2a2c856ce0bac5b4d824158a1187c13afc333d0540266a04554dd16309c8f3b3

Analysis

max time kernel
429s
max time network
430s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2025 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fda.txt
Size

175B
MD5

8a72eabfdbab6321f0977cf0f1e2b6ab
SHA1

6a6de96bf493f4b2e7ad34c61fd23d5aca3d24e9
SHA256

2a2c856ce0bac5b4d824158a1187c13afc333d0540266a04554dd16309c8f3b3
SHA512

bfafb4d097b0eef6698e0796faf42b958d277ff6f7e47d6a22ae9a3e7f97535ea5f660772beacd1c672f4a3b3b2738019a3977262e0332ed4e06c8954167c611

Score

7^/10

paypal discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{2D8B0081-D0BF-4749-8861-4359AF022221}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4089630652-1596403869-279772308-1000\{1EAD40E6-237B-4E3A-BDB1-C715BCDEEE2D}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1856	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
4092	msedge.exe
4092	msedge.exe
548	msedge.exe
548	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
2440	msedge.exe
2440	msedge.exe
3332	msedge.exe
3332	msedge.exe
5720	identity_helper.exe
5720	identity_helper.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5784	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
1856	NOTEPAD.EXE
4092	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe
3332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 1932	4092	msedge.exe	87
PID 4092 wrote to memory of 1932	4092	msedge.exe	87
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1476	4092	msedge.exe	88
PID 4092 wrote to memory of 1632	4092	msedge.exe	89
PID 4092 wrote to memory of 1632	4092	msedge.exe	89
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90
PID 4092 wrote to memory of 3640	4092	msedge.exe	90

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\fda.txt
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffbc56f46f8,0x7ffbc56f4708,0x7ffbc56f4718
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,7950816222346058399,17409895183183885511,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc56f46f8,0x7ffbc56f4708,0x7ffbc56f4718
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,17055906597880455274,651585279574303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae8b244ad448e26c6f273f215a8aba1a

SHA1
d6f5fc9b5b867b7dcfccc82c88ae85400e657cb0

SHA256
15748669b0554666a19b8b3eaa7dc83dd6272626884315eb23e3df706fb2c78c

SHA512
5c2c65fa1efbe4fb20be98ae4f1edecd7968deb5ec8922ef235c63f1bce34c61c0a29aee659c5ddc8daa1ad5de579d7d6da8b6a7b969039ffdeceb5e4eaea3b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5680fd32-94a6-4bf0-94ba-c40474a652cc.tmp

Filesize
2KB

MD5
973238923e5e8dd0e484f343ed492ae0

SHA1
dff3bc996467d000538fc5fbca0dd927d14f93b4

SHA256
8ed064a155850bf05e3c1fc6d78fb2d89152aa3c17e9b00ae2df1fb42e2e6724

SHA512
42f22f04dbf582adea0793051063c75a2242a42a8ffbd79a7d9b89459592fb00bdf11dea312fe4dbf62dc539ed4648ba9b25c5a7875916913023f6f83f27355c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
27KB

MD5
ac20a1a0440df46cd39d5bb2862e4eb4

SHA1
8d4b213437e7810e249ebda6f18c207537f4f103

SHA256
818308dda5e665bea371cfc84976350cf8c847aae3ee8875a4e253752ffb0ef4

SHA512
f79e7f5e1fd8caa535f009757f0d8e78e12311259b3a76238805151889393d7ef746661f058ca3db6ff12d373a4161a8aa4c8249af4c8844f92fa1bb81294f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
215KB

MD5
a199e9aaef96c5e19a9b209b08919b6b

SHA1
1348d66066a90e23f29f0181ed39c272a5391369

SHA256
5f93040edfd9d8d1dfaf9b4799f86c0eb5eee768ca9ae69e2c5e524fac63e15c

SHA512
3e00e8d65a0b77b2e9baaf9a7607ecedf42cb4cf743607448c23dd994f86687af279ab05e85dfd968d42669b74d55ab3b6df90a53a599116eb1d55da64df962f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
31KB

MD5
4deec958dbc1836911f3917d275e7858

SHA1
bd2403dcf95d5aab1abdd0ddf9dd01258f4cad2c

SHA256
0f2743cd437aecf78dbfacd11eb40c4ccaeba351d6828afb1ee43a10f0987c08

SHA512
7b379a992bb8e0dee97be0110c8431bfb818f0646df08c548e101c686157c463a8e596e25377c9ec6367c75df44d5b6abd1a5a2fb88137afa5beb6e0c8f9f07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
18KB

MD5
f6c1cc9320408bd8c58d97568c890e53

SHA1
7994f8eb830efe5825c8fb0a96f6f788970f6002

SHA256
1fdc168cd3eb7f6c5a5d33962d2ac8d540c452c9a55a86be83fc767db0ca5d5b

SHA512
8837570f472ecd0861cee1142345d89a1830a9fd57d675cb35d3687bccbe223aa2e08dcb6b1564825bbb69ed172ec498fd051b5f638f296bc1512f3a59756a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
21KB

MD5
194af4a3c3780b6bf3033a2ca8f1eb95

SHA1
fea74b5f224ddc270c85b4af5f89484e8d869925

SHA256
e75f39ad2d6d9779020a4d2e6fcc79ffd1a37648521f2032caa6811aa145238a

SHA512
ac87b00805ed2ad565648a2138182302872bd835f3545e4d732b29ed252823936395421a137e8495a94c2bef64a0710852ea162f1cc0d35ee2ba7156243e5cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
58KB

MD5
0cb69cf017b035984cf34440d92a9fa5

SHA1
a1e776e8f650c6b67edb6f9018538eaccfe8bf0d

SHA256
bba2f8b6133c2f4524b47f473396a792ed3759c4106c96cfdd55205e7a1f3c9a

SHA512
5e34f05e396e57a71fa51c4f4a921f1d61defcd9290fdebe6568f7dad17712eb471694851b1f4518cd8d777bd47125d7054a4db7448934b87e061633135435a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
24KB

MD5
b37a53936d7389f2a2e055ede0c3e5b2

SHA1
2afe81360be9872da3f6144927f4fab2141d9070

SHA256
eb4e27f9ccb1d9ced22f07b30aaaae2cf7c4f3f6968f9d2be4d75ae9ace68a34

SHA512
aff3a3d1096c5bda3ffdf6b7b64b9c65085c8866d5898f3af943a0a6237499a700800f122b867817ce9db637cd345a2cad66b97f4caacbbe93203dfd95c1679d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
574ddd2e7f1eab27d1f4505f70b86257

SHA1
0ed8c2c7fd17bff842c8ba47c2659c51095bace1

SHA256
034917243e61e203b11d00bf34e1372c705b6e03e1e8b11f9425eabba73db423

SHA512
7d79ddf13614d96b1de1975501d15eb72f216da8e22ee6fc5bbd438a5c5623ce7adb18440ee2ac5cdcdbb7c39c4919d58ff8656f1df9cd6749e2329f7378cec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
9c4271607777b81f7557dfa1cbe4c56f

SHA1
c6c3e33b871e4baf873a3be2f6cc6fc0aadf13a7

SHA256
3241bc6a2a74a072e56918a78840fa90666a94a9d628101089fa3818a822c8ab

SHA512
9b9ab6292636b4ae7bcd41232de281b1545c3220998ef80b28123c5f7cebe87fb6903ea323563cb87fff097bb2d95002a49a3531c8d8abcbea205484dbd4aeaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

Filesize
5KB

MD5
6c3e195cbfcbd9843fee05c1eeaaa00d

SHA1
902c292e25537fbdd7880bee9b89ab19868d4a4f

SHA256
02eb988c433f723f89bd1496415c47c3613964aea5ce2b1ec6c56d47bcc8033c

SHA512
ee1c56d16d808708348d1041e9d090cb0ed2e7bea3d157931dae2ef87f2b92cd61c96d4de136c534bbd5a8c21eb267c8747d6c78dbafb0edc10bbef0340d3938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
6f0199c6912ccf461f3d5e5d37d33041

SHA1
c544cfb6883b64861f83b50ceb9d26bbfc16d781

SHA256
68f4d39d6b63e2e21cbbc46f87bff7ab49eed0020fdb140093a1593c1baed44c

SHA512
f6f00cc56c6e40649a359e0c03fd651a903330d88263a57084e6196cef68e581adfb089457bedff23553ea618f76c391f384c5c0a1dafad87647e094d1e1b4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
51fe16aee2884f0316c370f50e1df9f3

SHA1
3a507c20bbe2751b3b0b85e3d3856f47fed7df90

SHA256
2218d1b7faa5623d588bf5fd01bc82e8ee7218f745136f5c3bf6009b5e04dd64

SHA512
c79f8a66c9d9bc323b85306b54c4ac7cf02647082258ef78d4f0f41d452df073705c67557e9373a105880792cd5272d296112b53a2016e5ed3a502965a057a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

Filesize
4KB

MD5
3e6201a7c5ae202efee4dd43477cc7fb

SHA1
b70b4adb3c32a5119fac699b8dabfefaacfe3423

SHA256
2acf3cfa7cae40f0f19394f60f28ab90796dce99324b10bd0bac8f3badccd38a

SHA512
cbc739384d27c49973c195628f17521e5fed92b69702c5dfb16902bf25e4cb02bf88b1eb2e3af267f4228f6d0df3b0d1ae328b589241528e3e11c204ecf9609e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71da22abe269277d_0

Filesize
3KB

MD5
c1df0a5099546ae6a91c97c3201aa489

SHA1
de82ff7877ccac427592e402b70b39e52af7eb63

SHA256
7458469b8bbd9ea1798d6a9174d5ac536b1e0868ab50590f84374159c4dda5de

SHA512
c23961447d1c946d8be75fd76e977891d1ce725ccd7ddd6a7a8b372686e39da13f7f5b0b141cd88cf504957bf304d46427ddb5083fe8de7892b60caaeae63bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
9906e7bda9c7e4fd125decc92e2acf5f

SHA1
881e2e4c49cc7a37d4800c3e7a2b123f3706e05d

SHA256
b54ecfda8157f1293b08c9f86614de9eff70f11b6dfc9a97e73beccc25def392

SHA512
9ac3ec5dac5587ab4d827c1172140e92cb6e3a8fe5d0fb510c21e4f349dc59a89c56c7524eca54c950b5b9f828ea2017205bd6259adf12087f2d457b3c732b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

Filesize
3KB

MD5
74c17913c53ea160f113ed97224b818a

SHA1
9d760a3b854408e03ce79fba5233cab24168ab78

SHA256
63e70b399ddb9b3768fdd46e3ec782ab71a6f946ab7c2c81d0c8bd7f19765453

SHA512
a183dbd30d95bfdbc1a82ed863c518ff4dc3e4f714f4d1b8c69e1959d2e92b1d20e4495cf676f857f70d4fe98059e424d7dcc764ee8cdb269672ecd293cc47d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

Filesize
1KB

MD5
1d7eeca53b6ad8bf240233196bb6372a

SHA1
ced03530a200725aa1416acf020b3ec26467a75d

SHA256
9bc9b007710930975ebd70adc7fdc250e4a700d02eeb5f05aa1d13d401cb26e6

SHA512
31a6ff3ed5ee6c6d7e8951fee6d6b4022c8a2c037442ecfe437df6880eb916c64e86236bc119a7889cbf61079bfc5e8d8e7d4c656911c75c1446e46ee45590ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

Filesize
14KB

MD5
edb883807d9b1950e6ba1979548bf194

SHA1
ad204237163675d4c80fc4f1deca7f7903c7a9c6

SHA256
b48d0d54bdd49a253cbd3ffaaf4ca0154e9d403cf180374c787e8eddc9c8c879

SHA512
64df9f343ebeb53ef5bfb6974a03bae26bf263cf18beed5f39385804acc07f88d17913237c273962b948c5d9a5bd83dd8c86be5bd3496c9dd53d68c06fb26d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
12a6c87881c6fc96b7dd26b3e50d6df5

SHA1
2227a0c53af48c8acfd6b5f8be96a141cde475f7

SHA256
fbc3e4cf6666edad49902a9a8fe2ce6fe25ebb7c33ffe1befe373fd98d418cb0

SHA512
427e913418f6750d094f2c388c8537063e27185b101bed8c368cd39203b0ee931e9a99dc212ffecdc036019ed2ca53e91dc045ca756b1409cce5183cda780122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
30b76df050c79028153d0780f4ff6291

SHA1
ff187bafa0cff032f41ae994298894ffd97f892a

SHA256
eb807fe0e226a0fde9edfe57684a089b857221df437414487ad12362cb1e8a8c

SHA512
a0e7b9246bdc632a482efa52b0584e3076d49d7f5b15649141bb9c5d002662b48261b645864337f5b7a37719ecafbb108a9ebabc048bb1ee051f72a97ff9e5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
bd568d2a1b6478dbb1f046da869b2ad1

SHA1
09726e90fc9fe81a064af61537d9f16511be2552

SHA256
5fd9dafe84e2e80a2e0da703b4e2f978a460a5ac0a56527072a1b0e232f583aa

SHA512
6f415c5d809e4bec5fb06f7b275345ca3ab6013c246e094f32075de3e7133b5d58e43182e3cd31d3e18a32639db8b26c1f13a95f60b205f19d4b5ebf86734ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
fa24d4f2db0f30d8979e0644e4f2f092

SHA1
4df571c6700f892356f8a6eb2fa3996e8198c0be

SHA256
53765f627015ff92fc23bb6294b35c3ae713c82ce6ea0f2e2c4b8379ad9b78a9

SHA512
045886c823c264e87c5a2babfc6423efe65534d0108ba09c34c6b10bc42794c2ad7da9498333c1182fe980687def8919f5c95d7aedd749cdeb3debf145b8235b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c75ce0c7084bafab66720562946996b2

SHA1
58dc1b7d25d21c65a4d0e75396f98a60ae719adb

SHA256
3ca1a0c530bbb56e7199285f24fdaf6bf15fef52071ddc1f8214eab810dfadf2

SHA512
404b2f1e0792ae86d7af5de1dbde3e4fe0734053191e0969b7818c921487177727dffcb0b325a89052fe3df052fb80cb69e1d4189b75afd5c83fa9322aca1bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
44KB

MD5
66a0634194d54bad6e5a4ea799b685f7

SHA1
37554ed58e62d6d96f1a60fe98f29024ae9aa3b6

SHA256
8f138eb5497aaf55bd03d07bbcda17386b302b12f192e60abda25c1acb332d0e

SHA512
eed7d8151afb879fffd22cdcd229f9345ce330d043bdd53cb548e7ac5d6c469a70d534ed2e256da985212137f9a5493d69c7f31e1d43c37510b5ee7530391424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
918c6ed6670433d528308847fd0f5727

SHA1
aaee17ae32757ef39fca8d7333136d9d7fc02911

SHA256
6ce8bf769ecee39b72c90e2a19cd85ecc42ac13b6dda0257e391e24384bf6af0

SHA512
d0db21b110106c7656a6204729a57d10d1bf41daba025fdf7e42bf996ebd3329700e69a82fc57b79ae91ac785098447550b063a84e242e16ca0ff100facf1bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
90732a42d6171e3e023a676c007ec183

SHA1
503d23c417e696b7076216e0e26ca49905823bf9

SHA256
aaa21c5ae4420a1bd1f3c414a9c57bc25d956bbe099c13327b3df876dc32e9cd

SHA512
a21e0851981f51c04c18dfff49a97a3c6618e7d409fc1ea57feaefca585fe20e78e7b1edd484e8f82bacf29ba7a62e430f8e2edf8dbab48d8fa678fc6eff3347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
132KB

MD5
a44146c7c03f96553b6bf92316974fd3

SHA1
88fda71fb0771c6744e31b480d421ce3b6629773

SHA256
027aab53bc7aab9e61edc38bd47d7c598ece148481427e2e2a67f94a0cc232f4

SHA512
0fe7fdd09bf58e940462c020e99c3de7e49a8cc6b55cdd7cc5687bdcc6b56bfdd62ef5ccb6d8dfee1ef7cfa1f80de0ef6d16d3603f2dc38e2f40dd0dae208ca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
12KB

MD5
9dda1ef946f446092ae4e222737c951f

SHA1
59dd02cb8c5133e8bc68f9eedd45128a2ad910c4

SHA256
836afe484cb385354cdcbfd1ab3cefac315fc2b25b875c8a775183f0d1935c73

SHA512
2e0e9d3cda6178dbf76844f48e0a706f0ad0da90a51340b933fdf1d79804f852a92e50ab9bb17f4b9c79b4ebb568496cc5b04b27f0ad0c8a747684ff8392936a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
5f0491763fc5857e4d0665d61550e9c9

SHA1
279fe11790e3d11dfe2b433a27bc4b71201ae22f

SHA256
48f3c56d7a6e247e0568ea68490c9c6b1a3dff1de355cd3141151bf82a71c7ec

SHA512
4837dc6f401830447713ce4ee1eb9e25f0d69fcdb07aea91c6472b2dc78b3c818cd9262ffe5a6aa98eb28f01a9c8c993a65ea5b0f7070765231f8bf1fc7675f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.paypal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
c7a6ed6779a8cc84caaa90de9e7bb433

SHA1
296131b2248200e5862e23dd6ca5cba85dbd765c

SHA256
25dc38081bdfa1ca18abac906c0b38846ba0cb447af2321a683e1627736be496

SHA512
84eda770737d42b67cbbe98851688c2a891d4c7cd3da3498fe132baa0e3e587fac575474f9aaa2f7764c6680097fbaa93fd5521d9e7d79ea7c1d9d88ab9d6117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
c89cb943b2f20038b59c0de298f64b50

SHA1
57e82881c982bfc81cdeeb5638b478cc0bcbe4c7

SHA256
a6dc50e1f1a8797534d3a3f6ca40d229768001f1c141e45085e57ba2ce44b09a

SHA512
c46324c6eb4ebdedf89edf21e460588153f070970eb4e892e8e0c721d6b6d28f36dca3cab31e29060fb5f3169be51e992d863efa2b3b8d8df146abc60ee12822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
48KB

MD5
175e477a6a681a3191f09842a13e61be

SHA1
b369c4ad9fc0314ad8ffd6c1ec27386dddc05328

SHA256
dca3bd71a2d63b730cfe4396bb7777ff88e036c80cbdcf69684fbd261fa7ba8b

SHA512
8f2734847aa6c67b751da0819ac597306cbcf291d2338220588aba43ced10d104e2eb3cbb1378e341211259967227adc5e644ff08249e853629cc99f682cf933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e6375231a7c460c27003b1850866014a

SHA1
05c96744403f4901d4c43caef727c50f7c679619

SHA256
f0d84d83853e91767e6be541ef70f3c49f396c1fb13a636cbc96f2dbecd18243

SHA512
1b4fd4806c68b171bbe96376ea20237ce0b03f1e2a790abd4d1921bf7c0a7517f56a609800a89db76140470df9c04a8969b8c38729bc22010ba917e67b8d05be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a7a3598d6a2c1bf011df1a44bd717168

SHA1
9dfc846142396cd82d6055de26d625165d40888d

SHA256
562ed077068da243ed46156f8716e94ff8891213f61920aeb5ce6e0c958efc7c

SHA512
bfc2106c003a8408d356f6a6cc584e63dba582cc7962b20931be37a90b705b2a9900f1417d13096793628c586f85c22d64999f1bf5972db8104241a4c3199a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
af084ae91991cb77488d15e612cde24d

SHA1
e5edec613f59e1c3c42cc53f932d189344666f8c

SHA256
59a63535751e1276547c9fa4ffaa6dc894cf7687ea8835f7b9df0e75377d6a56

SHA512
918cc4479e3020a3e56bdc26c6e97140ad0a0d1d66fe108a37cd2c2da42928de8b119c55a30c5777ccfccacfcefe528324d7051d5ba3ae1f5af78428dfb6113a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a788ad6ddffd630980310415e0d1ca17

SHA1
7daabb7fde92af6c7e54de4b20379aa013979f9d

SHA256
af6bace48fe3e0b72020c2cf1f907123d0481656cbfd7b46989bf80e90a9d127

SHA512
3befc52a2c6093a7336f458fb4e94693e752ac2af3411a0b85b5c1824abbbf440fd20ef8e9621b8f364be30f996d00ee565781b618dfc3cfdc6f6921147f0c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
9e457436ff8e95296883b3cfb8971ba2

SHA1
629750e3d366aa2580f2d4d774f5d4461f8d5d96

SHA256
1a2172d53ac94ae4705feefe842ba0aceb0e59fe724bbec9988f2f69d0a67e2e

SHA512
355707c1fe47c0fe6003856726e0c6d9110fbda0e5153582e189662891b9ffd6b728a995a2d37e3e026f89c27362c8a8fb29f961bb58c7feb2fc6ee4924741ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4b986797241199d726a69526387d9136

SHA1
4435e88256d5ede3af4e3c89e786507302bc1715

SHA256
9c6a2600d209ab2933aa85aa9a5680860d52f4b09b7152f61c5d510b855ccdff

SHA512
3b2bf7a63914b249d29c36d990366912884a63611fbe00ad0db07484c5cf9561683524154d52017f0b652d87b9cb0c8f945c88f4a80c79c76490c42ef1ae42d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2b211b107c9c77bc933a289ccd0fbc68

SHA1
9cc695f69b1ac9ea811f260ab939480bdb6be0e7

SHA256
e0b6228daa8cd926aba861796a8c8779dc0b85a8065753b834ae920cd8c7d0b9

SHA512
07b270161700539c1e7704e8475bef8b9d3b11cb5be3342677d7726e342640dbe32ce29d7a17d92ceac479493676ec367a7ab25b8b433543f73273a467b80039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c08d3e2ff44aa6cd246b0fbdca079bb

SHA1
f6efdde03d4507322120f1f333c8845933089d83

SHA256
ab5edfc30568f69bd013868e4c80b3b8de922d80ec4fd738ac9456b5f241f2e2

SHA512
263b8d452a94313235af190b66b69560ac90b4405192223b936457157edf28369e2d8f9c4e0675429fffd6ebf65adcc470d1bb255bebc983d53ef03ebd137c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
801e8e91368b6fa014067b31d4dc1fa5

SHA1
3e192d01da76a68c38757da604e67c3804ef3bc3

SHA256
f45ca8528b99bca8bb95ba52c84949e056feab63214d95a6f117b00604514ca9

SHA512
5ade58f8c91653f00dcb8b2bc85353cb845493a25b33662a302f36f64e698b788bc6559db13847566bb193ddb0e70cfa8a526bc7ede9377da8281a86627dfcea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9e74b90a23119dea0c5d4a4192d36275

SHA1
1cc7e15511f9a703f3de9f11002d78c9c7c68224

SHA256
d4661393b556436bcc0b68317736d95195caff08effa8027edfb0901163d12ce

SHA512
053c931caa39a69549e2088924e1b50f2d42a8c5522201ab0cbe1d67a39c5a6dca12d28a2a666435a082e0f17190c61905542ad344752addaec14ede2c59f77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
89558d6ccdd25599aed3b3fc72779cdc

SHA1
be751cec2ac9318d44cb3985ff782e5462bdc493

SHA256
e496313bdabd75c2a2043ed68daeda37640c185d19f863392400c46c4fa09bfe

SHA512
bb299adabd146d40b9d5f2dab7ce35fa66682eb1c2c11d5cb3ef1b5516c81c2997f138cbc62be98a96b9beeb71f0a17287aabeeb09650e22cafb74f673559304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
78af2f764d80d0b4945c2fc990477b4f

SHA1
d847a29cd307998324e838f08e73262e230976e9

SHA256
4d604504cfefb01470dfe7420f84995d566133a07174673b5ca87ae9c8a68e8d

SHA512
7509ae033848715feac5681b2bf7a4b33e3708323ded9a20a93ad489e0c4f43d46b296dc1cc5a8af0153f6c5cfda4bdf6207b0f19aeea8d0bdafd77be36c7163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
431605a023d103425ba338f94c63b493

SHA1
18bef8d6f62b872f53691cc0ab77ac5fc0332ff9

SHA256
08fce494ffc6387d794f7c9635f3d7789f5b2367953ff8e8d51c61779632e983

SHA512
a704550f2a1a1346fc04347aa853287a7f6d85991a0ddbb24967f7cfb5f9332a675f4b51cd0c1678ffae3443b3e6cc17eb2635f6aacea013b22cbcec937dd62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
908b2578a66267efa3db5d62b2547eb1

SHA1
239a4f29b70b70c0bf2bc2ff89ad0c90f23b8cb0

SHA256
17aac15b308ef86a1c0a8b82b1d3d4012b7834062614363142c8fe9f785dd4c2

SHA512
dac28265b833fb5a474cdd922789ec27dcbb9a8a9d9b8b9e00bb4d70bcfa27742488d698fcc6cadddd2715fa30a0872162e7af91e7c8a836342c9e2417a2e630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
768f1b0611722eaae3650d7463cc12b2

SHA1
ef113e50ff0c7de5f2d31bf21424e3c426c15dce

SHA256
1bbcf29f71b2e347d5fd34718986db9ad27bcad6a486e97984c30f687cfb24b2

SHA512
83fa7a07cab254ca0efbf24e96fbdc9a1a914de4415aae70a65243b373e558616628a1e864b6d79ba114c2567788ac7cc21eabe4add66162bc579c06125593f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d2a74c3fc0ad747ddf2e3275fab3c5a6

SHA1
23f55602007d2b79b4ea5e640e6ba9e02058734d

SHA256
387a9eba45b7da35c28935ec566bb08f3f6c3c01417492dde4f200caac99b44f

SHA512
0ecac0764136f0616a65205444cf8633ce2c02507f6cc80076e5c860e3f92eaf3fb7ac284bb39d12134d61ecee105629621542664bc398a39592377f5393af16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
57fd2bcd22e9b96e1590ea97fe6b2474

SHA1
e24237d343f314dad3745f1522a032676144b5da

SHA256
9c73fcab556a92d9611282d8f0f4be2ee2e590f28272d6f22032db769d66824e

SHA512
c2fc6ef055934d20523e92c88816e153895f79c0e1cf16223adf7ec0a691961d6faba4ba47da30321943e8350d1d51f923c3bf409e00c2e21ffeb9d20b921201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b5986f1e01c5abec9e491495ca4d8e9b

SHA1
63af202d167a32f09d59b007d8c49b078ad2274e

SHA256
6989084f56df645dc91f3573daacfab6eb1b6385f285be0c0741f2d45804f355

SHA512
4ac48097bc115d4693d3541a33b67f5ddb2f37093cfc4863fa654e992393349b9868c7e90191cbb39f4c9ef483ff2d1737a14c6b1e968384d44daab5761fe461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e02989d0d82db53342121a97e244f760

SHA1
3765e7b5c71d575bd9b1b36deb6f56aad919f537

SHA256
2728fdfb4019c9fdc1b21c787acf68fb19bd970f3e4c8763040cfcd5fdbf6ebb

SHA512
8d4185bba3b68a4e3ab77f54e826642aa58e57666748be705085014052cf45f33ee0198492357578fb85b27901b8206b458629ec0a38c1b900c62f1d1fd7e3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8a8187ddb5f42ad0dac7199ada100378

SHA1
3529d8e3abbd00513cd913813a826729071ed26c

SHA256
ac253defac67682e964027d2514aadb0ba7b3d2b9a7ab1db34733ccebe1c8cba

SHA512
db0cf0af0431b29672187ef91f471ce29eb021c2f12968b4a4df3638ae987ceb495303d177fce326304bbe9c3f0f5039833211ad570a42d25a20ae86af4593a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2846391bfa885d2e5a12fdfcbf1e4a06

SHA1
50d86783ad6a1ead45f0a98082dc4b8afbf6cf1d

SHA256
2f25d755c09b158c448b4e0f163f52f52e1365cbcc2c4bfc00a2ae6550c8244a

SHA512
a820af398c39e25c4c5f8c6eb19f695d5d2c4e4c59d25c8099c4e41e993214c7340481996723781b31e9bbb0f5152f7371d30efc849fb2042a7701d30d33638b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
297B

MD5
fbed4745b998586e3ba4bfeae64f9caa

SHA1
13a76fcb325b3e1b183cd8077263dfa037a32e69

SHA256
d01880a0f0eab25e42a365e82cc34854c04952d904614b545f56c37e10b070e9

SHA512
b233786e9301b1eff6400957dc1699b481eedb1e121b202268dd82c5bd4ce44c203ea685d6702b7f8d76f7a2faa6fc041d252869d454e0d09230cd04ec55ea56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ad8508b5ea98a7af3d45ece376091dac

SHA1
95581cbd175f7a4fb7cdf72d1ca20de1a2c20d53

SHA256
f54b446114028aff1947f543a4ce82e0accf189c69d60a994f9fe229f47b5583

SHA512
8d302ac58560dbd94ee17dc58c7c9d07a2062cafe49191df0bd18e5b84a711b1769fdcc2c7383d7cc949c8ce8698636dcc6175530e0f7a33f7eb855e7c8da7ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59cb36.TMP

Filesize
48B

MD5
a0df6658d6b9aa09fccd1ff2fa4a6d48

SHA1
d0ca2addbf12c826a3fb2cf367c1b123101deced

SHA256
b6dec8976d9e21396511add90375cc586ea75fe2b4716f402d470f719a9ff780

SHA512
0e1db1273e53e3060ef80dfbe30c298aa7fbf80c51d69f4525a4ff179ea09e96921ef2c9c23def3f4107f9f6a80a274cba98baf3fbf9f8b66b78e86529fd4e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13380224982181612

Filesize
125KB

MD5
e7876cac311318cfdfb4397dd04009bf

SHA1
de6b63359edbe9e5515dc9b932cefcce1dabbd31

SHA256
cbf35255bd28ef43f2b5cb30749063d1093e766d5fde1395b04bb03afd463585

SHA512
77baefe4999ab909fbb68ec79587f65c6e1fd02884ad62a7a530db2b36782173184666592e62976c50869b11ac14974d874ae25cc4d80ed0d58b255f6349a16e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
334B

MD5
2b4fcd48692b67f27ab265f435b75059

SHA1
a9e509baa1cbd6390274133f9de6a5731cadc0ca

SHA256
f45339f24ed97aeb7a669405f143a5e47ac2e24365606d2ba95b517ec71c939a

SHA512
a61af41ff20b61a436c0427b67d73dcdd909ac0229f72d86ff45c97890571d7f630c0a789efaa42dcb27af7b65b1a45794b050b2e031fe207b61e9d9ae043e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
268e7d3a08c3d1c9f6bade2cf1ae6f28

SHA1
59b7e90b3c3e87f784d09b94532224b22ac2a6ee

SHA256
c9f32c09b772a7de894735acc9d30bb95c137a13350b985553f5e64f8cb2001d

SHA512
5d85f13994551311dbee4782ae3f506f46896ceba01a3dbce0ee18365d2d870ea90fb12622fdfe970dee738a0df71afad6f5ac2e3f823d68a34e2c63399c2ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5b15af06c585e92f6978602990b62b33

SHA1
e3069c520cacaeef903dd2f57c91e4b4ad516d8c

SHA256
2fe34025a944abe7be064a261620bfe86d66430d99ea4942b6fff7a4d36416a0

SHA512
f1aa2c6f234662ecce66e1bd530e04a0597a387a7156863005fb167ad9c0bba726ab61032efa462a7dd86a8595b79cc570e5a358890c643644dde9f92c7a41a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a7b510f34fa11c73a4b280b7e5f757b

SHA1
5e98250dfefd4c73061745eee9045ee61780ff27

SHA256
ebdb6aa4f6376456fef05bfba19eaca3b91352a387c6f859cfe1fdc122582e51

SHA512
5091b682f17c71b75b55ba34aeb932f1953ad80ead074fc820689a9b9e8398d9fbd0db22fd8d731eff562298706ba3297245a7ff915293b6c246d89554ed70b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c00df66659dd5cbbd55fa0e789923f7e

SHA1
f89bd1ad1b62ce028ee4879a351558e040e49462

SHA256
82ff926f5484138639f789aa534c2e147ac22c5a4b3981f552c5120646ff0413

SHA512
963fabc5949b013264ad034ed458e5714dd42ea5ebbc834b42bf359627cb811363a9c92cef718da3c30c99bc182db022e5625642cdaa296bc58832a3eb175a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
535bf142b2b66752735e4b9ed9a80f70

SHA1
73625e65e14853735ba162768bfcaeb7c2c1cc14

SHA256
976190be5a11675fa566c386379707535ab1dd2be706bc6423462b307309e487

SHA512
76d99e7f3ac3701443b977ef2ab1d6e33ffa460cbc353f7ac3252738a296a18497e8b2e34514a9601d13a8ccb54be4911d3b0c55aef7ebc5527e4ee9ce6fcb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
55778643b33b9b8c5aa461b928c456c4

SHA1
5eae78c895b92f7b8b919cb23829b1a1e9862610

SHA256
b5491919c1c83687da74b4f8571dca05e83464ff536be74b5296a08b9b78e61f

SHA512
a0cf48cf6adb329d5fc6ea30cbd8e4645362c91f0513c2114dddafe04abcef7c960873935dd05e9468bdc831035cd8faf1203c378f1e1aec84afdd471db2f178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c6c646c998f773b95500ef535cfcfd5d

SHA1
ccac855bc2ed51fbbb1c38a7dc4a471de9d9b03b

SHA256
de8fc4f81cd36f1cce4f4c38ae9267bc188ee86861bff47e0703715e7b3b4d61

SHA512
903cd41bf889cab75a0f0972588d773889ddae946b0df41607e47859f2994c4b62ab1010566fe90215f1a480db5bc536aeba4b3ea501e718cf948211a74de89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
787772b387a17426cad091322728bb8f

SHA1
8b4007b732c9cc27918e601b320414e83b5d4f5d

SHA256
4ae9c75a126b255f448b29cf15d0ed262c2f5729e0e87037fa386ca78a60c313

SHA512
a2ae1ed182079b38dfbee48c1ed4dea7edfcd87c5b71ecc6f31df2106e4fce8cce7408ab32c4d75a50eaf5def14b3c7af25b9ae07380ba2c27e6357ae6b50a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
457483f3b350421b68990c21532638d3

SHA1
597fcb1584f3c4773c7cd8a319bf37a9f97c5e3b

SHA256
26b4f13a2c4d6baf9275e85f3a347cd2c06a3ed496a532ec65d5d66f7ebab592

SHA512
de2c0ce911f3daf5463744a87316479c5c1669e7d0ec86ea439e084635cb804748a67c81114b27f34fc822663d7e61992685bd163b2ead48f2950851d12e5efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2404a34029dcd9fdf0b341cae1436741

SHA1
b42acfafebca775b317e5bb6afbf9ea03d5000b2

SHA256
f427078160fa5d054e5d55ec67df2c09ef45e28637db7017a2ad64c124c971eb

SHA512
e9e3d16928d6f2bcd3c9f6327b381151c65620b5631179fb334e2ff1a88e601b24cdd11b7f0c02acf77b011ce5da0510e575e224abb6f7e23a1bc903126e73cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5fc6b6f4eadcaae60558074d0762c922

SHA1
158f27519fbbed03a25aecc5afa73a910f2bfd5e

SHA256
f2ce34dfe9fd57f7fb87729b3b609add729b919e1629c5fee13adf2dbbb4b511

SHA512
3d8a8c8f2500a837aa8b2e406e6bc27c620a89f29491f6672387e39f0126ab07fbc8d1a163c6da29aee6c9774e54d853c20732650fd1c8a772448e75b9c0c2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c08dde9c5c6721d8c74208d783a73fdc

SHA1
26831287c3040fb230126ba048160860f6bfcba3

SHA256
54288c55572c82919b06e74235f979526e2a996f2e505e7c8723c9ec6780357b

SHA512
4e93026219de31b7bbbcdbd8b8af89b67eb3152ba39b525c4ddda48a7ff892992ef7542cc6f98783090c28b7736d6c6c68dd4bf6cdc6b73996326842aceb26bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c44f6d7184c7048ae6a8ddae31948744

SHA1
d49ab3d5cfc244b46428393bb6833976db843415

SHA256
e8f9683aa3217cffa49e9e9ccc53d7cdc323f2b222205f9b9e29a3f5926d835f

SHA512
14faef4ec4fe72f667066bf464ab05ddfc8cf37da9bf95b94812a208c4f24b31cf2fffb55626902de37c2d64ab6d3e099cf46145bb4070ef91c072a1df84198c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
08133eb7ff716f555d776d1a95534e2e

SHA1
b73afaaedc23193ecffd09f64a52a69a6e45591d

SHA256
b93031c0275512e7fe5f5bae1e0aa53f29f222efbc8b023fbe02290c1882f3b7

SHA512
fc6aeffcba9bd86a13658ab5d9012eab7e3a5c6f461651a28d23fd1c7ca2f0cb872ddd6603e9cd86958e193a2cd5e8dc5ea92d3cc828de8334d7946c4728db22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5c342be1097febaf3c05d539e56f07f

SHA1
15d58a216737b8dce3ae12749514f8af270f82f7

SHA256
b115b1e4fbabae1ba7159f2d47ee5a1cf6f3170b7f9c0e522504e68cd1490d95

SHA512
110829d5e5937b94597077454da2ecd77ea4f9bf3906fb59d8df5c728480ba9eb1bfc006d3f2eb1e520be3ca6a432f4427ad7a52f00e441935ae3b1e102758b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1a18971e927fed298f30f4bbc792fa3b

SHA1
3d0112a9df9c49b496c0de1bf92dcaa74f3d68ea

SHA256
f409ae2b5004622b63d9786af5a3d1bab36d8a64af1c69cae85ecaf9ad52623d

SHA512
ed2457cb9a3c0a13d25e8fbb8acf5bf1cf03de0e5e1f37daf8a8e992da17b0a9f4ff6c72bde21ebc10990820ce2bd1899deacb92603483c8137609bf11009bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d7f8c41d590f3f366a570108405e2919

SHA1
18b684f4bcdfe20a03bd68b4b08f968753af5802

SHA256
ba30c698a8590f2fdbe9fd64ba43111198f469d7bee118b55bb329e3497156c4

SHA512
50d53acb55563cd82af4e78fc953a13c962682c978705347398b8c32fea232446e62114e71f152c79fd7e5c3922b6c650b4b6eafc4efa3e6a08a75739e8905f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810e3.TMP

Filesize
1KB

MD5
6a13ccbe8b56036c917d27767257f5c2

SHA1
518393855bfa28b476ba38e15ec578a203cda17e

SHA256
4f6694970e39f4ce4a497dc5ed6703b01343287af233ecacfa42a13a77d8486f

SHA512
45fce2f07ddfb206b4e7603c580ff6e3020c98b87ae1739ac853fafcd327b6f9aebe460beff5a68123d49dd9765b7b3d1e1714e3931fb00be737e2ef7b5ccac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2330aa475b415ffa1f2bbb1425bcbe19

SHA1
f3a83babfdfc4448954cf4d90f3ef79a822a2494

SHA256
ed63996f28cb3e3570898098c850d11f46240392143a7d9ff629f192ac30aeaa

SHA512
847692d03fee2007f952f7c25c6c3032097aa2e8154d2caf6d0a693399ac0eda5865197b743b513e08a3d1c9110969e66267bd61558e8424ed5690e634d8004a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
4ce7a052db5e432bb6c772beb6f5efd7

SHA1
827a8ec85c5f118cd1278ee3956d8f77c9fa3f57

SHA256
cbd3c542581d8cc5cac61c23c3fb6bb735ff708f30812fbe12b1684cf48d775d

SHA512
023b5c695145eed748f4978b2755556ddc0c54d9bd3f1acdef9451a03ed91a3b69f57abb86cedf70870bc5187d309e3a4b87cd1f8a4890d8b870aecb8dfb631d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
156KB

MD5
8cd10c5d0dfbe187faa5412ef13bae7f

SHA1
105ae71df105952bcf7d2de1bca7a643518dc799

SHA256
20d0b38d148e43f7c6a1a639b9a4309345b913235cd0c46fc968c05c25a7ec3a

SHA512
39c751b8f5cbb4988b796a1a13503276d4ccd1fca3fdd2eb281f8b0ecfb45749deafc906d50509feab9653320b76b8dae32306454b94a2b69a94fa86b29d7a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
15be2eaaa80b08f691b2f4350ef93769

SHA1
0e2ce7315bfee0e538cd36cc2f7e83a4de8ca793

SHA256
617289288c361b370a445a132fec4f5443a07ec13293d229c8ef1431c09c58b8

SHA512
3d909c36cb32b7047abbb3edb5bdf3a91a76e4b9e726577204dad3882013c7cecd8e0efadb4ec1e3bc7013620f7990ef3dede24d31f5ccbeda4b37cbe4dc4fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21c4860c8d04af241602ba484222aa30

SHA1
b4b5bb94191009a3dd22030edd12779f872e486c

SHA256
625ea589fb0a9116591702d0bebc5e1488f53fbd55adae32ed7b30cafcc3a649

SHA512
c8584aa21729d2d6827fd17aac3333e7a77ad4e8c44f575d64d2468d7fb1757b7c97217a0637ffd63b1a7e2013d91f8526d215fd05fc997ed3dc6123cdbe8de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a2f1241684123bf2f58b62192dfcbf1

SHA1
89ea1b0992ac172d0133e1b0206fb521f6544758

SHA256
71725f501e44f97d9521eedb92782e8ad82e363b7da89e157890f9d94289561b

SHA512
6c91e33d7ca1f1f6c0fd3870e89e10698f0b9a54d429b56b83f8d8a6709b3958bed9145cf0593684b7c3d49fc26477e4e86364f25b0e0d34a8623a1bdce0dcb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cc65021ff0480e5e87a5dbeef8d98ec4

SHA1
e4dc1138a5a3dcfb4048b9f5c80a18452efb92ff

SHA256
a3ad502459210a86c96ba9c7d9a164e2794fbe30659b953cbad41c66fd000a41

SHA512
10c44ed0073f63a5bacd6ebff59a052a2ca206a235c8641f077a4de35ae86398748ed123e35cf8190d597c964e3b95b84ee3e450e32ef5fe56e7c53a2de37131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5a882e3e28f2ecc36003d60bf6df16da

SHA1
f08792d60976b7a333a00abe3dc6b8f0a705b72f

SHA256
5e0fb417cf80fbbf0abb7144427669a030cf8a65955e0a05b8a7df37af972860

SHA512
dd1e6319928322f2a76bbaaab9dce93e84b11bb505639b6023a1daf91e8d804eebb492e4d7ce572da5a75fc3b364022d12e410459e15985f3408f42e72a3bd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
93dd9e4902ac0e343fa56b5f8dde96d5

SHA1
5218f048f571b9fa61403c043acc69ac7dffe763

SHA256
63d0e39de953b5e1ecdeef6fb6e137b167803deb95dd9d0f469e087bd9ddd9ee

SHA512
cf179dd4506d92a0b74d1bb8fdb26488a31b458b42719e5afa74e55aef2d393d8136f7c1cc1399cf6bcb82addad59e2838cad551ea54bc9d6855133cc6c04fc4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
baa3b0277512b006696638a1c28ae5a9

SHA1
23b6b2049806efd4ab981e311a0a0354249273f2

SHA256
0029a21a76b8f2b738aa2cdaa4cafb0a8d64dc17ad91f767c63ba3e3dbc5bd7d

SHA512
7a5cd9a096f2900812200d2d042c8ed8a648e0f42bdeddc80efbf5353fbda46e8aa5cb9d259ed5d4b3483a823d926e250ac00d575e4b5ba6e6947c35088e2de3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b9ebbd7e2dad021a86e37625a737b254

SHA1
8ddb9a0727da45f845b58287d974c9a94c21a95f

SHA256
526ea29e9f9a6aa07ab85086705dc3deb06343934968ff05bf0f06786469e1ac

SHA512
239123bf9f46c3423fb4fa0aa31113c56dd9ed259762c71f80407566d299bdcdde50ec82ae8a5ea9f3b23f3ea316c2e22265c6ce7d392ae7a8f53371ceebd5f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e225dfc5fd3c43bc472f7f92d69c9d50

SHA1
421b3127194ca0c48a186d2b6108c18d003855c4

SHA256
57db5813b1507886a5b1ab8e392d8a8f5dda5ae1071a4dd4f8d95d9516e6cd8d

SHA512
2ff5d6e2a1502677de53a89055fd53b937dda16756a5dd0aeea3362025daa45d98905b9d4cda0a7614035073e2b7b115d0a7bc3b8125e19154a48c4635c380e4

Download Submit