de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2

Analysis

max time kernel
234s
max time network
238s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

d21bf3852bb27fb6f5459d2cf2bcd51c
SHA1

e59309bbe58c9584517e4bb50ff499dffb29d7b0
SHA256

de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2
SHA512

17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1
SSDEEP

49152:FMofPlPU+QG/rOVcVz6StQyfvE0Z3R0nxiIq2dsTDwfw1Y:FMslc+QGjuTKtQRq261Y

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MBSetup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{54274C83-AB89-42BD-851A-9415182922A0}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{BB4122A1-3834-4A89-A6A0-1ADC623BB769}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1444	MBSetup.exe
1444	MBSetup.exe
3000	msedge.exe
3000	msedge.exe
2256	msedge.exe
2256	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
5048	msedge.exe
5048	msedge.exe
1836	chrome.exe
1836	chrome.exe
4528	msedge.exe
4528	msedge.exe
2808	msedge.exe
2808	msedge.exe
2888	identity_helper.exe
2888	identity_helper.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe
Token: SeShutdownPrivilege	1836	chrome.exe
Token: SeCreatePagefilePrivilege	1836	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1444	MBSetup.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
2256	msedge.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
1836	chrome.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2748	2256	msedge.exe	88
PID 2256 wrote to memory of 2748	2256	msedge.exe	88
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 4800	2256	msedge.exe	89
PID 2256 wrote to memory of 3000	2256	msedge.exe	90
PID 2256 wrote to memory of 3000	2256	msedge.exe	90
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91
PID 2256 wrote to memory of 3676	2256	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8122f46f8,0x7ff8122f4708,0x7ff8122f4718
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3908 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,4490541616748810207,13006495074259312193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x520
1⤵
PID:796

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\DisableRepair.vbe"
1⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff81576cc40,0x7ff81576cc4c,0x7ff81576cc58
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:2224
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ff677ea4698,0x7ff677ea46a4,0x7ff677ea46b0
    3⤵
    - Drops file in Program Files directory
    PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4840,i,1985524116568377304,5223793995972240515,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1900

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xe4,0xd8,0x108,0x7ff8122f46f8,0x7ff8122f4708,0x7ff8122f4718
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3800 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6180025536946374905,16453971567673301283,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aa368d95f37f572fc16c8229154aa297

SHA1
2c38e28cc2a97d748a11c0400923270d71d5bd03

SHA256
565162bfdfcfa6b7b7e18c1317cbd037056f297ec7e5d6611e26c6e3c67dcce3

SHA512
22017d0b11fd4c58ac8e0651feeb772e102608a9470e21c0c9fabf31a4733ca093dcfb00413b3584289cd197200b044b83bee4704f11d3f56368f49ecf1faa2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
330e005d5153e18eec533d204691c93f

SHA1
c941070c86420dfca7a12e8667cdc2dd22c06f89

SHA256
4c11c6bddb9c3f25122778d777e0d7a5ac61769ee0cb0dc16731a678f1f6dcd2

SHA512
415892f3cc548fa1493efeb5d3bbaa6ab966191a149ebf81c83a92a69a492d568733cca0b65f22de1431d8ad8413596fa5e2fe9bc1c16b32136c81d7465002d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4bf1f71a15007b13a0da9ccd7cf1930d

SHA1
8c2b9edd0071052ce65c8bb852837ff3f3c92e4d

SHA256
05ea96288c81a1ac1d4ebe9acf8552a9804250b730d7fdbc3b1bf154ee68ff22

SHA512
49604ebec37a559c7b539c8a785d669cece82559972c109e462a61ba1edfde13d8e0329bb6aa56d036d5198c0c6b3d892bac8698eb1d4d8899e1f8bc01478a82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
2718d47ae7ad5edf9138f222a56c136b

SHA1
3861f8750c745118ddf3e188f7b235d5b70f73c3

SHA256
00e98b4c9f6c8b3bef3909277bdd0372254d881c8e6a304c145cb0787eaaffeb

SHA512
c42f35f37f6220b2020df9f844f3dbb698b660f43592d6818d7eb41c1f44b6cfc75318913cd087da539f5d1f2441df5c7fc4f54d2e8f906be0becd38d3ff3d67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e69f3c5c9ef9e9cee50cc84fcf32068a

SHA1
16668ad2b4e14ee9e38bff7f0344b89f5af46192

SHA256
3304c15e1993472c0048f6bd594083d57670b4a1eee676a35aa3bc703899b55a

SHA512
bd6097e2fec43dc4ed50bb8d6e298b0f113aa8c144b8ce83f66da1d765221d6a093e7f1be5867a073ff29c99a9cad5d33652223dae102422716c54d6dc0bbb71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
461ff0325ca29a8f746dc08701bd6a7c

SHA1
432cbcd7f67b0ada4e5635deec180003efa65f87

SHA256
7e185a48d5d61ca3e055d6a8b732c7f576a56e37da78da2c5ab4016b80da9c5d

SHA512
1d6292042c2a028b0cc52986411a614122025945828a83371f151ea8ca57c059ce785ba644ca2731823f7b9e174f291aa8869a501d62b2e1f0a3aa73a432f9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9dac3812b08de08050429ee818696181

SHA1
c3a28b8ec565d1717deaf5757a4b3b683f2ef29d

SHA256
ce954e1572d28d6f07c7a0149778597db15f0de4075b6ff07ee781784643e666

SHA512
a1ce75cfcec077bc91da0426e8f26b0ee39c425449e870e038dcfa22c443846ecd028c8c86e94ab35ad394a4eb4dd9dc397b48a9c717fa96e949222d3518f14b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7f7e322bb7e0a93ee3cb6725f79c628e

SHA1
031abffd220c3b13263db33b39eeb049633835e1

SHA256
ea5deb43f2dce9a1d798580e39c1489475a84361e1703ed5648a181ecd52fa7d

SHA512
cbd5454ed5f583833bb3c6bee0f0e7d8e154c96c122c8439aed4b763a79e46101ad753a97e126a60f943d9ed6ad01bdb391ff1e4ecf3dbb789022ad9adce385c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
16cddd454d2be19711d0d690d17bc79f

SHA1
514ee474234ed08846d82bb8efafa9fa8ce1df86

SHA256
8e548a3ef261b9d60cb72b0a4a66b8b4ca9603348ae6659af2b3830d0f507383

SHA512
2289b72fe5f4cc42b443e3ea6aa1d61f52a63b9acec39666766c7b840342d57361302c26aa6626d9eaf474df0bc28fb0e9592cf62a59e2e450814fa8f982f006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
d978b41e86916a3bd65797e13f9f9f48

SHA1
f69f8e85b6d2f4690b9849d966d393c38aa6b484

SHA256
056ca4ec6b6d45e2de8f6327c0dfebb4a296806c72b76186d6e4568521796f08

SHA512
bed573d3bdaed34c38d48e29afe0f7ca0e681302076aa23cfa8d84fc68a825a55121b7a8aa626d35bbaa8d1284d80a9013cdc40220522cc9f7578d572f20610a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1745ae7b28d12eb2c8d3f7fa31514b6d

SHA1
a70c4b3aa1faa6a837a5c09d5dabeb2abc936450

SHA256
4cad9d2f81ed40982d6c3e85f884c18b2b9dc6c02d1b36e36c9f465ece0ab93f

SHA512
495d6f7b4272f0f9ec8ac7d1cac90829bcda3a3286af0d90ff5a00282c24353679d4d114578dbed6ca9289a4f328bc0bc5f706816853eefdbc620f9928ffc3ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
96b7939a308700485de0c6f85eaf6215

SHA1
062e2623a9cb08b3e4a42961ce6e75171975c9e3

SHA256
32a67ec6588ff5ce8c4f60ca0333b96545a57e92bb90630609874daa1f2074c6

SHA512
2a9a51caddfb03394bd6e55e0cb43d2a755b6eb51bc88ea79760f7876add7c44799ef7a308e2b27240d4dfe5f80c23b63e39c4f637d1243c9a4e8e035940dbc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
99fba7aae75e6ea2c2a807b60f519383

SHA1
ba0e39a25313cc5756c3f499321b461c6709779a

SHA256
fa8e3620ff5e6bd9d9024b846f02dbf81ddec664c241c2692f04e32336ecff6f

SHA512
174d107a8b0934f52604390eec0307ec529e1c0d9da5f77f634c1d2d13ed8fe0cd3e824ea3e3acd2ecd67adb7549802f84afaca0903023079b87c31b0ac49d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e407669689e2c8dcb453481d0da84087

SHA1
bc3c052ac683dbe0ffbb0692d26be759b1860c13

SHA256
8ab89b69bad715331272c49504fafcaf23c64e946a8b70cade5582c2fa79d2ac

SHA512
a5a97c5870f69a46db117c97183a30537578b4d43ada3ff7a3655758400f39d1cf5bb61ab2c5608b9bf7513f731e21ab40253266dc5289a6ce44394d97040fad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
6aebd59730f99205704dc3198a1b6852

SHA1
12defa0dc90385bf114a0db64a7c0ebc02be695c

SHA256
3fa65b0f65481bd13cdb1ebdc06cbccf4159f557931550ccfdcaa66086cc5d35

SHA512
195a99e63750bd747ee568cb2565fe9592fb7ff32e18a5babb3bd64e46d4601b5bb91ae0e44b74526b5f61ce107d102772a08d3c021f1c0d7e14de7bb9ec628f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
6e3f184bec873ff0d49acf74a12cb30f

SHA1
cfed11307a7de323369924f91168617a87af7e5d

SHA256
abacc6ffb9b02a207f3c5128aa7ddb8a5ebac55f3bf1040775b197dcb589df10

SHA512
6c056743be20f5209cb07328d53ce603261d8442a9ea56d05c7476b95d6eebe332d0ef72c008d8cfcba992bc26d31abbff5b6a5a23d28baecb3369c4087df1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
761af2358bf4aa0caf4c4e3340d90c1c

SHA1
c2aeae68404b6df3fc63e029f3a88d4e06dff318

SHA256
2ca968055af82e96141c50ce94082d84619f5ef011bbf13b98e984cce6ddb52c

SHA512
924155eecd97aee756c18b19aab3c3d614745924d8ae2827a4923cc9c3d37cf6a572e5cdeb3d37b7f7fbbcdd366864b9562980656bdf6a67f592826f76411d22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e93b635e4a90cd7f35ecc583d630a87

SHA1
377557f42040c5911ea2af188b51ec6f15628899

SHA256
0cc51ef2b5c655f07ebf1a1da26928d3453fb5a446ee5c6881024238357c4b21

SHA512
17b8b1ad65258981990fe94a8a06d155720ad8469ecd6d7afa5fd8f483003a481d0990b8d1409e6a060ad5b96480dfbb38fc30a60944984b771b4f9caa525e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbacc918c3f6a279222ef1327e1e45c1

SHA1
d379ebd1ff0d6acabb49c1f027a3b1e2dab2175d

SHA256
d680c52a925154944b9d3b5bdadb5e1ba8badbc8e66796da08d7572a4583335c

SHA512
c76fde9686bb4cf15c5fdb714ce261b13e40a23ab05673971ae414ee6effd6d593ca914e46953fff40a82dac43456093d8f7e36bb56efeacb5c7027d8bb5ee22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\05c0f923-19f0-4bb9-92f4-ce6db504ab17.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4aadf138-d617-42f8-a2ae-9c6e3566a5ba.tmp

Filesize
8KB

MD5
7ed57a5d7700637922806318196751ae

SHA1
02f52b6e78c44d3157c61e88358d01fa5a9bcecd

SHA256
bb848e6c0fbfae579db9e6cb5c1810f451152cf709cb4b6c1705b50873b235c4

SHA512
e704f4b6279aaf9d44ae3b4785769dc45efada12dcfca7b84546d10269aa7483611cf7df3afce51d99249b94121e9e2148bcd01e2a800a76635b9bd592485c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
ed3c7f5755bf251bd20441f4dc65f5bf

SHA1
3919a57831d103837e0cc158182ac10b903942c5

SHA256
55cbb893756192704a23a400bf8f874e29c0feee435f8831af9cbe975d0ef85d

SHA512
c79460ded439678b6ebf2def675cbc5f15068b9ea4b19263439c3cca4fa1083dc278149cde85f551cd2ffc2c77fd1dc193200c683fc1c3cdac254e533df84f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
93eeea702a80c096950e60b99b74b8a4

SHA1
cc5facf47047c7aac51bdfa9db1339891957e8c7

SHA256
98fa60f3d0aa0668eb3bd9f56657d4d016913f2194b0e2077810f4c906a77854

SHA512
c4ceb5227cada0067261eb6adcda1a0cebe46e1184884a03bc8061f0d947fa8f3751ac3709080934e79ef2b0b76aa417f5e0df40ce8cbaa9c1b4153c3b83734f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ba7c48a6cc4a042efd28d126471799ae

SHA1
4f0aca45f1beca583b0b7e19bad82c22e4092f9d

SHA256
86f0e6c3f23e327b8acad0648bc35e5c2b49de7006894134c11bbf89ae22b40d

SHA512
c91fea37fd7324d0ca5cdb719553582f2cdfa1c45a8363b2f3ff071eb171f43d0448169beb8fbbaa35eda7f0fc513de2fcafda8bd630f1745ee6b7371221626a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
fa7ee37a7ca97b315f32a9f2f13e4c49

SHA1
575ee1b6923fe8c4a4a9422205310795452f9c3e

SHA256
610e37093f736f2abd1e09decb278552b6bab5cc9db0f8e24ad7142a3972e7d5

SHA512
69da40fdd3ded0a2fd23d7bf6f8f6bfa984b24d1f48836fb2bbc4f2ee00e4025505ecf271727b948724737bd46cb100b5aac2e2ed1b0f4ac1dc30828908172ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
62d143f4a1586ab68c15140b332ad512

SHA1
35c9bd67c31b9e47f1764bf1383df50d5dc1e03a

SHA256
ab4f44676e122f44cddd71b25b331085238b91de3a7c17ef8ee4549830dc3d03

SHA512
8623b74a67cc5a0a5a1fd70cfc82ad6024bdfc57791624d61739855457daa59250021170698799012e5ad24cc68b8a937c84e7d2433c56f0ac47ca3405566fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
84fac635f5e686322c8085cd3fd430dd

SHA1
1f73e16e1246ae875f4efd03f316cbdd757cba92

SHA256
528f0a9ad85bf13ea4f7123148460b009cd147750de9166b0148a08bbeee13e3

SHA512
00a3ef6272c723d17e589fcbcfc21e8944ad5988d05cae0322c85afff9589117836f2afac2ef6eb3cd41592e74207bcb9920c5f83e81955afbd0527bd17df537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
6825e551220befb440cf5879ce40b14c

SHA1
1a6205d47036332e23ba8e96b15427306dfaac4e

SHA256
687ba0d2e241376acf9802db9a839a5edd77c65e87fac9e05e9facd7f5331a89

SHA512
0ce359ca19e06294af798a3c146c260f2f4bedac2294237c1b91ec1697d84bac1231ffd7fe84e3230003add4bcef6559e6bd0168e26a466822d3242a47c63040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
625B

MD5
a818e0942024e92c65d0f15534909fec

SHA1
c8fa0fca386bbb928974343cf7bda468129d7974

SHA256
68f6783011c01741f9c0e2aff30cd077ccd1ce9e2f761e61be41d883fd10b69a

SHA512
8be20649456f51b8058d03e14300d6e14d824541dce9d5c9cda3cce484bb3fecbca0cdc9f02f3c5c751304b7825af664619adf224cfbd9e20c170f157dfeaa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
4bc8094569c32ba0d87f698a22a6774a

SHA1
50352a3e0ee03c7f0079759cbb737f354f4efb5f

SHA256
4b769bac56fb39d843479eafc5260394c233398f4ddb92404789d2b27064c209

SHA512
131d7f83f4cc86c838f509b990cf2dbc44e5edc7023d73a2f0fa9b0ecf9e2c2d2ad833e8073aa0a8f5fbb0eda0e2c532605be0316989c04c4f10218a3cea0fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d4fb6b40c9279b683118b29fab51275c

SHA1
f4016977bd95354599254e0f26a6e4a50cff255d

SHA256
5eb3f54e2224988b779b6956717d9f43b464928e79d9745e17e2dfac3075f12a

SHA512
39f551a1db49738fc6a9049a42c703e9869029c57acaf7dd69e26e5fd3318b29a04daaf98e304b9212aabac813825ab3aa7c0b23c60a6d159ba3a7f60751768a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2982494e79db79ead03cbd0950c65c9

SHA1
5013c519ccab64f73889658f9c5266ae04b7499f

SHA256
9fffdceb0879ead789ceefed6392259ae4d6ec8310fa40ca4a21d1994fc40b9b

SHA512
c77e0915d07f797a33704a346e91d0879dbdb2ae0ba8d47069d107adfb7a44f4f43995ff987e221ec637ac5f0db20ffa7e21db8acaf52334edb83755c791adad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9c56636d4e6ea853a8584af6cf7c35a5

SHA1
6c10c53955a80bfb616a2973d1b25e99185fbd63

SHA256
dc7d323bfe42958cc1df740109009dd303587d4b546eb41dbc41c2240e720ccd

SHA512
d40bc10eacfa7681ede5b55debc09c6254c4e2acf7a232d1c27aebbbb482cd9522e059a08171d0f8067ef1c1895dab1af5b75a3a8d1c09e79ea6af7a2597deea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bc7da4c57649cec3f08c422d1e80aeff

SHA1
4fd826459dff2de899738448ad7f5a8e29bcae3b

SHA256
0242e939d14b5bc92dabca4a728a881cfa44ab179450106acea1dc7ca32979b3

SHA512
d6aa470b19106829378189cd83c3a5b92283b3d7c2e9c318ca2500e1996eb0786953d61d2b5e62866319707b5b236e6b9f3acc44457d3ccee9402800b364140c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cfced500fb3b79cdf2a57eaf415bbf6d

SHA1
72259767cb437d5a8f8e325504034e59849843ba

SHA256
86b3796fd165858915e8000ac9a24a5cddc429622c1a194a6f0190a8c2e3dc26

SHA512
f5095803d5b67c294c3a1e24cc78edf37cee5c2c854d43821e538ca5a464594269e4545337e92c1413821687f3121018becae619e8fb81114ba7971c63681349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3a1001478fc376e5e63904be74d2f3cc

SHA1
8f697f50dbed0902f09f42bb07952e5c0fe8f955

SHA256
23a5e2c3bafe51d76ed38979b54d8a7ce5a57b7f96d0baa5aa3a2f58071f9543

SHA512
16549e726361a3d1f1eb8a1af7847b39bd53f81d4f855719734f7cabc91629b188526916f9198866a1df208347635ab9f9d8c2029a6f9bd0762e4b702a3bd169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5caf76bbb8ae08ef58de29103a982d7d

SHA1
75133cfec9402cec3f7763ec1208ff8751cf2989

SHA256
6ddfd51e44f86198b8104bb74c4d068ab01c06f35ebb5aa4ef38c098451b6c3f

SHA512
3613d1b4a9dc1a8693ed32d0f15591e0c9a21370f5376578ed5f9595da4cf561b2037f21efecb2c7a4938f8aaf4f5b6a2e642afd9d19ec9db42621c7905a8674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7b175abf311af891f5c0c7c8ba458640

SHA1
83e0f448716046359e01a1b0bdae70ea2249372c

SHA256
0a45dbd0e2a973bed9762b33061dcbd90c0b5faf7656824999019a984246a7c0

SHA512
64c144084429047bf70a4df2c867db2c128ae06675f62223d93db74e63001f2be41e688031b3130e0eef3f5b855c32bcdfe658b1e1484482a29edac303f6416a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
659fd50b30aeba8f58686c7531912f55

SHA1
0504a9a4b5f2877949733a78b274fd66ba291c56

SHA256
6a24e6ae461b33921d14fbe723c32f1befedcde06233b74e6ad8db7ade7b2afe

SHA512
c1184877f95735a0189724ae8c71b38279793a366f7c1ba4a240b4afd54ec12423af26f1549abcd111ef5451f9114bd50eb59754b3ea974415af3549a7018644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
739e17cf591192325cba1148cae21aff

SHA1
18390e7c5051d342081e17e48d4172f2c7eb5aa0

SHA256
c611139d945a69308b39bb728c5adb5f66096a0776867e91b40027ed4c49b1d2

SHA512
1dc612fb002d6e0dfadf164fcd5cc23a1c7d5594e97f961b001f4e3ee437894f8e874211c5d3e0dcbef933990587ce91bcd3cc3fdad3497fe3533c12e328c290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367128819276754

Filesize
65KB

MD5
0f32f9cb49ff4a9ca1ae239ab30298da

SHA1
97d00a3e88d5711c9ced899501bfeb5a3c4f32ed

SHA256
30480f4e882747d3ca9650f50f0a76ffc5edc307517ba94adfab5d5f4478fe91

SHA512
82dde3774916f999786492a0bdb7cb4398034a7a4a147f65d225949f990557a68e034b3fde3200519a3c61b8f29a50131a27d4d48908795d747dee16f155bf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
532B

MD5
ed14539be6773205e927b7fd1f3304f3

SHA1
637de64ff18776b40f34130f1422fbe3323a62a0

SHA256
02b2b91e066541b7bdadad1e117e64e15b85d1c4bafa70ba0b2569a1a9a98c11

SHA512
35f8e95d56f18c3b8e7a5fb89526573cf9ca244608658cacb001ec04b25fbe1a7240e7d9180013325c7f9633640a438cd64120d947d32a943285b116651b7147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3c3e5776a07dce042be884b99368e59e

SHA1
c07e48134f25d57f7cec5e3e28014103ef7e2fd5

SHA256
d853ae694664e972fece274f55091dd3b855aee08b1a2ce8f8fb97d43532d5d5

SHA512
536f3f4ba80ba2de422a7c56e296cd5e8461b5aaeebf1b5e7e9d6af1f4b03834f77b9f66eaf5b80ad6fdb9e6cc02bd709d4ad25cf649460975d0957169cf1c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6e828a1f9d9de6077c70bb51cc5cc97e

SHA1
04199cad676fad30f1592a94d73a223d761c90f1

SHA256
3ea19c2d8a504d86265481d2275138dda71095f19981f8ddbaebed500710d2b9

SHA512
3e5b7feee0a1f9f2ecb2b54b0da22d3177e9e811bad6a8f15df2d0745067e90587ddb0c28ed57d7f561bf1f445abbb524ab872f4c2e9b1faf034a8cae7700910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c14c6a0de1d43d70411e32a55caf74a8

SHA1
1e5059ce6c0c4bffc5c0b6f6ad9d2f5e70dcb1ba

SHA256
97ad65ca405252a8e162714697ec8ead2e4428db1ce448ea278a0519482d21ef

SHA512
fb6f3f80d79b4f0dfc497eef5472c9e24b7620e4e02fca1e618120223f321c5ba3d890eafb34901855f8c8f7534fa7c25028e7c7be428797fc5d3bd04052bb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c05daf92c3fa7dc30fb686c50728f9f3

SHA1
f002ff89b311defc874da99eee3c44be02e07198

SHA256
76d69a62c2bf232fa6d3cd9ad5235971306a28538989e5e1d6f3463d6d93087c

SHA512
d0f698dded0df550ac761b6d194aeb722999f50bfb67f5dea350e12dc472139b3f5321dd1d4b2ebca82c9977c91994388802b5f710a3167a6fe540dc53507f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f2ce8182a66b2af1f69e98847e93d7a

SHA1
a02a60726b98cd75619108f2344d724e825f9e5c

SHA256
f32350206dc6f383044f7dad52c0ee219b48606b9eeea51524ea190c013f5dbe

SHA512
8c7b3758d7d50220ccfc0a8cbb9f165d74f6703557b5bbe051dcd2734af67ab7ff103777af0570ffba972499f779210482ef4c843695f8d4f8bf5a0e721e7f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
00c7cba815adef6b55fdafab774ebef0

SHA1
acde79db38014375fab2a499c7cd02564ac4b217

SHA256
cd4908616cc22654ad1413ff4bb61a00ba232753bbf7d03c1182a6204fd9814f

SHA512
92dab7bb74ae166b99aa06eba8e779b31f903aeb3ba078c7dfad7ef24be5d510392dcb374a9c16229d042968cd86b67ad94e15e000c38b60de5c87c930fd865a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cfda5c1b2b2f740cae1b203da38a31b3

SHA1
b97975e16df3f920bce7020597216fa8f59cfb00

SHA256
cf501c44b3bad2d7e4574f46720cf4a6f2f3d0f4cc9f3dc7728d04c78766fd6b

SHA512
3d7e7f622e8b6a28a1fa966ec8653f9de586267a5a08b2f53b207605b135c5bd499977bcb5a45cfccf759fc53a7d7d72080afad54542ab3bcf0566ccfdffeb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
4d7d2db17a837b9615a4b2aee521580e

SHA1
2ecf63a792d1e527c8a6e49210eec24e2b48d03d

SHA256
026ce9eb9b019332696f5fa5bd7fc5ad82f3218ae2638c0479242fddc9a33275

SHA512
791c913a5cabe57a09257dca91d09f5a229c30fa477baad94b5296b807d4cba3e9d36f9276accb4306bd00f9b2721078dd70b27906d60e5e808981b013b9848e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
679e2ab5f480969e32344b4947ff2258

SHA1
1a87d761e784ec5816d30bc6f0bb2e212a5f4c61

SHA256
ee82dd884dae6060335118cc2923411808e988969cb6fb37a51639130ff8f312

SHA512
5914bff34c6c9e633ef2644f281cd798d52f105795aedcf21f77a818365c469ba427799a3f7d80b5180982091f23ca10d537de8fbdbe1476282a31957e95d351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587923.TMP

Filesize
536B

MD5
5a7e516c20dba216c87a1511d35f8e97

SHA1
95317d24c3cea449c1d421d1a181ced2d93f2ee7

SHA256
a1aeb6b33fd69f1b8427dbe0c3580950319dd3def72b7d196b2cc24fbe06a95c

SHA512
109ce069fe9712cf0005531c37d745309b6f9d8b54318ff20b43415514bc948707934d58dde6869d9905b8142e8a67aad583f00f65cf07642fe3f61e35aa9127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1f663350ae1de64864c94a3487f4b1d4

SHA1
87188b8429b08d103b63ba95a6c32d7d3a0e5064

SHA256
c0ad457e9ebb581f1c057504805190ce89c1f0e924610166194e387c8e9f883a

SHA512
dea7edd4365a0447d472830ee4ee7e3162bb293c91890fd731bfee1e3ea10297c3cbf111923ab308387f88d9438ff5b83618becc9ae0b73ca12dba513a8cb232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
96f36de365243d19fd04571b55dfcea4

SHA1
a35321271311c7f805067466d655a2eaf1566400

SHA256
b71072ed0eb4d510d2f2c1f5969487e13e4bd99ad0ac2800d3b91fffb83bd4c0

SHA512
10629e815ae7bb76d103e9bd948b0982085463cb58709826824e68af915cce58dbc102f3255c5ba32855781f22d26e70870e5f7908bb373160854d787877d304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.0MB

MD5
fc74b2c80d9f1c15cdd6b17070da7702

SHA1
c1b027137f2df0d9f7f34b0ebb518267e946457b

SHA256
19bee9ce218c535b89f9c661f6369836c6bfd123a4c06876d55ebe1b12e82fa1

SHA512
49acec43b26be8194642143a65a05595800fb72828fa7bf4e2812c55b889c9816407019dd716aa56fb580d220951cd6fc29ceef0bcc46ad273043f04462d1d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c6f1028b089d5bff45300a448065b1f

SHA1
9984b90859e722840c7b3b5bea5f72f2c5c02f36

SHA256
adc88bfc5102947409fd7b096f41c5a73992f966a497fc52fd69cae8750a4add

SHA512
07cafd29ecf7683e6273e96b398a3bb306483c17aaf9464470de15de09cea6a64ecde1b4b505bbe9bae3e4837472d836cad588206158c887047ad5e1670dc205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50ad77b4d132b95bff56ce86f09ff415

SHA1
2640b252b18f9f206de1465b572d27d4f28c0063

SHA256
60251a5e49bf5f35770feb9ef4cff6ab1fc8195106049f4a3772d5f223c646b4

SHA512
115ef5d679d47f8ca68c8879f14fc2a0cacaf31f25582bdbafac28bcf13769e6ac5018ebe70779080db048f70cfed7806c051cc531c1f7b9530b1912e1eede59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1703a0dd6733003fc14cc8bb1939f642

SHA1
636fe78d68e5725abb0ff751ba004add66c8ee24

SHA256
9f05b239361e7caa5a638faaefcb892ac06501ab39e3796f0b2fbf12e3879c29

SHA512
e4744544e2095b01510222fff0f45f1f5171e9aec483bde341f0b4f3189b7623e163b02f933a637aa8a7e92e821df96c3e10613d1075587fd3cfc7d0507a87c5

Download Submit