hxxps://tria[.]ge/dashboard

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/08/2024, 18:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://tria.ge/dashboard

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation	cmd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3864	msedge.exe
3864	msedge.exe
2680	msedge.exe
2680	msedge.exe
1844	msedge.exe
1844	msedge.exe
5296	msedge.exe
5296	msedge.exe
5648	msedge.exe
5648	msedge.exe
6708	identity_helper.exe
6708	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe
1844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 4640	3864	msedge.exe	85
PID 3864 wrote to memory of 4640	3864	msedge.exe	85
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3992	3864	msedge.exe	86
PID 3864 wrote to memory of 3852	3864	msedge.exe	87
PID 3864 wrote to memory of 3852	3864	msedge.exe	87
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88
PID 3864 wrote to memory of 4952	3864	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/dashboard
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16590631385947574885,12535345699421632742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:2680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\New Text Document.cmd" "
1⤵
- Checks computer location settings
PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13022571160769709325,14358667559947182674,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
    3⤵
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,13022571160769709325,14358667559947182674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0xdc,0xe0,0xd4,0x104,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
    3⤵
    PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
    3⤵
    PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:3340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:6036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
    3⤵
    PID:6152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
    3⤵
    PID:6208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
    3⤵
    PID:6300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
    3⤵
    PID:6932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
    3⤵
    PID:6960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
    3⤵
    PID:5700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
    3⤵
    PID:6448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:6468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:6712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
    3⤵
    PID:6800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    PID:5916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:5928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
    3⤵
    PID:2644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:5596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
    3⤵
    PID:6240
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
    3⤵
    PID:6440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:6648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
    3⤵
    PID:6704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,114455194107058245,12830604137078642669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
    3⤵
    PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,3724938733698911383,4653945479175327514,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
    3⤵
    PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:2388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15085782056730790409,18312737741403981013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:5148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15085782056730790409,18312737741403981013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xf8,0x104,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x90,0xd8,0x100,0xe4,0x104,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718
    3⤵
    PID:6804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c83bd8bfd8a93b345b233869487f6235

SHA1
93910985089238154af89a54ca7072efa36bc27e

SHA256
57ba395df242e63875a39b296d1637054b7629c0687c0b6ec1f99e0944834500

SHA512
fcb2dd757e25159a3d217289be66e7fbcde6b08364a4e906c2a9946f224a7bb32cbe8673dde55ce2ae3ff13e7ed1429ea70abeb26acaead660f06b57b0b3bf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8fd247b241aab984bbf7ad44abef4fe9

SHA1
653a0985cbd517273d33f836e66fd475f3f51c38

SHA256
1b897c5cff5f1a088f059676d3d029f247a01818c7ddf1c29056d078bf63726c

SHA512
d51a2eb4251b9bcd881d514ccf7d4df13c99948e0f3ec8a3375b8a4c27f225e4165fb219340fedc6dafd79024f74400f9407d8fd6200e40877caee6fc8803488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7ca595e6-de4f-4467-8285-7c64132c5c96.tmp

Filesize
6KB

MD5
867c2747b00a697c436ac59cb09f50e7

SHA1
2321ef33f54c67b94b9e1494a1076fcccd083871

SHA256
a1ceb14ff365dfae370167823c3b19ea7f26404390fa7d4a7fd63e540214a755

SHA512
b8f285e6f7dfc48feab221d165bb82f69bfc8c183ac0dbcba12e0394a9246ee709c30862cee9322f3ffd677dd09ab69c54cc514dda002fec6a6fc6c07e20d90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
2ed385d9e8bb35c4b7814cad6c71e7da

SHA1
b1364146c417bc5cb4d6d2e955d8f33179d612c3

SHA256
135e4ea9265f5940fc29babc1057dda3e4991c58e33ca2fb112f4c603d325c2f

SHA512
d0a9742ad80f24fa9993af4cdc1c3ca050fe2d8d10e1f558466e500ab7897d29f8c597544e7f6110fb7d56ade7c5624c5354b638a329d91351026f94d9767c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
b87e67185c5854d0ee019d7e76195ba1

SHA1
0afdf563a52c9f3787a462843f105a683161b1c0

SHA256
522805e0defa50eb222fd223908e5131aacfd25119583c4b7404fb79fada54ef

SHA512
c1446c34a1bd76113b5fecf044aa7ca4b1d0cff907a06ce2b2f4ac8f59acdefa3bed59bb93952e9d7d2e23afef001aac7dc07590b9533ea1aae9d17db7d49cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
faa94c8c0d1868f01c68b80b2a7d5e34

SHA1
e836ae828b95c11effbd14508a410cb4c8f6faa7

SHA256
806e9df50b4f52aeaf9e3392c7c75eef2c11477be7592f85efba774bf57eee82

SHA512
3e59692dd565c4f1ab38afab548ecd84cb7146d8b74de9b32067dc7d9515b05de7b4bf409d8d0420edf30409f77434a4b71ff5305632a41703e0ca885711a1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6559bd808e627786fa9b43066facd5f6

SHA1
44c6f9540d8f9bcc408fe277906f612c8f98bdb6

SHA256
613f7a774fb64960d3ac6759c250d77aa29f21b2d0b181f5994a5871439a2f0a

SHA512
57b1ac5497a623ca109250278cae9fa5758c86f9d02f42980e55a2f752b8901efb6f1a375a96f350df78d52eac8cd2d1f381a9847faed481a412af072b6f3e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9d47e5eafb6c25e2443a9964701ede88

SHA1
526a66013e05724aa41c20c2bb6ea33485852015

SHA256
4bee7eb22c69fc7a8b10005b4a33f667eb2fb09032d94c81cda19685036e834b

SHA512
03401db66bc9812c01d51d1468f2faf5fd06d0d4e522a22b7b06ed04f3d25332bb5ced77fb6eca420a7c1450f6997865470670e683ce366e6ab630513aa4abb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
5c4940466bec4f8b4be25a53b6ec073f

SHA1
c0470f77bcb78e91ef5cbcb165aabab9445f7b2b

SHA256
a212112f451fbdd7e6cd4a9dce216bbbef0502224074165e6f9e49ddb05fde20

SHA512
873204fa78e55684e9e6ebbd00495ddffc9c166afda446aa30ce2091646861c77cd6ccb1ed79dff1f5534bca08501db53cd5af2ebd8f4202a4b5df355384e1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5fa9cd2ecada1443d345b5b4d94a09d1

SHA1
c62d4a79a79fc0cf828c06ee2d3898d2bd592ff8

SHA256
0ea42fb53992a2a76f336fec0d351e1f4f26d511a6e597a3d95642f5c3f0a122

SHA512
a776d3da46908e52f4ca012ee866827f9d67c5588817e79ec2b75c0fa9546cbaa89b82210be93da4f5e0535210c5799f9ba8ee939eecf64109023b1941d1df3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
617B

MD5
811dc68ab9f012e61a78068091a2d9b7

SHA1
7ba0cc359b1f296c8c54d3503383222e14a7eb0d

SHA256
d126de0c7ce7fde992dfd9631577a418ff29738c224953e2c248815b016fc1fa

SHA512
886e931a775c9bc8719618160851ea597bbd75ad673dd495012389deeded33f758dd1db5b795753d48f4249ee8ceb1421b993cb1dafac03882e445aa7a802a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
cb00f26bedf7519f198f7a070e91ff5c

SHA1
d74d5d4f262d8886761e1100ea3fe80bbb40b9d3

SHA256
b83923a93e54c2b2343fcf3f7236e8ca6c1d197921cc6b2e4ab5fb209b0c95c7

SHA512
54f547b2de871be0986ec3c42e98033b067217e9b22d32b54ac193a0d91f2860274121f6a3a37c8ba1c9de714671112fc89a93e0e1a07446e4283c99129d45ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
684B

MD5
de519409126a673c287aef3f20854b34

SHA1
6d51d1f1f05995f3085b79b8bda14262b9b72a4c

SHA256
afeaaa4aff361077abe876b29fcaba91e24b4f38496112da6f639865055e569f

SHA512
20ed5b2eca6aa82b81cce257a94ae0df6728207c5116d478b3f5d196beedfade0871b78f01e20485e9872969740015091986871f5d504a67fb60fe34cf1dc81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a86eb9c1285dce1ec34e45af135fc454

SHA1
70942c418d254727cc7881207be95100e27dd9c9

SHA256
1d98895c3c2e0a5a5c877f312e1748dd73d645546d9b40cfa703a13375e897eb

SHA512
28433075c94f2eedc64105333f54760d5c35a24c167abed3c1157217cc46ab6392360393cd71d5854cd4be952ff96e0cc712ad7c65b788db5cece0ee5a546ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ebb884634dc861da028575f845d12f6d

SHA1
d826daa99fb9bf84804298a0aeccfa5e890ec6bc

SHA256
023e0bdf8aaaf58d5cf904fcd2aecc09b13ac86630cc41bb84abd1ee9eb9a706

SHA512
d9eeebfbb93d2486a3dcc32b84973c00c6af79ad1719c77783fd55fd6110cb4917bb355d6caeda54543a8c7a9bd6f7b7a044981d8625046197e61da98ee572d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a4d8ad4eb55d610039caf5565b8d22e

SHA1
de1438a1ab2a47d6aa4851eee1836de83eb129e1

SHA256
a7e60f62de502ddd44d99dbcc49ae1e382c2a48dea998793b7fb501992f19bb2

SHA512
9f09ed6ad6d8b57fb34652ad258d3dacd582d3cd5c45ee723bc8ef4d56a2362ffb0ce342a90f129e21b0a9f48ea0e1d83ac8c397475e9ce2b150dd30531c6eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dab06e140690575378ec9fa5ad4cc752

SHA1
d2f23a0c5c26b03096547efc71d3395b9b1063e7

SHA256
352c8c3d46285bcfb586bfed70bb11ae6edd9a9e247249987c01bd51dc452690

SHA512
5ee3ce50207030f5593025b1753e9a707d5a56f21168761c2ecd5cc2e979b406ae812f4db2b77ba69031a710fed85722a4412ec008f7b88c8a4325070a9a45a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
9e83cf26792dfba602b320adcacae677

SHA1
d85b78ecb6dfb91d4bc27137d3ca088474eec27e

SHA256
0ff965ebd183e5c1a14af5d7f2065a1a3a3cf3b53bc2570b20f089d2db27bb38

SHA512
88ff1797350e173ce45dec4923bdba064e9e0b7cad5ab50ec547a9d43d0a97d4c909d66c0763f2d766320dcf0ca42cf9d3e3afcf8799358b34065ef0318b995a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368132738345770

Filesize
1KB

MD5
1f368f0a3dd23cbf5252b4f703bdb8a5

SHA1
451e58374dd0e75b78826e369d9f985200ee789d

SHA256
126fe1c3e1d3c836604b8a9ff9734ce751caf43284fdfe3c2207bf2b82bc9049

SHA512
4dc7712351ccd9c4bd8b0efdf6a36a96bc473a3082fb56ec19e4b62ada9e9c0052452abc7f4dafb9c430371c385adeabcedc9a9232dde16bb43d2f8e580a1783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b274b0bd240d627b728a8836bbc78fea

SHA1
f7137361278ae4826c7b3481281a6350d4678907

SHA256
49d72758c5372c107f19097c546f354d55ec89c5a4d65c43e5da878cec4e7ad6

SHA512
cdccc6ea7b7dfd8d20b27dca49f18ca456c7b1d8fa83613005544db1f8d57b68acc6f8001e52eb9db7215d23ee08fc92deb3336e5a4a9b2a7d48f8a9c8d459d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
8cdc1894eaee5d7fd37f55231f046655

SHA1
a7400e8e442b4959cb3ce96ac86ef8d2dc02f742

SHA256
f51c4853cbe84e6cc1726e3d604d25c72838e850839a1635ad47612539fbec4c

SHA512
07d4d8f51de9c3cdc6dd64a32f86185e6bc83278e9c1469a7d4a2a41c32ae2ef37c61e473f8fb1e7ceb974978858239bbb1f3e27c4284eec3ebe11f03b5cf393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fefaf6798c6d3c43328aecce38e10487

SHA1
d3589e985c2d7b88fbe5aef6fcc5b3f96f97823b

SHA256
9a7dc43ad573487aa78ad529113ca0a4d2be02485402cff17a3ecf80d949ac9c

SHA512
c4aaef11c1a6da42da6c4ac3fe48f3028a69589a48c6872d5c40d83aad02057917927d867c0a956e8f9d1f74188b2596bb81721dfcb35f37f4a38f6995ee2d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
144KB

MD5
9ddbb8a11ef7f94412b38454f3099d67

SHA1
6fd26d4211426e9d360e49b2b7aa1dc92abc4b25

SHA256
27aa645ac7e3ea74adf8314d0e1ca2e9ae29116eb2c6a703b696fa2acb5c7850

SHA512
02b5afdd8efd1bcd0b5a5fc7cd2ec2429bac8e2a5b0b196478ea960305fb458f25912ee1f98938abe3a1169bb47e9635f544a9b41c1e01f687e3bb9fb205fd8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
baf9065e0d7ba23bdfd04b3b32150f02

SHA1
ed24d16c3f90b69d26ac897c8a3ab430e90cdac2

SHA256
eb4101eced11e4c4357db33cd62eacf6d96236aea379a9b4f8ef54c8a0004f3e

SHA512
e1431ac6f4a822eaf8ac848c7fae73b54d57cc4f740e87ddb259123e6dd62afb92e44c7be89b56a22c82df85a6723b68617f2fab5cde7aeeeb40e0d7b64f51eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
c1acb4b402bbc199624bf7c430d68186

SHA1
d99fc5a9e5a92b5122bfd7b529bd9b0404c64238

SHA256
2bdb7fde82e7a8742996d5b836a3e4f9e0fa14c8b29aa6a4934475efa188e928

SHA512
63dfc42c98ee3926460f23aceb3beeb3e46205d39b1e5b81dbbe922e91c54c966aa46161452e954e24554af7aea5f90152c96f139601060edd8ea29c99a83e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
b6900d1fec59a736691eb4f3ce2b7f36

SHA1
7accef52773b019fc4a3e38ebb3fae46b6b06f7b

SHA256
4b963da051c46e5bc14cbcba64c24f7d1e65ee8e1308de6badf28b0e82a7df99

SHA512
864cf50ccdd341d03d326777ce81391f139c87fb9e84930f3aa144192243951f8a97e67c07d52729ffb8fa5c0fe426d2cc6e27645df7f1ddd2bc6d497e05efa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dcbe38b13fc00e56d7a009695e85129c

SHA1
0195ee3814524ca95fc56650ecfb7b7c6f48e449

SHA256
dadbb5c7105f0ba369060c424c59bf57b451b9e4db8ca5b361c593de28c3d7fa

SHA512
88b82c69686e107e892313b0ca7d5b5b0a7c6b04fbe8956ca721720e2f7b56674fe7c0dc0192fe2510cefd124b91250d0f1d1bee8c71567fefc43ba6966232c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
be0055e70882c2a0e5fee0afdba6c32e

SHA1
a7d42a08539cca97006550bb86c2cfabff8504f3

SHA256
17892f7bedafd3294f725cd346ad354d266f9ee26b9bc0d6c5535e3d27af70b9

SHA512
e811c00b9160ee330bf381942489dc63a1c746606716c2581cd6146541d374ed4f970c5ddca7e7267ffd30893a23ab3a61010f03e5c179aae2249b064542e622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a1db76370e17a197fb47382a2aa4058

SHA1
821417ddf02cc6c8ebee9f42ed3f4f0899a37eed

SHA256
b91ba644ff3a08d5e902ee4893382cc68be883560895f7989800c8cdba94eda2

SHA512
10e2b0a3fd156c0307be620e07e3980fb30e948a8df859eefdafb68ab73a197e4e0cbba45789f36987368eb9e28079f80fdb530727f633939fa669d7ae490e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8a267ac2139aafb3579a010defd11ed6

SHA1
53023ee3bedd0b52e76eb344e4de657e5ddf3879

SHA256
454c7c11f2599701fd82940ed31c391517b6ce5791776f5790161f3cefae4fb3

SHA512
644b9c83903614f01e47fee54c9a3d5d2f39dacbdd710131254bb20438dda9cd648c1529f267ae6be4c85727c43fb4c9c3cb7243201d2e3b8d39168d371f8431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
5af4219bb2787c0b9cc22771b2db6643

SHA1
e834acb8103ca68c996af0f8dd0de48ffbcca52f

SHA256
d12dbcf30565c8b58bb9ecb301b528830838bdeac03d3073d2779ba0ee6709d3

SHA512
51ef44a4a5ea9a1b6c39f78506c9ed3d774202ceeca7f6414a6d41b16edd148ff4aec81c904060a1af003a96d63f5198e3c5bb3dc0c695bc3dde87733a115214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
081d4b740f7d449446353d393e985a06

SHA1
fdfc0008338fe21e98ae605d6b0af0f7aecb826c

SHA256
f83d53081d7821cdb0c75485d4f441e3e8f2b21fde24a1d1c11bf792d2ab21e2

SHA512
12235a8e752a78aa87f2667f07c0077929b6b5a69beb3825b3d605c6fe3f854fd4fc39cbaaa5af84f968563711a5b4c589b35a6f9983bd6f06a89608aed74f32

Download Submit
C:\Users\Admin\Desktop\New Text Document.cmd

Filesize
266B

MD5
26cf125d1f9f9a99da8598fde4e415d1

SHA1
0f37d1e34ca2c82c8517749578cbd4cd29b1551c

SHA256
e7d79c3d87225f06f8dba05fd884b4b3a9e9d432e78efb6049882cc2939ed382

SHA512
f73cd8f6a7c25d595db82c3c27af7613e7fa6ea7f751bb8c89133896507f115f503990d201e1d05ccfab56ac5189a144e98684685b3cee3d0c854a1b194f8784

Download Submit