SHA512
e2b1769ab71a74fa879422e859c27f2c6d579b7e0e1e6318bd40fa9ed88203f22b83a2e85d7151abf9bc1754ab0414bc8caefa1e75023173482977dae9cea20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
3bd18f6fd6ed913453229b6e7bcb4f84

SHA1
1a63250d868c36f6fcee834be4c9c41115d1935d

SHA256
a33ee4721ed4027ea6454ea8dab56243df70286c3bd733269bffbc7bbb16ac16

SHA512
bfece2ff764544cddd5d7d9028708f9353c92c25709cabaac50e37b69d1a4d4d715ecc36504bae17569c622fb85bd23adc9545f64d60ed853353acce62444ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
88KB

MD5
46c105800a91d3912ea93b567f8808bc

SHA1
6088dbf627f9c6af2fc37fb617452eacf46990db

SHA256
4ed11c70cc842661f77efca3364d1765943152b2243723cf143ffb33d4516485

SHA512
b9a1b27c5035b901db6ebb4d344b957a1903a71b41a58a85c43fb3eed8f0a2ab9fa4e7bd91293409ea7bcce26cb90e60fe09780d6bb4426a2f6b8c7a310c7375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
7d678d2399c77485e6e59b8fb361c296

SHA1
513f03325b242eeb16d314dc8273c56f51628ea4

SHA256
7e51f6ab8bc9b3eac89d0c120ab37dab87e609b43fa0d66f7e5f98d867cb51f3

SHA512
821b1cc7fdd3eec3fc8f729e89a22f4ba2a3f75c1b3753f6d4e07a82ccf6287baed1fe1cf9ca6fc63c4c56108e80e5a1410f7fdaf90965f9741cfe62a20b19dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
151B

MD5
ba51c07ef0950d037b57cc5e258b0e30

SHA1
35e69cf92e764aa6c9f0471fe623a71696888e3c

SHA256
d4483d330bedecf77eb5d49598d0c3bbd2c8acde2e2f51fd9ac42e99c4eee88f

SHA512
ae5210b03cb3986348e2d6c5041f34b70dd173c039ba594cf5d6d9e24bb29a4349aa3c33747c68f71f1e9a2b39ec3bdac67b695f9fdc42c9a222fda1fa365107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
13f6eca66961ce1841fea70535e95a97

SHA1
411e8b4f9bb0fae37617abf6c09871f9ab618dfe

SHA256
78c50ba4faee6e3de93600f2ae2c08035a691f327a0787b76219cae5bc9cfa48

SHA512
c600ede787ba5bb46715e581d86135e74266ce021733b24b869271c8926ac896b5b0d2c1305062f8ae456ddf92689ffd3c505935441a7cb3ab144809ae1791e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
376B

MD5
aff236380eac814976a222c69963c132

SHA1
a205c6ee5679cc8c3dc22012e38e692e2c22c0f5

SHA256
dd25a2e2f07c5f96c97168b432f9ece2ff0c64dc672f8c966b353fc194d3b6f8

SHA512
516f16f6ee9a678382b75ee28ec89c5a7cc583d878a97eb647c755d7d402a60ed97081a2ab1fc49fefc9e1db977ad9c3da7731572adb804ae9910aaf7c4feec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
febb57a0809b80945dbfe5ffe0217e6a

SHA1
d2f09a0a2b0ace7f55f84435b96aac197f803528

SHA256
323d144343f75cf6c803c88925c0470d345203eab3c0bb10885fc90381dece13

SHA512
298b9cc65726b834f5f2a92e03e1884818cf1ee94359314840cbf7940b828bf83ed8f65aeca7cbcca6aa16354305fee7e4a81c0cfef63c71bfcdc82abc4266da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
d3da5750a3019bb2db8637950b05faa7

SHA1
4f7f5bc54a68849c07e163d209dcbb9fc0329d1e

SHA256
4f5d4783e0ad9fcfd7a42c7f6cec2f81d44d9073f5d940e1308b8ff1d732cc1d

SHA512
15e86b7845ea1f3c902fb7ea5d7ab9043f2fc743d0c5fa5b0580f11b2dd72ed166f6cc17bebb65055670ca1d3961e1e3085bbf5f37d5c1f2f3700e8272c5d099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42e91a41d3e80725aa71c2dd88ff5ec3

SHA1
ae24f49f78205a58a84966a7666671f094156ec2

SHA256
979b3c385193e104f8adebadc09709191aab116785ee82fa4f5aa889a22511f0

SHA512
5b06c2680317c5ffeac5ad946c240cead0ced9693baeca61e8e19a5683ca9ae62b690e079f02a566626b3cf360e13c2fa76a657b2b67bc0e0514e0f5158babcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6d3ef9b437310e32f7740789b23a1e2

SHA1
8e59df7d083311091f4130eda86c5ba8d2bfe18b

SHA256
da70ce44d1d316a68ceb9ff8dc581f6041ecbee3287caa68d823284e88654bf3

SHA512
25b741c60d5e339baaab3947562aceae98e687d50f666df5370273c5a810006f248b777facc4c24a655fd85968a7cbecb15ffbf887dafa66c3f1188eddb576c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4ef9a2f6c71d9d8cb111e6f868ff4d32

SHA1
4347c94d33b33b744c60e18c261d1b2f1c4a3865

SHA256
48e0ae595fb6d13dfa13052c60bf854a35c83fc68ddaac36384b31b34ce718f0

SHA512
cce33793467ef545881436a8558f30cd1d2b4c385e6a5b64e2bef560c737d9800bf6046e2d65ac40f009c6f5c471edc4fccb3ad4e442edcc47a90ad20aba68d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
de941e348c3eb4fdbe5f0ab01638767a

SHA1
765bfc7b61764e897906889d5885cccec937bb14

SHA256
02a2e89a1066f278ef451d804fb181edcd159e0f0877f7d4b30a914b759b8147

SHA512
7487bff7e971dc2f11b4f27d0965a1e3e9217e0e9a0bece566e0460382f0656d104a5afb7171f9d8e734151bdfa777dfe54f0a41cd74a12bbe8f6341538d8db9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8440afbca0f2e599bf6b10c5b5abf885

SHA1
0c6a3dc42cfe0bc045cdacaf4733a978243a7059

SHA256
c4466887d11b260e850a0903d4a125aa30bc4b859c985e7ac5904cc82e5f1649

SHA512
cc80d10c87b45bbeac34cdc462e4875a9e357de99f3bf638c1466ebe03056757302d4c0591deea460fee0590b8ab5e0e2b75f113dfbd903d5e7d17bb0741cdf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
12a197bda8b68b6f57fcf30bf3ec9d57

SHA1
0e0c2a25efda8a6fffc721b82b27f0a25a275504

SHA256
da3aa5e31120cf76fc8d5ad36ed192d0289f905e95ee4e79706232e40679f8cd

SHA512
a08485310ed8ff19da8c5a5347b3023ebeb02c54c2310ea1da345e8391d50afd11c942c9835c3f1596306c436aa58d20cd968ea84faa4300ce82c8a120c0f441

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\6e1373d2-434d-4eed-a508-37920ae3a847

Filesize
11KB

MD5
c62dc2f1b555dab6e0f24addf31385b5

SHA1
45eba357c8a249eda9b060c8e6048fa387a1892d

SHA256
6e81a27953c3fb66f87d135cd36c303d66ca0e6511d251ae2b85278e4363b44c

SHA512
915afedf533f5818589e7088006b28400888627470343bffebb693bc5fae9b3e3c12f182dca86b6af8d9fbe6175d79ffd8d514eb405c20ace95e916c0ea3d85c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\f748a573-61fc-43a3-8369-cde7537414c2

Filesize
746B

MD5
35f326c9c34a0267d7a2f32f52de148e

SHA1
2cfc15654d72afa36bead18858bb07f7615f0798

SHA256
79371734ad6de9617317ad942f19133291ed67bdacd113576f14947e498b7563

SHA512
abb99ed336823d6cc2ed7d95e041f43f2daa6fe1908bf33641601d0b4c1c69f01e3ce35c79ed6289a03d5b936215283414a044abb9385232fb946846ce65a3ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

Filesize
6KB

MD5
75824c0fab28cff2ce9e29cf8fe88150

SHA1
f141eb94f1da3d52cbf6bd8f26d67fb4282468e0

SHA256
48d474ef3f2cf6b5181788da7f2aa1f8b4afaf9dbec42775e226261a66eb1c7f

SHA512
a568f369cf61572b8a01ed539a467d8a5c0948a481a28000707779b39c1cb40261dbe318694b499b1faef65e6228ea2578247ca1d72834040483650c662ec9e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

Filesize
6KB

MD5
1bfe335f12e94a537153f20a0cdee434

SHA1
02e9b72612aa206f1f8deecd40f5aeb519058122

SHA256
1277b5cfaf3106846e3d7c097fe1241ba354d417616b79fe6bc93af833bd56c7

SHA512
9c025a84a13135f201dcfe44f1b589c85fe184c06f077b9a93c65c03a04057473e8cbf945413e407b892ef5204dfddf4d15b2f2a3855c5446f42f758d6d3ecb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

Filesize
6KB

MD5
03014db8ecb508312bdadaab113028be

SHA1
c0421f893bf9578f4bdf402e1b8abc47f591190d

SHA256
6bb13c68c0ac149013290b20f8d1d6e42f26baa0c47e38d7e349faf98b6a08df

SHA512
9b4635ff86460c35dd290f96655acca8eab128fa9298937586f419c06c4c0e1e89ceb30a3197bb722a1f47b4137801664250e14745e45064231974204f7c23d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs-1.js

Filesize
7KB

MD5
7f48cecf2d1e5b83ea64c81b4202f594

SHA1
c21013f998cd112a59522abaddfac548f529d09b

SHA256
ab7fa581ebe43b8ef1feba5c8566462ef4b650952e4ea7008e457712fa51f02f

SHA512
3fb701272cb44885177d5ab439084595fb6ee8d184bff6432949c14c4e7a5258e12f0ea7c839dda95e0633a564f6769b48508a10e2353e2b2c5fd800481e93e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

Filesize
6KB

MD5
beaf229b824c58cafef7005df6a08004

SHA1
443aa6d80dceb7aae28c31342940bcf19c4d714a

SHA256
4e6e4a2b1c39da6cdfb93d88b2244e38715af2bfdb3fefe853adf500e5b90501

SHA512
c2e0aba16bb9d3231244b795cd3639453f2c1a6ef64252961d11756d6a7fda213490bb067838e59ff517371b1062e8dfb63358be28172114d44da4ad9b1b46c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0c256fe3fe7ec4a489dc6204b7f9a182

SHA1
203c3407aa7bfb88b0907859b3cbe33c740343b9

SHA256
9bdcaab4ab5f8197e62dd88ff6468f75cfa67dfdd0e930ca0a773464fb1a0072

SHA512
781c9d010714f7453eecd66c6bcf03bc6a575df5b96cf50a673a8dfd4f43c06b25953549fd28bf7824d3aa266e24f9ad39b77e692b9e7b0cef8482cad78b0d5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4a647be13edf0c552775c1d7006e2743

SHA1
233e55827672fb543fadf3f1c39a5fc196d71325

SHA256
6923c29a65726aed4fc022717c88a1df21211150dbc6516c1cb5fc06982b64fa

SHA512
03db04a5d9f58ba6c40bbccddf48fe54dafc1e011154a0243ade9f43189fe6daa052112ed7e19f6d42b9db5d7d1e5ffd859df9c2c42f7c19d70343e6899aedcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
46d1686f082b671110e6b9cff625357d

SHA1
5d0a492061949d38d957e48ceee5d499cbededbb

SHA256
aa0f163bdf557174ab55365bb596cba9975cc78cd22042a947e19dab37a7d4fa

SHA512
22175deb3e95bc1801a2672ba87b0f1fb30638b009fa88ff5647870822d0ed186fb804d0119b854a4eb46bb0b96df3b21309a6d0639b3ea8b2bfcd15f2627fb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b11bb742fdfd59458e463245c136580b

SHA1
2c1909a026406dc501933a84efdf05ddc96f162a

SHA256
324231d0d8a78687af037a7a7cb39c89896526b5cc12e3afe5921a3a56201e74

SHA512
3f201670e881fe850c2f5375a0cfb02709a1273b3cf5614e0e02162904a3d323f8b42d1d0f6c7745a12dddfb686dadb10d14e7a292b0a63ef42c3b970a65c956

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d03966771f337409fb9ad598c2883505

SHA1
9e02c6b16f431daa2f8acae3a75c2496f7e4ceec

SHA256
e37e39d46101542db76fa9bb927f51726acde2ca43a744f1fb9833769d4bbcc2

SHA512
b4be20777013c6940eecd6e11bdbf8ca0a36b72cba5fef0bd4c89ffa9268bf4fbb58c6fbb361fc1ddc6296a831b75547336ef33821d46594abd94a4bb2032713

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e07b9b230d727198482cf32034e76ee5

SHA1
7ba078f48b3c8149f3c38264b289ab334b876a2b

SHA256
9b46662b211ccd6071c005acf530be2188a624886f701a9c90a7b1e6e754b400

SHA512
27382a253b2ee6812a1cef59739daa7655bbfa15e71d7639da3f92ed95ccb480e9f3c3eff917954870e6f5c7151a28404f43d0725f9812fb272fc4b4c5e878be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
c9ac013c77712c8537d117217580f305

SHA1
bac97e1ef3e5fe39a4e139a1d1fd7e97661f5cc7

SHA256
bfec325787f048c00920bfec020d5e72dcbeb5b2dfa1f285af6d146030c7ee51

SHA512
324e2892e05a7315b7192490acd6982cbf73c65c031f18158b112cbe649a6c46c20f7f3edb56d58d14271e6040841c6f6187affcb01e74fc524e53d74240573c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
43887dfaf32b0d00bf17a1eccb8113cb

SHA1
e15d89d42342634161bebebbf37bd788b4709156

SHA256
eb8984187f4771f92dbe45b5bf69393eabc0ce5b4891e11d90118dbf9eed195f

SHA512
387269af9ccb255db3054fa85e3b09d8b49d6ca302854c72f2308a13a4742017e7e2d038db35235ac70754638ada68088c26cb2ae35fc2351ab734fd25a7052a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
6538e44536b8d722e7c5510338cf49b7

SHA1
c8de7190c83848a0b11b6cde5edd67efbe33b0ed

SHA256
96b2e8cc9f60a18b985feb450e09438f9195a85ac304df7cdb8ed272d970a738

SHA512
05be219bb00137102f39dfbc57f3e1e2a0020ed60225cfc2790660b36a3c65b18adec3d165725ebc86ef27ae772905c1ae11323e751daf9d70c55e7b221450d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
7a25c2d0ed2c6acb047ff8bdb281bd1c

SHA1
7ec54d7ad02812f1f99516dd343dca39d6a89afb

SHA256
4a6a24a0d519a8741fb1c676e7e8d763c9dc58fd483ecaacf5e72284a56318b4

SHA512
cd0ebde7606543f5896f600ae5971361703cbc70b9047a4b46f8fcb755508d4b07971aca6b87f69af135ffdacaed5075f21c33f96a70f459cbf07ba7a297ed81

Download Submit