hxxp://ocsp[.]globalsign[.]com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q/FkJhmPF7POxEztXHAOSNhECDB5Ka3JORl1zl6tA5g==

Analysis

max time kernel
269s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q/FkJhmPF7POxEztXHAOSNhECDB5Ka3JORl1zl6tA5g==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 59 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{1AC32FAA-4AFA-4979-BDA8-E662E667E155}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000002f0283c647bcda01d527ef9f4fbcda0180638e6bf5c6da0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
2924	msedge.exe
2924	msedge.exe
3960	identity_helper.exe
3960	identity_helper.exe
556	msedge.exe
556	msedge.exe
6068	msedge.exe
6068	msedge.exe
5276	msedge.exe
5276	msedge.exe
5276	msedge.exe
5276	msedge.exe
5228	msedge.exe
5228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 4712	2924	msedge.exe	82
PID 2924 wrote to memory of 4712	2924	msedge.exe	82
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 3512	2924	msedge.exe	83
PID 2924 wrote to memory of 5028	2924	msedge.exe	84
PID 2924 wrote to memory of 5028	2924	msedge.exe	84
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85
PID 2924 wrote to memory of 4780	2924	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q/FkJhmPF7POxEztXHAOSNhECDB5Ka3JORl1zl6tA5g==
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe197b46f8,0x7ffe197b4708,0x7ffe197b4718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2076,12727558699105868094,95901424307262435,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2857baf8-5823-42dc-bda5-b733f7ed674a.tmp

Filesize
17KB

MD5
46b8aac69c348757d621b4280ac737cc

SHA1
cefc7bab12f0e8d33e8cfb53b924020bc1bc751e

SHA256
68a092df632903a6e4f81d4409b5810bb195c785ef26851c24fba6775c6f98b4

SHA512
2e89b8b833ac712983728879fae73b7488c2eb19669ad712f08b365e7309b91e15226ff8c01aa44841d829923aab97b0ca7d440602e230129c3afc8fe43e86c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
76c36bd1ed44a95060d82ad323bf12e0

SHA1
3d85f59ab9796a32a3f313960b1668af2d9530de

SHA256
5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542

SHA512
9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
42KB

MD5
f7189700993d4198ee96bd6af5569539

SHA1
1ad2e11bb23ac04c9eebba69fe755fb27fcda164

SHA256
2447d53bd765b1f2c752ffda92b6f9a1dcabda1e4edc4d7496797f6cefdebf23

SHA512
3b5522068842502f5f6dcb6678248746eabdcdeb25e21d21fb0c9e446b75eb97077f15be7ca8e5b04abd4094bc7cc8ac8452c74a946d369614ee4e77a91753b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
635efe262aec3acfb8be08b7baf97a3d

SHA1
232b8fe0965aea5c65605b78c3ba286cefb2f43f

SHA256
8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

SHA512
d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
0ce62e9d53ff7bbb7f9f3ec62519209b

SHA1
d50a698c63fb1957a07d805bd6e826b262773bf0

SHA256
d7d211c8ccfc31dd47ef275249fe7e4bd5fcda67a0c8d35781a8b2cd3d798521

SHA512
bcf0b9f827b6f1d9124cc16bd231d7bba6aa40929549dca3d32247134f8c27fcb5d184ca21eecd9a2a52c0a68333088d706fa37f215eb412adad0deac20ece0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
41KB

MD5
f4ab1df4de2bc924dc512115ffe91351

SHA1
f490ca62012d76c089683d59c18fc43014fb311b

SHA256
1bc5ec8e74b84c76fc38b7e2d2cd0876a0d7adaf7dd2f8fb8b922c65f118a82b

SHA512
e17cc23df0b555bae3602d81b7360407c62293616f1c3ab3b970e4422981cd16ae4e36fac380d162d794ac1f1d59d1f6175e59483c71250b1b96222a5fd3af33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
36KB

MD5
f86a0f1eed44a9c83bf8d282cb7899a1

SHA1
46fe3322dfe2037ed2df8c35af07b33e2956d35f

SHA256
6f0d1abf5eef150e6edbd48c9603767ece6643f91edb8004a7dbac9781350a45

SHA512
fc2a6f52adffc1b843395c139764a528bb20d9ea5a12a446bac7b7753804392537f50327506994ece36850a69451bdb5563d4466c99e06efa08a0e90b2c9b757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
99KB

MD5
d745348d289b149026921f197929a893

SHA1
a22acd7697f36e7d4cc31a853c70e776eac54bb1

SHA256
3f6d3488cf65374f6f676c315340b0ac2be832bd55240c809448e36ef9b96326

SHA512
d91b18a923a9073f1fc1fecf1b010938f79d824d2107667597f45a65d3843e350e420b82a9506d7ca62c02a5aeabb1d3676635f825dd37b864d30f2835714c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
88KB

MD5
0b7827fd84f6e3f0327f93e8517e7893

SHA1
2f07a07f8c672fd8a27a682509e48b590ac28fbf

SHA256
67d97de820fabebec115abcdaabbb022d2e4bf9aa57d52268708a6a8e2fc662b

SHA512
44fa4aee32bd4fb9793709cfcc829cbb9394ad79142257c5218a8ada26c43c553e9e1bfec71f3f041a4af1223bc8c1657d1621b59abaf3fa3728eba5e2e11417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
f4479d2f8c13e893fcb53246ad85249a

SHA1
6e940a8d8e5f2774179a55481e0e58658dfcb8ba

SHA256
45555e45a0931d690141416ff40164bedd0edff1756c59456572416a8d95de8d

SHA512
9997e04120cdaeabfb9e15fa9b758c35a88aa55d5ee0e24bbb67d459872f9f23fdd68dfb8b322954369df7a288bcd429d1aca977a452c37b9d5272aa40abba1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
98KB

MD5
caa2be847581886eaa5347362a02ae78

SHA1
d3673733c4c08ab725f7d851311da9a2cb80b747

SHA256
a4f9140a7d23e9144de25b1bc25c1c366263fb3abd59313d51f0e19f8ae974be

SHA512
0b8c2898eaa369b04ae2a786f023e1cbebcf9ef24eb43ee86380cbe99074c557486ec750b0aada532773d28b88cb93bfa1e633c37727e1deefb68875379491cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
31KB

MD5
1d1798c213ebdc4867aa491e8e1d3f9a

SHA1
235bf4ba62c79daa5a71ed05a55ea09b357775ef

SHA256
a2bac2d32f9adac53e14efc47bd6ff9d551d3ea21a0b0965d03b02813a9217a1

SHA512
04b80b7714eac0ed7c160e01a30f408700965dd5e1994e7dcdc3f0b1418fe07db77952abfdec893b52e9c66c202475f8d6834e6a78864c3e77c5afcf471b0dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
43KB

MD5
9debc976cbb7d8434214adb55acd5324

SHA1
11eb6d40606e5f0e2f597544ce459d5c0c013606

SHA256
e3241c0549616df15967c564dacdf81037557f81c1636026d583a4e6869dfcce

SHA512
a1eb4882361ac6a434dae7cb4fc9a8559be65240e775dbc2c7694c637b378c615582e0d91d40250bad2e09cbbb996e13bbf90d2881cd955aaaf8266cde586156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
144KB

MD5
06f6cadeb72f21fea2b6baafa80a7d3f

SHA1
6e702f40092ff9bb667015a5afa8d202c64fa107

SHA256
3930cb4778d56b24816847402cae4926ee8cd9a4a413d7113960f10f9731266c

SHA512
b68d09fcd7fbbac65983a0709fb570973837552c3e2579a2c1fb3ab3f2bcf4d58a60912a13a686806ddbd0dcea989905c547c3771f0efd239b0143f95e3df489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
76KB

MD5
651f386a2030f5e67b376a2fc7ec54f7

SHA1
f042132852927370e7b7c74bb7857dc16d442b26

SHA256
d8f21c7e0fde393f609560e1eb9620bd02755371c064a885cb29be5e5347e49c

SHA512
0029871032914ca3ae0446b435ba2c11f9709e3bd610854ef3718cddfd2b8cf28fba5b96dbb7144a3a4afd989cda41d08421a4e608d5ff5e0d5c04b6f8728228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
36KB

MD5
2aa72e9d7392030c43e86e8bcb80138c

SHA1
044512dffe02d5319959d4632c5150c53c0a6209

SHA256
d57c59e031d8792256a4d81261af9f769595f5eb2d4849d5325dcf61dbb0143e

SHA512
5112f84a24dd6e49ac66cb1451b9312dda1565829d54d7269a8c70bec276cb66489735c9bc340928481bf593aef8f5c9790dd3d9afc0b06088e2064c471030ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
27KB

MD5
6ad427130b53dd4eb4725d0a20868b7e

SHA1
6951832f9ef6014cae94a4689ffd639d395261f8

SHA256
e15d7e75091d9b1886d488c532517dd0cfdb507af2805be6fc07cb0308ca47b1

SHA512
8edd1751ba7ebd71b13f033614da09c1662486afd2ac185e9f7efe5034112eceac1c02e2a33a2907c8eed99b1c777d793c956d4b7db502d45f634832872e160b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
63KB

MD5
82f9699668804cbeb6ea7060a645ece3

SHA1
bb994c7a50f1fff3f1bc6d693cd5d631dd00567f

SHA256
67ae1ed6e78991a1488107359f4257c474dc6daab3b61a4e11a0b53ec1938932

SHA512
709f3cd099ad931b71c4b1143090d9c5896348e2856ac55698da24e7e2c0eda9be88bb62d189addfe56199c692a9f42e4e7a5cf74fd5e378884abe78edf1be5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
51KB

MD5
ca189b7bd8edf9b9abc2feb71a7309ca

SHA1
5ddb4fceb1b373d46b999a07540a7ab60d9e2854

SHA256
c9ed472d7854be528b02b657f9c27173e2aabd20551c1512a240c3d08f0658c6

SHA512
095ab2dc271ea45aae51dcd393ee0236e23dcac375defe23b0784cd87d984628930f16c1c2c14515629768af42dc0eb6da693e6d4700980a88e3072750714b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
16KB

MD5
40faa0c4150091170644046bbe98ca75

SHA1
d07b30afeaad31c52a1e9dcc2b5362065cc46625

SHA256
c3973eeb11e12431e06d1ef84661ade738e2f9d653e09bb1882dfdee5f887158

SHA512
afa3bf63f9211982ff39b058d0dc8b5ade5339ed68615df5f0c16477dac454897dc1d61e67d78ef1191c1f5859407828d297a5102ee7f28addd10449fd07c85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
40KB

MD5
49b2bf869b58f556966748c1b392e149

SHA1
d5bf87e35c5d092d9e24463e0e63a1ae2015b07b

SHA256
25cba6cab72af50d89a6174339586438a2b65251fe56832135729964af66734f

SHA512
0254ecae9f335823b0dc0d6a0859eb2d9c40672a95b3d2e58fcbe2d1b041c6ba272fdd420357cadfd752e2998d0ee17131ad52aa3fc0580fcb71c70ce5a62f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
25KB

MD5
155cbdb4f54a2f4145dbc45f9d961690

SHA1
212a075554b30a747a581a3858f3041850ce88d4

SHA256
f14c797879b90fcc4f435154c7c624506b1e904dbf24265403c0a7f23922320c

SHA512
98cca9f0b6ba4cec9108ea5c35b22f2b1df1090e3d14d1ba5a956124ecfe17bc7093aff10f7df1648bb33838ad1d118cc7bb8674740c324de0a658ae7212a425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
80KB

MD5
7657753647cc3b6620dd52b6da682457

SHA1
7d6bfa63efb10e004936243968675e297e57c883

SHA256
74652ea2b680ca7c681b8fa18304484d2b971b06d207af54f1fd4bc70ab10cf2

SHA512
dc0319f1213c18453fe2a086738908e2e9d27ce46a0e623275306c2daec426e4c00b83a04b96046815452fb88662787cf19a1c2df6703ba589f15d927649302b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
114KB

MD5
460bcf3cb526a25604ddab1fee80b765

SHA1
6f6cf7b6a0ea81d1b7bc35f79dad431d54c1656b

SHA256
09bc76a6f829146155c79e8b1a242b6ab8262891914ea863a697d8eb3df9e321

SHA512
d8a30baddda95cfe8a532e00c7f077b31b02c72ffa427fa2a85f411fe6abb22ce01ee71b901e65eaa5074ff6194e73f2b133d1ad8f519973a99ab3bde920b98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
16KB

MD5
b39e082c6b983705892045fd87e0b9a8

SHA1
9cc1bb64eb270135f1adf3a4881c2ee5e7c37be5

SHA256
cb0f25ca005489d2399434c33762f291bd8746714eae3aa72de20aca08edc458

SHA512
ddbb8b598854dd829befb27641b1c56f23fce55283d3fa33f0bfda1c3b38ce7dc03a799e84902c580ba8a54361d33a49038368c96d9fcde6a50fe83514774d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
16KB

MD5
4afcd3b79b78d33386f497877a29c518

SHA1
cc7ebaa05a2cd3b02c0929ac0475a44ab30b7efa

SHA256
cded49f94fc16dc0a14923975e159fbf4b14844593e612c1342c9e34e2f96821

SHA512
2dc9fff1d57d5529c9c7bff26fa9f3f94adc47e9cef51d782e55ecf93045200140706ab5816dfd4a0b49b8db2263320fa2f0fa31a04e12d0c91fea79b127255d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
27KB

MD5
70dc4f19424ed6d1eb3edf2e3acffdfe

SHA1
f5e03c8717997457ab5875098caf342e959c52fb

SHA256
4f0529047afe2ad52d6b531440745c009727a374b0302784e5993ad85b3030c5

SHA512
92d0562b604a951bcfcea32569343eeee2c400149faa84375b8eab5f4432bf97bb833b5f9c7c287b1f8f1a330bda52cc9a5868cd35a56789beb7ffc1e9cf7580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
54KB

MD5
fe6c28d1c5b0789563d3bab237746a74

SHA1
3da79e353a38b3c09bd848a4eb6b8f8b129e6121

SHA256
c5fc20be8ffcdb8e8508649674f49926b5fa8fd6661462141a4487e1c656b24f

SHA512
569f505926d66c38e11079d84a4d3595490c38729e13ca1dea8b57836b918ab1c22200fba56e6e7b1e6df02f9e477646572b972ceca8012521e562496f4598ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
112KB

MD5
92d418f1f877cf1667937b93a953342d

SHA1
196c2682394892c649476910991c72646590fdf9

SHA256
5bd4085ad447a2a4f22c4785d68dd3e7c751b40a554e422203d912c4bed33200

SHA512
c0e74a57d3a516491325a9b2edd512473feba07bd3973e13939d6bc1d468e2bafdbe874b7fe32929ca616efe9a5c005937b5e960a97c253523678bafaf40c7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
145KB

MD5
7c25d16089675ff569c41abdb8ca9ad0

SHA1
5f347d22682b53c0703f2b88d47e601ca0929e65

SHA256
e115a0b61313b42daa616aa182c9a4edc4753efcf9900fa9cac8cf8285380e62

SHA512
6460776656a1c57e4ea98319c968d221913b8d22bc1865f99d8cec7ad88e82843563c2946c17f704185cf8ae22b3fe05d79eb9ac017cde6c4d7244ee675cfdfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
51KB

MD5
358ca8da53804e3258d71f3a0ddbe429

SHA1
809230ed8301520d65a8c4e5101173e60ebaf9c4

SHA256
773bfded5e46915d7852b19c647bee7576183770bac2dd518fa4806991db3a90

SHA512
14285b7b658dc277e9fe5ff956e7c2e9ea57c338a1e3dff7f5ccb6bc22e1ab28d5effed4c907875e1a068398a17560acc91346761f5fed0967051a83f1f73109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
145KB

MD5
1df6819fe6a467f0a4018088f923db8d

SHA1
85727e0cec77ae408ac659cb9749f46a6d20e215

SHA256
06aba377ea3b03575c94bacec4d3a4aa638bad8dfb2297ffdce6429382415bf0

SHA512
443b3bdb50bb0b0d9dade10808facf65ce678f7b4716ea947e517e4752734f05d5696b145138e3811454250f083e947267144412b959ccbdd374c55ffd35f39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
20KB

MD5
5768930335946c689d36d117d9daa82d

SHA1
1073cee66ac042dbc6beddc2d87297ff86756b01

SHA256
5c5ee973f8a7a4ae986ed5ba927bdde89183b3c804b897e840413c0ea557a939

SHA512
be43ab5d18547683ac9ab51a60dfed24e5cd31cfa90d39ebc96ceaaa71b0f18379cdd79dfac5500f49c64f43a5d9f055ea203a29898fe1777b523d84c8ac28bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\09456f0be3b82687_0

Filesize
23KB

MD5
d1f97daf9971e2a85aca913e6f037d9b

SHA1
d2b11ea21e00cd38fef25083edb42a7afbcced26

SHA256
37b6eb95c4104b5493d4e5989f7434d9ceaaef7ebb3acae12fe4d3c222c847ce

SHA512
f2dde7128f8b852c6119000a618fa10730b16d1d997526c5f16d25ea7d61a4fbba5b200c7e01b6a2325d767d3dba1063473aee71285ac03548615853ca012859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\22398ecd75247f11_0

Filesize
278KB

MD5
6ac3e617ed673c0b1aaef24b0ad3c428

SHA1
6ccd4e5030c0e2ae48904fdd568b2bd933e97fc2

SHA256
789d72d7d506a3d06ae32dfb3e1f72b735be93cfeefc19525b2632086178a9e9

SHA512
be619d5b098b317e09e10fa093717a80041e8e72bfac084e4780c52c74511800b1f4c58a179985976965e8ce7af6a3c03fc3b404a344e1f1de39ec5ba78d03e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\44f3f9db5b316421_0

Filesize
281B

MD5
97f310b03badc3a05b2fb83e1528194c

SHA1
6e40b86ac0e0ca5872f15c027e57a4ef187511f8

SHA256
9580d216b919b83b9ba60e3b2d009fb8f63b725b293b056ed89950a236fa1c9b

SHA512
5afc46e84c41b9aee3cf5e06aa99427023e1deb9f0a096e34b008d7ee52d79475a047ca9926e0e0549b321a45595c8d7de5743e467b5da43b539abe6bba05e22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\482e8abbef9c0889_0

Filesize
53KB

MD5
f7efe92a69a54913bc3621d8c5d490c7

SHA1
5aa787c5da94f74f098c8abcbac438a9847bbc52

SHA256
03213752f05e1740587e220f03fec19de7267d4014b71ee10d8b9648a811425b

SHA512
0cfaf0328c13a800d6ae94036c370997a8331be7489fec19feaccc4657d016c80ac431b2e23918c5f0712a2378f13eff6e84df1c3073e4971bc3d28444220692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
23KB

MD5
5b90f6ea3d1f2feb82042ce89c2b4b3d

SHA1
64c29f3a5f5568d424e0011a1995ab646ba82bb8

SHA256
fcc954afec5938012cffcb7a252b3927216d807bb87365372280808c36261259

SHA512
6bd96e8983dab1fa98823b650a55f32c6920bbef5b2603eac31dfae5c895c76ec6dda001a9b10c4b6b815874555c0e0a4a95d3e68c8f1b0a9c90948ac3db6808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68f42131a8b2ae5d_0

Filesize
66KB

MD5
9158669651d3d3a64edcf743a55067c1

SHA1
83dee6f5db0c7fb3f71ebed71b24a5a2676e239b

SHA256
94add097b75abcb0f0bdfe3b18153bf4ecf623774e2c08935817b394b0be900b

SHA512
a086ec560a95b27f074c04fd5b613aa493368e1566e88e3e3dc1340e668cadba7eb5878bb812be5d987010ab04d97a6092ded208165d79c7b4c23c44d181711b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71cee8a6cbf159a6_0

Filesize
208KB

MD5
47d4fb7dc261c132010d2253aab50dee

SHA1
051717f6281ae8efe8d17424daab20f3d20cde7f

SHA256
a0f2892eb6e490aa53c43352a5f1a059fe7cdb628d07afeceb571550258834bd

SHA512
73c900c441071460c461b4b01785803cbed91de0d1d321a1bec6046c0822ab623af5beedf16425f160d4149a84ca2bfb4977da83c138e4702f741ebb75dca2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e11be7244f38434_0

Filesize
223B

MD5
4049f637553628ce5536ebb6c33ab803

SHA1
417a69c4659ab8c9c21bae61f564f1f75b543b2f

SHA256
2ee8a07007031eddad865c03b0d99ce7963092b27f90ec9af26fffc4b76ac7d8

SHA512
da6db170a3e600ecaaa165db1d1e1823cfa806f6700a093b826e152827e480792f6ab7dd4f356d7614fa0badcf4dfd8f9ecc186bc0f040e8208933b075b05f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e11be7244f38434_0

Filesize
271B

MD5
71c9e424f8bdd47e5a7d7de85183ffaa

SHA1
30c99dad9f2b6335f09cac1550ba32ff7aa277c8

SHA256
9273f8c6e5b2bc19005eb50268894320d73e93322eefef02637a56607358efa5

SHA512
5fc1736c13fb4b168ed4d90fa4ad1d1383e7381fbfc5e7b6556b52e68fd65260d55b3a03daf8560c0ce555b5e9a97f19e5e07aaefc2134505bf333416bd62d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8cb8242b360d12a8_0

Filesize
254B

MD5
ea4354de6206b5c397c98ce461012b64

SHA1
220f2f7809dba680efb75a83ef8445fa4244c48d

SHA256
9e43d154f55129a942fc0c2783ad886137c20106fd1609922313be39262887e4

SHA512
bfd690a0ee2de23e063732c5ca690e072b891c731f8f5bfe0b7343d0538652257f61153b6de56106a990d5d3d745d4cb7087ba3a06372d765480998580595956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9152ee72e6c1133f_0

Filesize
28KB

MD5
57d2375ed161b547ac72768e8f75208c

SHA1
59e8ba037c91b0ced6f3e52729e2f4de640680f3

SHA256
1bf9d7a100f8d2e5f307ea0e67dacdfa1696aa51f9b92cc9a98cd57bbeb93c23

SHA512
808802c4b0db340662ada57d5c50585156d6f92fd3bd50da1ffd3d97e65f05a627b8927e4cdc4852842ff8c8f79e4d261f41ee83c98ad99e201d9644493c7a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\946393e6b9283d8c_0

Filesize
383KB

MD5
fabb12fb3579bd0f70fba4d9d250bcf7

SHA1
df2b6d144642cc931f039700586553cfb269ba4a

SHA256
9a8b0bf6c60b84a10689c3c7c03d7ac39443bf04998741b8c0fe2b12e566b4ef

SHA512
4700a3a2893232f696aebf8c66effd378f0dd29246c8df1b12e8499bdb05894e4725d6913fa3bc04ea71e72b05b369ca00afc45dceca006f3e59efc344f29deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9cd5adb84570ad93_0

Filesize
304B

MD5
8e2f0af8f6a65f760b1a791bccc98aeb

SHA1
80d618248871d4d85fb7db2fead3b932ba06a4ee

SHA256
934a49644e9d6c7bfe3d78641d818c0f9b3b6069bcfe162002636c839a87991c

SHA512
5870f527e2a9d94601dfed65383a323de075b27614ca11156ce0226343d6ab21ad8d0027e17bb4503429804fd3009d31fb51d518b88f4d1f3fee80d0f55dfb61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9011da2536c2610_0

Filesize
28KB

MD5
a65adb09553dbb435cedad40ef8172e9

SHA1
d85dafbdbc3897c525116b311c5edb3d2bb40dfd

SHA256
b97907f6d364ed22b002199b71cbbd0dc878b0faadcb8cc524b27b14bbceed1e

SHA512
13203f6c23097c08b2797bece893523c87048123e377f2e2903fc823235eb4ce290055cc0769a43e38c79f84074a653ea22f8773029cd1f1c2e5ec3863aef48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aef152a861a71c51_0

Filesize
19KB

MD5
e321163f85acff8494292c139e056bf0

SHA1
b64746a2cd564b73e42efa248c21acc0ea8e76e4

SHA256
e3017e6e13254da239b23e7272d49b6bf6d7f3d54f4486bccd1670a269cd5b78

SHA512
50efc1891948699f7feb0093f0b1676e9c7863091cad2b1402790409d88ac7019fa99c16441a44243a0c8a39140e1029ef1a66cd15f517a2219c709d6246d9c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b60f543fb4b5eab0_0

Filesize
269B

MD5
3d13457dd17044fc778f9c8cd99bbe27

SHA1
8c4a20a61bc7ec009cc30dd9df0d18432302429a

SHA256
9db19bd361e993f7019ec8a0deb90d9d62145d5ceea9dce30fce7a568f76fd26

SHA512
fb594aac1c05c65f67126cdb6733bcbdb9bdeee39234ef8f6658c24a96aa5e5bf9b9fcac3d32a86beb5c1c1b442f48f438accea565c4cde5b35867478db0b011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b834c0c60f64321e_0

Filesize
245B

MD5
3d4c9e2c69b728e9726882e0d2bf06ca

SHA1
75f0cdbcef070062377e623893d552dfbf3d63fa

SHA256
52f47999506e096743b49cea6227ef7eead185bc706e5ef430277f3671d76f46

SHA512
f04ea59258a5b844b9cdceb5c44cef3273e519e9ec8165c0f9439bb0ce9e55a99fc8c88e49d77c28f820b9f9df9226e803dde99deec870dc3328bb4633f0b980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b834c0c60f64321e_0

Filesize
33KB

MD5
57c6e43694e833d462ac076b6c9a1a68

SHA1
8e438e6f5aa780ffe3750e0476ba22fc7a8c141d

SHA256
532a01788c380a54404e3a2a8c801cbaa31fe0717da60b434fa805b7f4a44232

SHA512
784fdaca246536eda183b081ec09842622287089255151860643ebf10b0559406331d568d674fbe996ada4a6dbdfd25499db503480a17e0492800b75def596a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bafc0e3cc37c0323_0

Filesize
34KB

MD5
d08c216ebb8f4dd85c3316c656674361

SHA1
65f1dc043dfcb95dca03636c425bd01eba784c0b

SHA256
066dd1c4c934fdd80a0749bb8480cf6ebce214e01df03eb059dcd2a21b2456bc

SHA512
2bdd868e176bc190d34238bc8a56680305471154a2922e94e631d205f6173c958ac7cefc978c18d16bf051f93fe8642e1cf5be15aaa9d8140d8a9d7651232725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb35d9970e959973_0

Filesize
32KB

MD5
7223a5e6c91ffcbe877cb263924b0aef

SHA1
ecd4faf09e48afbbcf8c6c129e34ae470b5899ab

SHA256
1d7f4fd60f0ea61d8696d69479759df0077e90c495c5193a6014f296163542af

SHA512
841a472a65645ea9d595e33f07bf830e4533db76991fd29744c21eefcde1392ea939b76b6bb35ecf799ef410e08dda41b5cf3eac0fc5d797eab63015be7ffd79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df368a7f8fd56df6_0

Filesize
278B

MD5
0e55602b6419ca21954603c64a9536f1

SHA1
37b6b313f95ec07f2c2ee858261157c345dd8df1

SHA256
ce25c232dba0ac224bb9041a626bb8ea0086607c57b154a217c9d3b37d9418b7

SHA512
7daea8de3fd4342a35be933b4364411dc671996c2b7b52c6af062e7cdfde09d6330060eef358fe11be781968553c81a0b2944ccb4a88963f04c00c40c439fe92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
04b38ac8d82ea1908bc6846c3dc3dc9a

SHA1
8f2caa47a0138bcb24d0c57b133f63b815a3cbd0

SHA256
f8958e4dd7c6fa2f898cbc14480e15833c144a923e32e73c98a973ba6756ef03

SHA512
f99a7f658ebf56a3e4a2c0422ced78b9aefe9ead89c88c3f5001dbdbe6a96e756c546de1e6ae9a45db0d6386959cc9982a21d653b42abaf3da272d0231f2413a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
dcfff96824cb5341c93ec531f932eedc

SHA1
034c19362f0d5149531fa0fd5383dfdae5c2a3c8

SHA256
39767cb1087a8677c22ecebc6ac567246087a2ccb69b5ee3355861bdd9554a71

SHA512
ebedc4c70667995cba34219b010deacf5d15a1aeb031ee64cd3206c90c7f89ea1234ef8be4247ecb22d483d09adb23b32fa309fe9f6015d6365eab166f717492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
4c2b5634f4d1f65c1679d0ecdae7d9cc

SHA1
2bc46290951566b5a5077728de13f76724129afd

SHA256
e2b74d5f5de8998282da8033a312d4236e0399dd3205d9015b85ba388435f9b6

SHA512
6843483dca59c887c56e2ac6732bd5620619232167d9909641a4769b20230cf532750fe2a6eb11e9317f878c545a636a40d4ac03e820cdf7028b00bbe5c4222d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
38443aedaed0d474bfcf6f8a0787e582

SHA1
9f70e7d3c3e99434689fbf5dd42499886d7cb041

SHA256
98322b5fa9346cc895519f0dd8402d58cc983a6ff1d7d9ce5727493233099fe0

SHA512
954e5e6f07ac06b67c21c4a43f33e3d9364bbc28510e8016529e0951fd0d2376780c06788f8774e765b7f90075e196552f6614ef584292652f304e06d93f4ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11618d5f32329286f42e8f539fcb5317

SHA1
bcd5525c6049073424c1e90a37f5c7723c123d4c

SHA256
4cd41c4a589b8a520508dc80a19e2a3279903e2b2791974f50e99946d6018110

SHA512
024116624f129e86e28b299f0908f2966c4dd0b456a6c03cf7921d27b0a68d80fd7ee011c3a15e606ad4b98418008ca344714e4b45d905d97c2ed89b41c5421d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34a382f61364d6f037c09bb4c8e094a5

SHA1
42bc52d0f751988c54b0fd8f574078c8a09b0491

SHA256
6667d7a9e9a5f4d3f09bca90c6529062688e225337017f3ed2fb0a1850b9893a

SHA512
4d3aeccccfba7b82847f0bc210329642147de17b76ab453d97cb09792ab7a34e869170055079d2d7ec54f53eda152d07993ddda817e3e27a2fa65e00bea7aa8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3368580f13ef9a1e945eb7374244c16c

SHA1
6c8f0cd7550a0325351140b59ba99513c4e0eddf

SHA256
bb78fb386830ca4fc1e1e7e72642b7bc2d3463e1e71ada069231a1e44e00cb93

SHA512
013f38bd28a0b0ab1e15773c6f9d1420788a3a3d43c251421e6e627136c8d33866e907863e7c506ff0007d1c80e8b69c7bd0895a868e29b732317d7431775102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
4d7c7a7954818bac5ccff9d6cc60a2d0

SHA1
488b6727de2e628021150905afed85b1453f7514

SHA256
1a6a8fa56bb6643512fb4631ce5e777c879487bee9a41713b63e34e52e9409b3

SHA512
5e45c1c6d651204b61562b3703e64df6706740dc09db602620f7c8239fee8295e47274b493eb6094fab636705341d5eedc428f791b097a9da0707319987cb447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
cfabcf984abcf190c24f9f766aac391e

SHA1
798072e3c65a50185e15366d4125ec26a7dc1b4b

SHA256
85172e59605b557f38d8e023955fcef702deecb586ca19862f0505401853b6cc

SHA512
26e80dba37cff8000674f7ee6825c97ac401670b580fd1bbc3a9a3a5e99d0d52d6220ffa759e9e2cd32396da735d79755497eb05c2809d67a1b0b762cfd0f6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
1b858fcb98504dc69682affce298bc6f

SHA1
9b0fe5b09a47cef03f522b886170abeda9798cb8

SHA256
b47106a99d64deae7492fa74cf6c109ba093a3ac4a710e4d7aad0cfa45b822d0

SHA512
c0a787a5f2f721673456efa8e82af46ff95d6751a9da700361fef19dc76f5e8646b991d1eea8227da43c8854eea36bca26d55310144a131381f3a7f5ad549e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b824e316df05507abd19aaeaf83177bc

SHA1
564b0609fb11f1c5c068827787346b598fd56522

SHA256
258f9c9648874aa5d064bb4c162dd22e21a536c414eab8d1c0d4bd2907e71df0

SHA512
8833e86409bfd53394058b3cd9cec35d09093577a7df4d1a3a095fbc48f9580cd667726cce6a8e4a955fe550a6cde0e17dc3b67fa0b87c144beec3db184ba982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
c16e87e82d8f3172d95c43dab279e3ed

SHA1
01abfddc01c9e8b887a8413150fb2e264e8ba7ef

SHA256
e4ad9894e9c426b0f340f28692fa37eb5edb99d5c713b30a044149dff868f025

SHA512
487e14f5d887a2970738c56d3b052b90a0cf3cabbf0b56b92dd26a81a873ec6f5079eee1a1640fad8d8755f4e7b6caafac5541e6d2ffeb6fd2d683fbf5402b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
768f8b415c48fe2a470a502206cb067c

SHA1
f628a23e6fb4ca75b6389bc997932f65311f3719

SHA256
4f09a52ec1f765f6bd554af9683bf1c4cdf1a86d724f02d9a688722ca32c0d17

SHA512
5790c9fd9277b644ced37a74d663ee880af917255fe54b985732b7431285a015dc5d2d611989fe00731a48dfdb42ab8370c3d26ac13d11bc9918c40d18dc3275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a6a83.TMP

Filesize
48B

MD5
6f626b1553540451960180ba95c29c86

SHA1
f8f743d53ef6d8f258394fe72d62c41161c2e9b9

SHA256
053b3e45cfde444a6d39a7ae37648c002e0e4db8338e84209a99afa2a7ee3b80

SHA512
b03127c7cb005d5b3af63c8361918ad85b3f9a627d4cef457e94480b1bc44c7422d5353017e4ba093ac26d7594d112a4ceffab6956e372305edf7d22bb4d4651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e911c12f4409fe6126b7cb9bd76a7a6a

SHA1
1bb2b419b43d58c07fa8999ff386951df9a4c2db

SHA256
e08705c05fd36b1145db206053a1f627c71f67f2d45256293799e0aeb0ee3e1f

SHA512
c45472d23cb5c85aa9dcc363dbfb697fb9e50facf5fc016963d46a4c2f8b0c3529b3bdeec51d41bca3b1329a7fc67bb5169eba6d8a487148bf0f8d162df80e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e8837f91a9256774fd1813e0c2377a3b

SHA1
66377215dbd99edc7e234682a0ff63a2cf564dec

SHA256
72d4f516c62e1c7ee7134fba1d6bbdb22e3d5cd2bf0add8b040bbbfb88b9277f

SHA512
501c5cf22cf341d5efb41aaaf11dc844aca106a6025be0325008dcb6d77d306f02068fa51723073e38a14d409337bef1922e923cb6a7a2aee0d93c6f665a9822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bcc9b683586f635441ebb9f41f410b94

SHA1
772e7aa779352c89c46a676ec00180ebfd0a387f

SHA256
1385f9437d2452fe294e5035d3070d11ebd8a5afbd17b50f4692f93d7a88beb1

SHA512
7fd5109761045ab7f5c3b6b75ba5a15f91274216bd72c5100509e5bae168059d4676e9007cec9326d5d96dc96893bca541d5c8c1274306e62b3f0803f5c10a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
55b509213a6795256cb7d61e37e44a78

SHA1
30c25ccd6c89f859079c31cc8cafb304547e0cd4

SHA256
ef90331a3c295c297b5ab618913711cc288541ad7a31612a772a66e5951904f3

SHA512
15a8242b2db52765dda11ced679f55863dfa7632fab136d8a1d50a2fe5118a07376821257cbfa522ed388daa84852331cb41188e40ebd826c1e4378c57e8e1e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4d10239a748e2cf0838bc7944ceea5bb

SHA1
00318b8d96fe3f319882014b2fb876c45c27a74f

SHA256
504e6360e74482d00381efd79d28d5d09a1fb16192506ff3bbc1917eea5158d4

SHA512
9f2111e61493aaa68a85c353540a3eeac211c69d49ddf78dc81908a91933285174e326b318d7822520ee6bbf02ab46c6f2b969798b4efa45f8f4980dccff40b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
32a91c220e63b29284a51ca38cd2830a

SHA1
933a9e54ed571c7c2a55f22e9fc2fb0dd457c757

SHA256
a015ab4ce7e709da72a3a1bb36dea2fa270896e8f426d033949c2b7853ce06f5

SHA512
986802e92f926c9b4a327fc5095b6dff70b122cb08f9a6d17a3514e7796445d9cc5052b1fd8e2889d93023e1ebc34305c1679e5c5c1972525b7ba57b50202cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
65af56ff41f7cc2f0b764d8fbbb0d443

SHA1
42ac7c845abbb55a5cc1e59455ca7a2ec894ba33

SHA256
815bbff3af0385b4c1b9ac62a8d7b58c306a4e23e0a503bd5c9ee6ce493ccf26

SHA512
62d0bd6a2dcb1e6f01cc75e48e55d03419599c1bf8fac27852aaaaa6f97a3349887f50a53eec9f4e5c02c47ae9c4283546f5a315753e308afd8b4e850989e460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
eac5df8dc7b776f5d525532923e36dd0

SHA1
21fc571864d0847f805e42edf888af4fab137937

SHA256
1a86132408e9960e167bdac2535c485debf9a27fb1ee9480109d11070a711fec

SHA512
ea1ca715a14fc82e4dbab928c08a9cc3ff6e1161195e234dc75d50fcf1711c4c9bcf89c8ae6962a353dd5be09b96fe9c8c3927bae9fdb7f24ecb17c7f82a06b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b8b2ccd42745df925becafd227b4230b

SHA1
138d08537feeedb13905a4b71559224af20905e1

SHA256
f691cc9e7deaeb255e7da844430adb2afd438b00b0d48f1fe3fc856ade96b68d

SHA512
87e970f6b66ca4cbc08c00758651d553f64e5c8a268ec0227810f407de627a819d302f36e397de7b9497c7d60163b44f2f7dc49417d9867b66659b24ad106ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2cab1c02e981cdce2156b529d9975fe

SHA1
8fa8faaeeab2a69d8586d2a36d73d4680967a772

SHA256
05ac72e5c0b556862b97c6554646c276b127f625ccd3156a127b180b8b8cd2e2

SHA512
f2943927b8f30f9be6b873205eb1998db8c6df0316ba77ce9beceace9a682c9e3fa5009fc67e2e667954b15df54b8ad12e5ad4f400f08481a60112a3cf30abbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dd7359c5e209c8f4f7707c305838e3f2

SHA1
f85c71a9fd370901e444d485dc7ea947210d4997

SHA256
280c8381dcee6e91aed72c60e7e69be18a02363d26c781b525bfb8fa9f9ac1e1

SHA512
d34a99a3a9b1b2d2339b54a34eb44b4a38aef1b7272e472516cfb9567c1588ed050c0a5c90fe19dd0fd82c838de76c6328e1d23c8fba364a44b6dbee3af0156a

Download Submit
C:\Users\Admin\Downloads\FkJhmPF7POxEztXHAOSNhECDB5Ka3JORl1zl6tA5g==

Filesize
1KB

MD5
385899cb0db6d3aa2d1e796a1e8bf38d

SHA1
a64ec84453e0e144aec793e135ae23db3bc2e304

SHA256
8098ff371430ae8cbe1d106ca9a57d346a7e0a6fb647a43a86ce95bf6babe06b

SHA512
c5f9313c5162085fa231a10fb0044469fbc16b14c0d68d3b30d10d071c50f51f958b23c174c316ad26b9b7c7a87562838c974f3857e97e167685247bd2018716

Download Submit