7f945a0e46602ccd3a5c13416268d3ebfecd733a8e15b068dbbce4c2c8441985

Resubmissions

13-12-2024 17:02

241213-vkk5rawqhr 8

13-12-2024 16:57

241213-vgll4svmby 5

13-12-2024 16:55

241213-vfa4zsvlht 5

Analysis

max time kernel
694s
max time network
716s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-12-2024 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

267KB
MD5

2c7efdbcd898a5074f861127c98af124
SHA1

4e48d6098569572602e1c3dfc114092b8230c865
SHA256

7f945a0e46602ccd3a5c13416268d3ebfecd733a8e15b068dbbce4c2c8441985
SHA512

2c76c82b97c5c5db464ac19d1c7907f810464705cb6823484c27e4af8bd12120cc0ed0f581d9f48c50d79a4e3b035add2c51dc229b40264e3f9670f12b765299
SSDEEP

3072:tTW0Oi+0joZJ6IXn/loJzh4kgEJ6LFIsg1AwtN+Tl/js2:tTW0A0joZIIXuJzgEJMIBgs2

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
257	raw.githubusercontent.com
258	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	wwahost.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	wwahost.exe

Modifies registry class 50 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\MuiCache	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total\ = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "124"	wwahost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-493223053-2004649691-1575712786-1000\{E9E8AAB1-53F4-41D4-B120-24FCFD5F43F7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.live.com\ = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho = "0"	wwahost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\NumberOfSubdomai = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\Total = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	wwahost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperienceho	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\live.com\ = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\Total = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "124"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "124"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\ = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\live.com\NumberOfSubdomains = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\login.live.com\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\login.live.com	wwahost.exe

Suspicious behavior: EnumeratesProcesses 48 IoCs

pid	Process
1084	msedge.exe
1084	msedge.exe
3144	msedge.exe
3144	msedge.exe
2504	identity_helper.exe
2504	identity_helper.exe
4624	msedge.exe
4624	msedge.exe
6380	msedge.exe
6380	msedge.exe
3324	msedge.exe
3324	msedge.exe
6100	msedge.exe
6100	msedge.exe
5040	identity_helper.exe
5040	identity_helper.exe
2320	msedge.exe
2320	msedge.exe
5920	msedge.exe
5920	msedge.exe
7028	msedge.exe
7028	msedge.exe
6332	msedge.exe
6332	msedge.exe
5524	msedge.exe
5524	msedge.exe
2128	msedge.exe
2128	msedge.exe
7024	msedge.exe
7024	msedge.exe
4132	msedge.exe
4132	msedge.exe
5348	msedge.exe
5348	msedge.exe
1684	msedge.exe
1684	msedge.exe
5164	msedge.exe
5164	msedge.exe
4980	msedge.exe
4980	msedge.exe
1764	msedge.exe
1764	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5416	msedge.exe
5416	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4320	wwahost.exe
Token: SeDebugPrivilege	4320	wwahost.exe
Token: SeDebugPrivilege	4320	wwahost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe
4320	wwahost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 3760	3144	msedge.exe	84
PID 3144 wrote to memory of 3760	3144	msedge.exe	84
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 3188	3144	msedge.exe	85
PID 3144 wrote to memory of 1084	3144	msedge.exe	86
PID 3144 wrote to memory of 1084	3144	msedge.exe	86
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87
PID 3144 wrote to memory of 220	3144	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa907c46f8,0x7ffa907c4708,0x7ffa907c4718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,2687045507009922601,15282042367708764757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9944ceb7ha909h4284h91fdh5aee16834ed9
1⤵
PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa907c46f8,0x7ffa907c4708,0x7ffa907c4718
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,6824889282807227644,16088225764654174373,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,6824889282807227644,16088225764654174373,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,6824889282807227644,16088225764654174373,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2732

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicePickerUserSvc
1⤵
PID:6232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultee12a4f8hc3d1h4db7ha862hedb241ca9d07
1⤵
PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa907c46f8,0x7ffa907c4708,0x7ffa907c4718
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1085454289735537754,3163482706658242786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1085454289735537754,3163482706658242786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1085454289735537754,3163482706658242786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:6484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xe8,0x124,0x7ffa907c46f8,0x7ffa907c4708,0x7ffa907c4718
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:7120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:7028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3468 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:6900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:7132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3988 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17892461171978706740,4493635679251514814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:6476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b0 0x3d4
1⤵
PID:1956

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4320

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcbbf4e2fef25fee65008a76505d3087

SHA1
812c0f76f881ece87084ba8089d2af7932a6c119

SHA256
5f89e2800bd39c0b0f7d5472c194c8498beb6021231b94cf26a4bb46ac6e9074

SHA512
f228845a5670f4802fb405a6e0897664027c19ed7d7abac247ab6eccd8d53a91a23d5effe035fc093e497b2aee61f76152025c74343725f7af30ffe9971c403b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
959b67dfa04aec7b5ac4b964f887ef99

SHA1
528632a98013a4dcd58bb28ef7fd552346dd93f8

SHA256
836c9775d3ad18b09cbea8c168e52da6bd6b1cbe0590f6c6c600230838d58df4

SHA512
403236076a68ccc4bb59105296f87bc522abcfbb01d755803b2c45789d5b25c5ed194f89469a886b1cffc2b2315fcfcfc93a88f4bf8eb6532ded5b53f56bb114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a10285ec029c1c8a58001b76f713700d

SHA1
26bde014dba1d2f33ec8b7b08a11e3277daeb834

SHA256
d92af83492d965bd045370b3408a5dccf0e54220ebe80e1b8580e4dc9ee7d24f

SHA512
6aea58a93eaa138a240dfb9f1c57ae1d6998b8f84cbc0eee96b946e4ffe40e3c3a394aed77121272e20c4ee4a03f95f4fdc08804d9b48f69b15aa374f7b6a4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\441bddc2-4cca-4851-a851-31fcd8f02f42.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
bd76b7fc9002e68fa0dd1566e7c07c20

SHA1
ab990545761e9eabde938a801349c1f979f60a51

SHA256
042ace581ee5613c9ccb278592af51bf1175f73660eedb231da4824b30a24d3b

SHA512
7d5c3509d7ab43063776b5eafa8e0b562a3376422f938c737187c7e79885358f6795e183bde8304571b1acd5f1383712dc972dc5705b3078de57aaad7f2ad6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
24f810ea0048b6d5638d333e4f7522eb

SHA1
c4b2d88e1baaf553d5b08cb13c4c8cb7d160afa3

SHA256
8b9346ebc1566f4aefb2795f87b34fcf3460d34910b58a8832cf9d15a60e0519

SHA512
8e5de3d8acedf6845749ab03b6c1ee1fe5e22753fc1c7a14ee1ff62a7d166892eee521a843164dff51699682b7bc08c868ea4627c67efbb6a99414ce1b210e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
70KB

MD5
807dda2eb77b3df60f0d790fb1e4365e

SHA1
e313de651b857963c9ab70154b0074edb0335ef4

SHA256
75677b9722d58a0a288f7931cec8127fd786512bd49bfba9d7dcc0b8ef2780fc

SHA512
36578c5aedf03f9a622f3ff0fdc296aa1c2d3074aaea215749b04129e9193c4c941c8a07e2dbbf2f64314b59babb7e58dfced2286d157f240253641c018b8eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
188KB

MD5
c9a8373e051cc9e5c0963ef9e085373c

SHA1
fff3ab78bc4e9c3d104c500bdb25925446712276

SHA256
ec24fab95e8058d5e00bb267d52e6058c82f17e2ab9d333953e762e288ea71e5

SHA512
d2e0c9d6159ea3105be47dda6fe6c5bc693f17c045a194e6a718476c0a94c25fa41b7ac2fcacf425a4a52574c80b9f47e53eeb0e7234d62ff24b1a425e7b81da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
17KB

MD5
18a9531f05f4a3662558d102349767b1

SHA1
328114b78180b5931d651669bf0b21d3a5cf8adc

SHA256
2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716

SHA512
b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3640e559ab0feeb42daebc01d0da3900

SHA1
469a34f18e489b363f05091e3802181b43dfb114

SHA256
fedc8b246332567e20a79353ab93134c4fd436a5c8d6cd55355fde82e492272f

SHA512
0ac627cbd32c21fad5d26c2f09f5f35c7ca8cfda4f1618a2253bfdda34b74132caf9a07b7299064478186f2bb40a749051184d556cbb81f0891058cc8cfdf64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a93f7853a1ae1bc86fe03ffa6b20187

SHA1
7ecd30a4fbf2a2f028cdfaaa9d3a8f848cea43aa

SHA256
2bcb9326df147506780732e5a4b8a051d2db0a3e5f3101e640bcaade09dba08b

SHA512
356d0fb9565096eb0d48c34eac7dfe418ab8a5e82f3a128b79dc7a74350966b6747a2dd4988ba03c734f848f9b36d69d25f0ea1afafcaa5092c40c7e77bb6186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e39a7699642e0ddc7cac944a63a8e25a

SHA1
88ae8edc7d1674a32974f1b3945cc17c3f2fa4f7

SHA256
40e46a0710c4f13937353f8dade83a2109e83b14b7d426543a801a1eeabf6bee

SHA512
f2214e048867bdc92ccf98854d61e3394e2d9d3683741b9d061351bd058e42e04f2ed0a52ffb3e83bc55f7c2c4683e26807972ead2f1b6871dea310d6c227e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cf4d578368d1e204013a83afb263b7da

SHA1
fb7555784b1c36ddd4e679e9f18aa623430e193c

SHA256
5fed9a38ddfe7d8e1a52854e9da1d87ee074be47c5923772d94fccdadf6c2ebf

SHA512
760c8ec9a7a9d252f434ef19866e751a6066470ac03d790e1d0440d8560b1a08722b8cfa7dc9e3f532286fd26c7a15e1b00ffcdc78b790abd7e1231c5449020f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
fc8c06af9a6838ef83531afcb85d31c7

SHA1
32eb60fd56b71d7b25a4512d63f1e92291c874e2

SHA256
c1bb1d823fb9af7a5f3b83b1f6a98315c9e867cb2f08ea1fe1448e348b182667

SHA512
cc94145bcb96df29f213b94de5cfeb4d65086d1b12b71955fb294bcdb9fa8a220184fd154308b00d18a7fa7656f1dc698cc61478b3a35d7a7e0151b37e70d633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
efae4be9b297b444065c227820b24dd8

SHA1
01346894b13e8f9ec344fafb5b19133a80cc304e

SHA256
1684ea8dc05cc8f75a4ff9c7a600641064a3ecda65aa6cd33070b385f42a762a

SHA512
2478dcda3987386ec6d2c405e26ce30c35c3c97a439ab5913fffd812966c1c42835b3690db7fd6977b4709c5c671e769305c9c9c1bf5ad1bce29d94fe5951f61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
329d2774697b9c306bfdedec35ae09e8

SHA1
26e87dbcb74852a90be422e2025e111305ee5de9

SHA256
a151bc9602619c039090e5f05199224b7937defcc54e68d5d9a41379d9198917

SHA512
64415386c88bb390a511462dfedba26e0b8693766c4f61ba5b19319d896e25fd619d4b3f8196a73960707bb2728ae731e3e70df1dfbfd216d42c0977279924c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
586B

MD5
e99138ab679d59d249e399b257109049

SHA1
2afbc13bfe99e8b790c08654b1643427d948ac20

SHA256
2c1cbb7b5ff3e4691afba884d6176187900497047b131afb538fa7b354b5cda0

SHA512
f7c32cfaef9279b9139f5c86befec381758759a8a9bf0aabcee1a200ce9f7be48be1f8cc11622cbbfc16aa64b21edb24b03174520b676aa94fad10343134206b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
991c8d78b5a69493c64d92ae53a4549c

SHA1
76017d8ad0ba21d98eae9f1264ba0971d39b6539

SHA256
ea97fc9139284d1f5c6a3d717780900ccecfc5ab5db948a08f0747533e3056cd

SHA512
9bee3e0d0a6dfb8301b480ced4fb2a7316fccc00654e386112264ddb1f9a2bf9f20a443567c0330360ef65c45f7275f2a99e35a4d5daf0b75bee1349e1792193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
754762f11d63748c1c544e06a15aad52

SHA1
5e775341bb85ed851e7375bafd29058c5c1f1b58

SHA256
e03e833ad41312f569b982fe6aab761183bc8d86cbda795548be737e41772db1

SHA512
af760fcc87defb5d52fa842e75c5dd116d1214fac0e944f0d980c7c055bf5c23993e157a7401bdc0c68e1fc86cededc78cb19b790a3b03ea97f73d5b0bb6a428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9d6a3652bf8dfcaa4e94cdbbf6e74eb5

SHA1
9e9e116e546f53aab0a3cd32c9d40779b0cc7f48

SHA256
aebff460abb3e8aae0418978516d8f7aaa08c4e5a07e7d3592c7dfc04f17ff9d

SHA512
5174e2f6e71212c3744f8003a03eda98be824e20e504c88bb7abd975d156746d7aaac8c3f0c1d294137a004e1121a3bcdae54e44138b7998cdd40a155ebbc6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bf7248de34611725db94029ae713ce6c

SHA1
0093a080ffef20613de18ac9d0bf8a10002cd284

SHA256
58534ddd2816d56a29aa9a65d7075c7870960313c4193d54ab0dcd50b2a76249

SHA512
5e4e049ea3d92573e7d47689df3ed35483efec115954f567c466235e01869768df2f997a8771fc6fc121b5c3f24b0daa87b69ba9a8f19df2c9fb8c35afb7258e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1529045172e154961d3c80731c26949a

SHA1
c42f0674e071710f99d747df991db51fd79ac04e

SHA256
cd7553dba94f9b4d35492cccec14feb9e8c9822064cbd40ef85565ed2e272367

SHA512
ab78c74ff25876e129b75ca27f11baf117ef73cb9690d03246e4a0d4b66ab4e72c3b4ce297e3a4302a66d32609e71d592e3cc445969461db1a5442d0535798ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8281c48f3a127db9daac4626bc228747

SHA1
fa4cbee95234dc4e1af0971067b835320041ef5a

SHA256
0fddd5aa5878bf506cbd1b81cb1ffb0e1fcd4d3f0dea88ba941f5465dfb17fb0

SHA512
5972006dc0df5809913c84ced376a1131ac58fef0fa1469162a2941374b244b07f0c1237e64386b12757985abbfb0f95c3264f53a55ea959e879d3e6915f749d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e91885dca1a075a5c8c69f1190286c19

SHA1
08c98c6e94214613d34e00a8fa4be504af9aca08

SHA256
41d3c29ae6d12cce3c15ef2b52144358b4e71de889865986e5bd59221e604e96

SHA512
de6d6556f9e8425b5be055329bf75db12b4ae93079ff7fa70a14d6f1f1e373df3fc8d13429dd0d4b38140254407ed4b490017cd352f8c4340f9caf68cf9817d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
573c72c7b9caaaa7fd4d25db4d49c526

SHA1
51fcf13760bb65f7c9ae9d76ff31f4f345ed79d5

SHA256
bae9bae4bbde1c4520b28c102b943a84111087858c2bc7bb22e50e80305b638b

SHA512
0be2738688c694e66a115bedc0de949d0fe8bee76c12300b0c0bac0b2e7b2c44341d49f5c74a867284f318381c6c321569c3b0d020e2ae682c0d16a72d636c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1907978874baf3ca2da53253cca67bf4

SHA1
3059b2b37018ea3e3015a2726377c1d4f9b76de5

SHA256
f222406b2b9eafea62ad56748e4e596518e4b99c3c186b965224051427a0d810

SHA512
4e49a33db9fe101c673e4524d26155a9afe1c3dc7461214b679e874fcdda97e45115bc25f63958863d43fe4f0a882930651953932f1a8e4fc68e73ab4ea6970d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d6b36280a2d147fa19fdc85f9c6bd79

SHA1
af552ad2cb6c5c030665bd124bdf8eeefa44e77f

SHA256
76705b92bfe9d0d3fd3d10fa5a9de1ad703bbadba9f62848be6f2dda4ebe00d2

SHA512
4cce1995c9d306f66c72e63c12911a975ef463011483742574421f404830867104b130ecc3873e6deed2d36543f1c1e047519a6b83f05e668d68737e42990b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48e38f7b9113deb3059aca4d1ed49c21

SHA1
1ee27ee2b82e6a24cc2e05841a496bf28e0fcfac

SHA256
3d1a1b2e4580915a523ee5a8d5ae0c8d900858730b9ae2511e711ac0f46ad2bc

SHA512
d48bc61b13b13a3be49ed598b0840c64ec3c735a5da9f6e54858c105ab3c65f1719b55cfa3065d57619a1b81ac64e35a38024167ab58d80b691d4d70f1587b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
661360ee37f4f37a49faad554ce31831

SHA1
25a9960e68f7d0edc9a287892b46acdac57cef2d

SHA256
6108870fb6da6621f0bc4bd22bc6b7317d9fa2bb8b430b7eb61c1b7919fc2471

SHA512
6db871b1bc1fcbfb68104da9c69f7857ce235f43bb0baaa7652cc63f584987c33487107d3dbda16e6e4921d96092a82f06ddc189167de4872ea40faf13f19b39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21cb3cafc39ad328b22bdbb0e41b2a1c

SHA1
9d44b2e471ab753e1fc87b288b868ba32d6fd591

SHA256
291c44ee533cae35d949e75c7716e788369ec910152d741e103b0cd98d048121

SHA512
f004b6527c7176d45a9478a8c5162829d321a548ff491ca11092c0defd64edb88ca4390dc80f22a31e535a79ca7eac9bdcd656fb364bab97c02a64c6074766a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
970d5af783f64a8dfaba7ba6059bd7cf

SHA1
4ce18655f19e3ac363c47c0ce81e059a5606ecf3

SHA256
8d0a62c2998c73ace950a727c50d861c6f4904044fe28ad6d7eafb5ed0afe5d2

SHA512
fd6e52948f745f46d4e45776691c892c3acc2fab4dd7478390a81690b5784a963c507cb9a8699a4627ee2226c2083fa0eb99560371c39414f23ab6c7005df5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
45fcc8e573c06f6f03b721f1ba0053ec

SHA1
33cd7dabefbfbdb5b7b0a0d3f86ee788a8a4428f

SHA256
9f93358d14baab6b13748a59c20a70addc7a5d46ec94353f315d18a8e59a76f7

SHA512
179c60736806996f448ac5cbc806f5d964de042f3dd5de8c2f0418fe8286e27769c83c4e03164b968e7c72f3da9f65a690c9040a46546ce42d9b35b3edb04a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f905d6d6f4c245ff874ff356be543aa2

SHA1
f95830661aed4d5b7b3c0784c682f7209d44fc98

SHA256
a3470038fa624bb03d08d787e7e61e415f5ca76d9b48afc5f1cf4b049cd1c08d

SHA512
f8b10b62d054be3058ce7e9170524e0f357c6a79ce885f11ed2ea39cc7c2f957217816b0277678bfd1430ce122d69115f8ac4592db2859f949bcbb46aca1af11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7fecff873215fa367d1f77f966349c3a

SHA1
dde4c362a63cdb093599ccd3a35004339abeb94b

SHA256
d1e1f6f45586d733cc9b89d9ef4eb95670ebba7fc207f61e90cf8ddaad1fb472

SHA512
ae0afa4e464e831100f3b8bd4534461428648eb2d2e24c4dd2c90145594fa488f9ddc3500bc72aa4cf8f3212c64d1cba58fcc82ce0491df3adf5e85a42078e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
87db023f33d8a057cecdad5df60d0e8b

SHA1
995b40758d874ace7ff128b6911a671b68880f61

SHA256
87925e60a8f62c66e9a93b5a19ced881ffabaa5a870d9dc84333904619f0da4e

SHA512
797fe03b6bab06399d0b005b4ed5b74570b0c6c08e9e056eabba98aa5322b38c8ea1d5e1e81f9a30f72428c9a1562fefc5410715cb88d0523bd2c655727c8076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4aab655998dccfd4a66d4d4d23516229

SHA1
c53b54e414dda02f09ae7c5cc98bb3d4ec1823bc

SHA256
3715b0addb536b99d4e487e3e96108d1273685b432445a4bb838a86a46835ea0

SHA512
b0cca2338dc9c8da23f18e5442eeeee2d062078dc448f45c216afc562bf37eaf754c81da3449fc39a1095509551621d31493565b02db50c1beb2f8e2e0d72cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
264d779d1cdea99218f77418f3241c50

SHA1
44d52fca374af86a081dabfb719ae2c2f0c0477f

SHA256
afa543dd5ca8003a6a71b6c20c28b9cc2476326faf46618328ba4838839e9390

SHA512
967c03f7352f8ebc27a9c88fb202a3c2a2ab4927c3868568b1c32299ccf30aa5c58cf6c36b7afe6b25a1dfb2774000619d2a6f1eea57b98a044bf5aa7f7a80c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4ffe229f0ae870a217559c36ffa5737

SHA1
e2614dc498128540c7628c4f5fb2dfcaba05a40f

SHA256
90c813a50f089c7b84b11dc2a822be7451f0229560397c9156bf3a99cbae7422

SHA512
88a9af94ce80ade359f163ffda97e309e47d2625b2cbf57cff0375e285f8aa86a089e791a7ca89f9e9d0b0594f330e074a54f67e73fffa260bab61238f179826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d60c9811e825586ac070219f6f3eca0a

SHA1
b297c547f97b2f22c7dbb51cfd866b12ecedf707

SHA256
bcbd1967aabf618f85dbcdf6b5e62c26219214a112e4e3c0169846ab6a04b9fb

SHA512
d18b24d050ce934b920373a48b6682c89738f981c523751283770f3322128189cb373501a6d6b4d971234218989d5a5c995fc6b88ab052dd0bbb91df8271ae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
77e3e2503d81928dab500618de4d0ee6

SHA1
4cd16dac75a104f50c03d91c3ef54953392e3496

SHA256
cea47f9c666f7ac918799df1ea2bb28d4b0a296d0c13c81eac2dbbab2828896e

SHA512
c765b293a8b90eee8677f10af095e8ad78f870033af4a9ee5ba47eebb932932bf729777bbdeeb557f95a90b239d8a6600c51ac34ca0fea2679df0a15862742f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
69a8320e066ef6bf1263854cfcb4edd3

SHA1
7927e44ff9657fd6dc65a578a37f44783f0c9c43

SHA256
f401f7fd2de09704bc60c4aebf167ee9f474b5d650c1597abbcf5bb5034c0bbe

SHA512
f607c799be52364a01536c66f91262af7f61b64a65947b07decfdbf2808ceec1bb02ae0902711eeb8bf3b0142985786b0cfa7db9baa5eb14ea7f2387e6417579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75ea70837a1d5228207f1dbe08b73db5

SHA1
031b1c6637043646d49d53dee5ebfa38c65f2197

SHA256
5c57d880205edf14e125f7eb24b8fec4f58c84d4b74a4eccad09f590e198bcdb

SHA512
bb0bcb66b6dd80329d927bff6bfd3e0048387b60dc6c798dc6f83f4c0e6edb671b869b0532c727fe6943d773421717f11deacd59251a3d8d4f8275cc6dc8dd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c776a81fbcfd2c6039c02c9d47969df9

SHA1
1ef41f776919200bd9bdc0f0e4b7b0b9cba8282e

SHA256
199503ffbd416d3a10a6a9a4d3bc4bd0e84d247987d0e66a886e8aabd2d18793

SHA512
796748475ee095c6481b380f7f90adef793786e56d7cd001b99ae5e96ce1f44a159145d5036df5109cdd0aaf49609c44bc1ef0c9e1781427e75c27821f71017a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
758500af6757ab14ed93b4aa58d489d7

SHA1
dfda509ff0f82e71ae8c97680801f2bffa1c1856

SHA256
51bda136344ca2566d7d2eb84379986352f4f6d22d5acc94dd781708d35b3a72

SHA512
9cc3dd0e7903c53e93d427a330921f08f10e9f2dfb534af1d68d1807a67772bc73c34ac94e37adaa95eaa1c4de950d5ebd82ab523c68338b7655183f748ac3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13378582988518285

Filesize
1KB

MD5
b19665b00854e932e64c2448f8bba202

SHA1
98c4d4dd2b55fa77754083bc3f42f116b77f1327

SHA256
d9b6510b7b9d9525cc00aed7d0185fedd33db79d9b3a2607b3c3d48ea0eb0741

SHA512
baa444f982c5602239a1a11728bd20597257985ba805fda13b886086b486fa1dfe2555fb74c1b421b8fd7d11552109d8e6a83acc7492d737e17e931be0f75c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
65c11db7088e33f2103123e441e453bf

SHA1
0f6a9f2a9ffcdcb008d02d4cd593302ab08326c1

SHA256
f57458aa558f96d8463157d91c12eac0408e18c10087fe5456d4fe283785767f

SHA512
8caa7d4c24fc40c735e83148728af61406cb69250a3c9911e8a268ed535ba6aee6534db06620604a4f011bf6ebc464c73aea940202a2edda8dcc96a7c1539b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
13a49f5076aa88e83b5ba7606c569b98

SHA1
72d3f1f4064f57a7da9e31dd9306ded8c068ccd5

SHA256
6e4f2118e06666a16104477beabf3d3efe4a86946b47f99a6049a5fba2da95af

SHA512
080f72c54022f86c7aff268c1d6324e29c626b49ffa694c4a6dfb958db36e107374bac8bf11f0d9c9c1d5ef301f80fc728cf8826ee46dcd6f76b203a3a5bb15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
19eb679268f336f1116843b9cb718bf4

SHA1
e7d4c6c3736f8c3fd4f82b1f6d8fd7417c657ff5

SHA256
5c65af1ddd0399e8a752dcd47ac0e379d2a21f62ae76e844feaca7fad8039091

SHA512
4b96d64bc399e87ed7ee915cbb8972bbcc7b0abd619686324421faa7e3b737c7145b3b7c1f0578b21be940de9c308e72c2cec3339de96022a2bbf0bb157a716a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c0e2309b373b5dc0de7db97cabb8858b

SHA1
fb59c0eb487da26f591cffa31529d1f44ac79b5f

SHA256
5479d0826210b2a79fe3f3e018eed34c36219a97a6929bbe0b3a9dd1b4a27b86

SHA512
db574801d8d5cc15a18b260217c280f75b47a9b7d077f27a37a852177ff3f2de122f883f309384025f78df663421098e7afefe3167498d283f1406eea0e91413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
eea13295998f10039b2a4e949be38674

SHA1
ec123ddb4a561e77533a0b712d56265190e5e1ea

SHA256
d4208bb3b72af80c67df2451405c4e703d46edc4fbaf42a12987b56fe54ebf28

SHA512
77821cd7a564585de0febfe6d2cdf0e9250606f29ffc2112a627254338d6aa3630e4b940b8c900a2c999fa22df90adf79d52bf421611dea48ccba18eb229726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ebc299cc86525ba0bb464db32e8ad369

SHA1
5ee6ed07346eb57ce9bca47fc784bbccb122a41b

SHA256
a50ca13911b06c23c2719fc27fb5a5344bea93a13f9f41f3c5768ad95fbdd57e

SHA512
8c37a7af597c787b4b1cf6e311ab70bec6b510cc04b6b763787e3cba197193b8b93c8f545eda9b9914243b713face52ab477b02e473b764696d4535109da983c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
118db3e4f1880cc9a41a9ddef2f10276

SHA1
b0355aadcf3c3caaf00c403c8b5fc6bd194d25ca

SHA256
5e7eb79f97051e1af60178471dc00540ac1459e5ccd818d59598fe8c77509da5

SHA512
3947c6434b5b169e1f7f8a34f45e02889565b18f74cd1086b8ebdac19863109a2bb1f88c02093a804c35363d0f69b2df048ea743a96769e36a4a44586457a7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bb032e16250f782dfd9371ddc3be2f7a

SHA1
0f8f936551b295a1377cf70b069e35e483155c1b

SHA256
934e260637528e30f1293e5df112ebb5c7e8774394d7d2ae807c64a988bec57f

SHA512
258290eb455c367a9fd91c0937559ada7bedebd00ac4b2bb949be0500a09679e45263967a964b4388ef5e1b86a85cc09a622ca3fc5e879f0cd5e6d4ac9b0301c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6d3b06a9eae6001db4b627223a520c72

SHA1
d90e7753eea09994953b2d06faf87f6932d66b9f

SHA256
70929a1074256c09ceeef95c425e45935c1b75911dcc7236f72f19618b4383ce

SHA512
699fb36247efc698e0b8596e53c4f7cc59598a1c6d97550050f67b2f86663f95d6011275d3d998287e116f4e7cf7d07b0e4375f5c75f35149e73460bfd89a332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
78c78b0da10d5820600ca208c8fdf58c

SHA1
8fc089f3d96a39bc057411f3f0023107bc1e5d28

SHA256
1dd27335bcc39df60f767452ef6792a7b06d742871040a55829a1be34b1abd1a

SHA512
6f23816ae8634ba0dfaa21f1ebb4c77e4d1433d19d66b1396c221430040250912a1c86a7b4707b178c767c1f50745068141302f1998f356785390bc9b3bd92a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
459153a9e70d55c84ab8fcb8ddf57d3c

SHA1
f6395d77c07ac1743595a9fbfd12f60f14b0120f

SHA256
bc5324ec42edb4a7a78205baf8cbc88aa1844542c1d1cc90bb3421af0eb4ccf9

SHA512
bc4a87d26c2a641d69bf813a5282f98e8c51f5cce8250d2d40169c7843c828fde96c0e9db71cf9c295b8bb3fcfeb99a1109540659372c97eb643c69452c71f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71499f155f0ce7c0cfcd897743d4f90c

SHA1
d0eb847ada98d7a0910309f7aa7ab9d7e7b0d273

SHA256
9b3f569103ee459623624d89f1e12650db6a31edf33a0b285b6dd5790367f394

SHA512
f85af2cf7b78d98818d64559ad26d88bd80fb06bac127a6b1340f79dbd9add14006a2644d6bc80ab377eaf10c6b1cc6eb03144feb6ecd746981d5196c1f6bd3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ffff976aaa38ffee9865101b9692b7a2

SHA1
ee029ac5924b445b5b802ae684f4cb646e1cd9e8

SHA256
432e76ca4aec0315dd8dab1c0f96630995ddd141aea7f37a8857544e2854fd68

SHA512
5e01bb8e98f72ab881574506d3a39ec4e31b87cb5b4a4da6f30c1e92ed4ffef925ad1bfee3a4189d0140d65c8ff223890207ca7902558d0ae167831e829722f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bb6a47cc2d46a40661946ce6dccd76cb

SHA1
3685a4703e5a6f417fe3dcdc079c3e56ab973b19

SHA256
f116935485df1c61b20a5405d64b8b8af7e3a7077603a2b8388d140a8e714e8d

SHA512
1ee09330e0a495686a141c16b9e6259f4f16d4fca5115498f54ceccf248fda50db7f6f8d7b62bd2b5a7874a0254c250d65255811fb80e3f0fb4eb7d44bbd95f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
43d13b94b8eccf4a248adc50b9f308f0

SHA1
d7a64fea4cd69d40ab1887aa983da8d77115bd38

SHA256
c94b247ea968756dad71fe570c033ba6315085e71f6ad234b1c173d45b25bdd9

SHA512
7c4cc6d91790e1b052b11112dba78a2245c22fb4c32e8beccb4e1ba04508070c2d97a669782536600efea0da36d75bb538e9ba13b4693080a9acad161f8b9cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
82dcce2f2494581d6b301b36b3dfd413

SHA1
433e1a33280af2089088913efc212a560c2532c1

SHA256
adf47d0804d1e170cc07aaac8ea7858c165db2325de3b0340b573ebc00421112

SHA512
fa807efc4ca4ad4e011cb2e4a9320422df95e4d37c03a6a67b1d7f53efa815eeb122923c85e98f2fcc4ffdc5dcf71ac3879b72865876291430f3e4e9d97c114b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5af137.TMP

Filesize
538B

MD5
916ff3bc512547aecf03253e84ee41c5

SHA1
3bd6045684579a15187f6a57bf2dfb7b634ad05f

SHA256
9b715a9ef533981e88855f41e33f7b7c03929b8c61224b566e44f7386e31140c

SHA512
854be602a10ad1ff4a147356587a397349751270c66dbe4fc41eafa3180c316f859613859e5c78ac478f2e61afece084ba3d83652a3a66d5c16a4dca4fa68986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
213ae1fa3b4f8deeaff1f5d22d3a078a

SHA1
bbca38da488b1bf4a6d6cf472513357c45b07a7c

SHA256
116157c7fd38853b524a2084cb555f09c86fa35e0fca1095c6eee73146991e67

SHA512
bb23db6fce19402b2c2307c5adc335567e3d9efa22fa6dc3e5516ba046c34d9fffd7c2c859c8e6557d07796dc482086c4f78860078bb69137478b291873e40f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
128KB

MD5
d54b9821c359e2f38a15d4df64083662

SHA1
75d3a6b84b8f1d263ef975c90fc79b4e938e30de

SHA256
1df166bff6d8f1184df8ed9158a56d3b996883821db866b725aa0959217c8a7a

SHA512
eaa859f8269ba6761f6d44740e24eaaa2befe312e4fe1c67e3672f41592e338576e561be28c52342a8a9764275068d097ed5f8af23ff1df48adc3965ef0037d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
6ef9d6b1f2df6c13e9269869906bbde6

SHA1
fd94a22a1f3fa0a7977053af653ead411bc6ee49

SHA256
23f34fa8497935a61b02814d6dab886994c4b956c7a70207203c01fa4c70e507

SHA512
1238b8483e035150251285b3fa3e042cb6768d14fb3f484a87d37c8f62babec9165fe66460ddf5e7628add4e6ab3b73f758dc19b5495280be28f1f52cc6db3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8dc9dbda95c9f95189153b70ccd51c19

SHA1
61a9998f25c57feab632d5ec099e1296e0280a98

SHA256
df7fcc3dbcbb2cb46ee42fe40cf9b8be61d0954014d7e4d4cd3eeb8420a4d8b9

SHA512
a73f55a3e813e9fc42c1d00d8f0a610700ceb521c640adef33d5348ed40766761efedebb05d7fb2e141132c10359cb7c883905aa3868d1a087b08b3f15f74bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
634ed77af6f29e70ae761faae404b37a

SHA1
e79a0add80698d369fb81c6af4de81dc19f7f4d1

SHA256
ef54924589c79c7afe90d7be2cc151cf890017968731f292996708f3125f1850

SHA512
60be3658019f93fc33d58a66326937733405f23caad10eb36dc7b75d3c3ffea3833e1f97052d797a2b60deb0410c71869ba242e2420d0d773014f61aa46040cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
2095da76b81fcf28b91a9914baf85fb6

SHA1
79c3141872d6bfb6ac5b4f1d7a57d268c3e23bf1

SHA256
a267908a2172355ec3c62bf081b0016dd1a6301c14c379f43019303fd895e9fe

SHA512
cd91e9b5d5b4fec050ca0fdb9257db6c1ddcde5bca574b4d16a09784d7d7cda12dd86fb91abcf75d759e454b7d4bf3ae66cf919946c6294a5340c3fa128338f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
18013c42d8b8de1aba38828dccb120a7

SHA1
b627769c2a7096c003861768ca43092b0c00a11f

SHA256
3461d233134e13e4cbc981b2482adda8694904e222a92d039d3f0895e6ee3c98

SHA512
908f21078a5d1d65b5d8cf9b7c5b4fa47767af56cbd646ceb4fbaf5fbe963d6b5d9b92ebb4e71cc54c85681cda7d6f1143045e19d70808bab0dedd14b6065b79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d9e4c33a75f049b98fa34e7eda472a99

SHA1
e9daa5775c5b45819ffc497c12341e3697eab935

SHA256
0ef17383d71c524b016222e96b7cdc3665482b1fa52a95916a00d262ef4679b5

SHA512
e107a982b590372cef9a44cd9cecad6492959a62da96396ea20449a9d007fd5e81d728d7c858d90052b3bdf254093e0c7d4a37fe5f957e28c6d490501cac2fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
cc88c34daa249e0139381827a2f45f94

SHA1
7018fa4385ef9830085b3c92f2c924b045122b92

SHA256
f58d161ac2a5d534c15b172a7397120d8bd981669471f8ae325b026a579198b0

SHA512
2c6df7401986af782284808d20133aa5a5637b1740ee6bd616854cbecc9fb55d912e185e52a68a5c15eabe4c070862093bdeb17ef8290348250d964315116ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2405704f934352aad1145e612535c384

SHA1
39bbb50c92fca6f268aa3b8363a676a24d66c70c

SHA256
b05ee2899bd2fce0a793062dee5536c72077c3f8fde0b0d1cd6d92b2bdd8a5d5

SHA512
1372275d8d52aaf38a36ed953a056c72f2952ace018d9dac108a579b801c732f39da58ecc0b35d2c10bf6fce322a7bd92882b5c07ce661bbe306f1b9d8d48fc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1dfb6922c89d41acbe504bda629576c4

SHA1
5113bec1f161b967dcf255d13acdb8ec32661b1c

SHA256
9df84566a6de897fded178f04f087cacf13f5096a0618519d3c91d4146f99be0

SHA512
47e653d9d72ba0182ffc4521711e3f1585b52ab9f47b862fc77442920bb6c17f7b70ae8ef8b875df49833f742d103bba945abc7a5ffb7b60b2c110ecab573227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ea923b6e376bc8bb24cebce4b03ada3d

SHA1
69e2ef33ff295d4f3fe717262bc3ebdd829b362d

SHA256
0cd2c44e36d43af228cfb4ee49c425f9ea0855580fbbf277205faf39fbe76851

SHA512
6f786ca5f7eddf704bf5e6b0124583f06997f825cd94456edbb5d54b0f06bc2675da5e798b29bb8ea6c7b81f63260341e0cb583eaf4a57042d63b1ce3e5d6360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
246c0c14e3a0f3c1fceffda3a1568f65

SHA1
9e20f8b75107e3667b2c040d6b1af7427d43d440

SHA256
83aa04aca1ac6d927ab6751ae76559fea3be92f8cc4b4f856cf263f537eef171

SHA512
ed2bc31c2c843f6ee810edef0f57037c5976a17417577db5348eabd7d5431842bcb9419b1bc86cd3e1eed9058f6944d83701bdf97149eb3a37f6a62056241e18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3dc8dd6dea3cbb714fb1320af707c1c4

SHA1
ac9447f25c5167a4466ec362ed792b95ab31c7c9

SHA256
fca6795f62d7dfe386042f073bf13c1d5cfd23c9ab87f25949e81cc5f0b1b2a8

SHA512
54b32d891e514efbe692eb7f155379fc96630cf0b19735d39ea1ebedf45bedeb692a495c74e54fe9ad41fb7bfeeb77f078c6bf4598b4122849fc8abb9ca976f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6e9909488061217da2d592aa582014f6

SHA1
32f1fd48b1af1099532d540af527a60d251676e0

SHA256
da71e583074d9407963b081d63d0a52021c3d36e33fc79ae22a95b1ae85a6bf1

SHA512
a0e00db88bb3e9140a3dc0f6f3b0d36db730e821c78051bf9b4415948c37ab20f5169c5fc85608db0dfc76e7c41966836fb9497f332b09e30d2b290dc0fb4e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b5414321a35174cdd2fc3661493f7ebb

SHA1
1a193c6b3af58ff2f0ed357078d79585c58ab85f

SHA256
52ef48d924d3c59b59bf432de1d349228f2fc146f88d1b8db3f444faeb23d637

SHA512
ccb1b041957cb1fbf43e9e3635474eaaeec08e2d8d3b9d1901330d30d518770c89ddacad7ffc027502b2a68738fe1267fb4d029bf671b8be3e05975234c57640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
5fcb95589838ca2a7496f33fa1eb6efe

SHA1
a29463902a96852af5ab9ef3ae04e08e2c9ebb73

SHA256
9b192f04155690439464bdd52e092e5b618e0ce7a1c5f41a3f0a70c7e9a3d0b5

SHA512
242ae60fc20b95b619de27ac0a9071f947c7fb670a2c6f9c476ca06f2022385c86b639bc1b7ddf781584743576778abe6ad860ae6729f2369f803e622db8b094

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\RI5ULUZK\login.live[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json

Filesize
136B

MD5
9c1e824ef8695a1abc67f5d0a95778c0

SHA1
ec43ba5ce45d92453320bd6d14d96a866ed4c0e9

SHA256
0e9674b55a602a97e8ed235ec72e98e5d816ac014684d179a1fc0b9959345d97

SHA512
55e92e224e5d357e4c1dfcd34ee8b7e1d160f8edfce2f3bd156a240f4cc8c73b3329497d8199fabf2a81d8d04be5f49687224b498c57cb115231b47c81d65d15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/4320-656-0x000001E54B000000-0x000001E54B100000-memory.dmp

Filesize
1024KB

Download
memory/4320-546-0x000001E549B30000-0x000001E549B50000-memory.dmp

Filesize
128KB

Download
memory/4320-695-0x000001E539400000-0x000001E539500000-memory.dmp

Filesize
1024KB

Download
memory/4320-1435-0x000001E537A00000-0x000001E537B00000-memory.dmp

Filesize
1024KB

Download
memory/4320-415-0x000001E5369F0000-0x000001E536A10000-memory.dmp

Filesize
128KB

Download
memory/4320-1537-0x000001E54DEC0000-0x000001E54DEE0000-memory.dmp

Filesize
128KB

Download
memory/4320-1562-0x000001E54D6D0000-0x000001E54D6F0000-memory.dmp

Filesize
128KB

Download
memory/4320-571-0x000001E549BB0000-0x000001E549BD0000-memory.dmp

Filesize
128KB

Download
memory/4320-1621-0x000001E54CE40000-0x000001E54CF40000-memory.dmp

Filesize
1024KB

Download
memory/4320-666-0x000001E54A9F0000-0x000001E54AAF0000-memory.dmp

Filesize
1024KB

Download