hxxp://evon[.]cc

Resubmissions

08/01/2025, 22:22

250108-2anapawlft 7

08/01/2025, 20:13

250108-yzvjhs1qcw 8

08/01/2025, 20:00

250108-yrfema1mcs 10

08/01/2025, 18:59

250108-xm664s1pfr 8

Analysis

max time kernel
604s
max time network
599s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08/01/2025, 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://evon.cc

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
326	api.ipify.org
327	api.ipify.org

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250108222307.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\cba21e76-14e4-40b3-b50b-ed8cdd0bab14.tmp	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808490864848554"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2062871678-1047416116-518495306-1000\{E64E3F5A-3611-468F-ADF3-F356582F13CB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5660	msedge.exe
5660	msedge.exe
1056	msedge.exe
1056	msedge.exe
64	identity_helper.exe
64	identity_helper.exe
5340	msedge.exe
5340	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
880	msedge.exe
880	msedge.exe
380	msedge.exe
380	msedge.exe
2300	chrome.exe
2300	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe
Token: SeShutdownPrivilege	2300	chrome.exe
Token: SeCreatePagefilePrivilege	2300	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
1056	msedge.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe
2300	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 848	1056	msedge.exe	81
PID 1056 wrote to memory of 848	1056	msedge.exe	81
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 1652	1056	msedge.exe	82
PID 1056 wrote to memory of 5660	1056	msedge.exe	83
PID 1056 wrote to memory of 5660	1056	msedge.exe	83
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84
PID 1056 wrote to memory of 2628	1056	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://evon.cc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdfa2346f8,0x7ffdfa234708,0x7ffdfa234718
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3280
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6b9165460,0x7ff6b9165470,0x7ff6b9165480
    3⤵
    PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2104 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3765630494947669782,1064133250794771295,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5476

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x308
1⤵
PID:5524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ffdf9edcc40,0x7ffdf9edcc4c,0x7ffdf9edcc58
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3756,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3860,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  PID:188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4884,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5348,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5112,i,16337536874695344635,5684167747015125607,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:4276

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7b6be7c9149e74f56420e72bc81eccc6

SHA1
9e23abf22ec3009f607a5aecc100c63872ba8290

SHA256
5d01347e992a09fc9fd20f1f4ffa407db4db18408bbbaf92bc2b046a2f994cea

SHA512
5a5152347d7a411c6252d5750c2ea739dc06edd82e0b2838064b0673f0f0bb9b02d424068c0603ef10000e0e42dee075bc39d1c91e028e86cda0d7d0608060d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
dcb1372b3dd583b336a551c0b71841c8

SHA1
7bd3b2447f1c99fdb16e4c9b88ec353e55f0807b

SHA256
f4a30bcc286e15d2098ffe5ec7d5f8b5d8afa5321eee699a5c7545135a882f9d

SHA512
83d3cff81a701ba9999959b15cde44d330028ade70150146f9959955d07e1d05ea0052cb91995f5ae74505ac18cbe3b07a76a9e77587785817c33a8400ac048a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0eacf38e53623332e727671c2daa479b

SHA1
6a5da30989b6faa4c2f01026940cc2d2521713cb

SHA256
20900067bf8a00761a97580905cebf6c8ddf27b97de3481596417e38480062b8

SHA512
31909881986ab98668b790978463ef1029c9af15531838288091c2711a09b6add71d73062a221dfe644272101928da91af566045d23a39da2ff7d06df51e275f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d5dab96cd05c3aa63ee99a6301ce922a

SHA1
dd77a78d6ea13770aabcfafb4fce7c9211ee9bed

SHA256
9116033e62cbbe570b7b35a8443948af557b994bf62052c4c93b475b4b4c4acc

SHA512
211b36e820e4c4618169641efb4b557fdd489af7d7c3bfaa925ffcf991a647ffab064bf636086f583d740401946d324fee413aad61969e6fb24a7b2a8d37c92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5d55f86474c34b5ee63e05ce8f1961f3

SHA1
33960265e64c12d187d961b1915df9fd8291a113

SHA256
2ad99b0db523c281f723bd92fdcc937207a00822538f972952ef49e0fe12ebd6

SHA512
167f11f3d89f9de1853abe0e0f2a804a9cd19213c28d824bee0f33ee01b92376d366f036480202d27290a65e389a6fc3810f200e725ae966d8b64379d9dd3968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b46f65de75aa4460edaed9abd56e6fc3

SHA1
220d89ba5d59c0a96d0918ae9fe78510ff4ae632

SHA256
fff467f1fd88c69f9bb11a86d1b3f90ec9ab91a7effd63bba239f554fd80dc24

SHA512
74e517afcaebcde681f01d7f5834122f3567352bf1f0ba34a6c878da2cad89c0d13e36ce8d6cd489eaaa5c43e1f3b24dd0c7ce6255d2a66afbbbccbb7b6c8abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3102edfa97adb23c4e9085db47b5206a

SHA1
982dc9dac33a4e31254e15fb73f345008e2098cf

SHA256
c6ba42ae86011567e6e77f951df251ab6e0a6d5822a8430ee6f6fb29cde2dc4a

SHA512
f6718fc052819cc5d2e53289bab7ed024a3c9e01b9196b67b47ed2437b68586b0a28719669c35ce3c89c1989d9ad22c3b69c671b0b30ec2431770202296ace16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbbf143bed9c24a70346dccbffbe33e2

SHA1
e10cf2393f8c31a9f85974aaaa6dcd2dc7611177

SHA256
26074609f134b4cee28b6761867051f8b7203e08cc4df36a89c5bdb2084b3d7d

SHA512
3548d39b1741219ceefc0ce1a12aca7ef49278c1581f8334ac84d63f918bf6edfb9063841592eaeea975a059c20cdfcd5453145ad91ba92bf4af9f66b3100375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
760681a263094ce3b442e21f1429f952

SHA1
ab2f82570a793b7bc6fb3b3d0b2be079a7745f04

SHA256
631cee94ae8936167534c9d191b73e0de2b299d8ce2a72a991b657a012e401e1

SHA512
dfd20e93a098d6a371dfeeac4ee53742fb339cd0b557cd35074501084c153667adb3bc03da253671a2ad172629cdb638894a448185bae71f22861dc49d65c060

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1380bf07adda9fe83fe9f89c65c3b668

SHA1
dbbd831c3da8118e18d271e41fcfd8c40e032986

SHA256
f4acd6989c3004bb9cea7cf672a36f8c6379f0b0f06ba2cf071c8ec42cdfd0a8

SHA512
5acb6f312cb346fd59a073dbed86cedfe1d0240916e2e78b0e8407a783381d25ff065d2e7fa2783318045ab18254be400fdff06094a53c88be13664cbfce92ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bc320cf04c9c458c2981c8a11a9eaf1

SHA1
455af6644d90ed5c394eb839a5c63a57bfeb1e07

SHA256
89ed3ef1c6b7157bcba5fae9c12f98cefa1582493c118df6a63be6bc31387b6f

SHA512
68f3b9a627885ff86d4ca0eb3e7e29ae90177b0730c18104ff6fef757bda621aa35fd5b6ff431fd004a4c4549c8c935a71267c2932482c816754214a88008b1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f2f147956d52f183d7d380a8db4b3c52

SHA1
91ceacd609346c6c190998d1e737a886da359343

SHA256
9904f00fafcd57973a896fbb4f5936f7a5077986ac6cd2422e277f34ebd477b6

SHA512
cf55986046cd0654930ebb02ae4f89308d9ac920e5c00c15b743f044cd451624fbaedf1fbba88db2d47427331df3cce95a6969ceaf3548ef686e6bc5d3fd9130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c96b3bdc2a6d3bbecd213b92e936346

SHA1
dd669d7d47567a2cf1f389f8b1ec82877b19a9b0

SHA256
358e829f09e420612ca97485a21ea3a1e1c9b74783830e30c35e7f025ef64655

SHA512
6b66801b9e32f2dc78105213b362bd4c923b606805a098add62958610cc980cb0006b78c183b6874ba0b331be47a9c6f7c485fd43c2dd0670f731e7712c7ee00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
eafc72e2939331c3dc6d09e5699cc210

SHA1
e5f6aba6f24666fb1ed57e5a6cbfa479ee698112

SHA256
2bfe13b1740e3c0fb2f1120153f1b0d39b2f0bd0409894d9753f023056692df3

SHA512
dc68c1fb486dd36f0db02c844e486d57a308c3f69906dac4bf6df9121aeee3c5bc93893852f3310bccbc7c7689e0937e028a5e4ce6ab312e738fe791b23b8e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e4599cf9a6fa959a07465bccf2c9ddfc

SHA1
67387dfc0b6652fb7a7b454447c98bc94049f530

SHA256
6b522cde0c0b9f50871908593d08e5ac27c77d9641dc4484ac1ff7acee508cfb

SHA512
51f3eb4e6a857e520865de9a5ebecbe749e6e72848209955e5a99117d50f4dbd9dedd268d2fa1ddb16c8404af44c8c6a748f892311e7c46983c3b1071000de72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
339ba54bf2962d8dcab6a9d6501a24c4

SHA1
79cea3a3c8bf7c30a6fb38b7a24b326881224103

SHA256
45e71649a1e99ca482ef315e4b93a5e95ef69f7c4f6495af4cf4dab05accedc2

SHA512
6d87351da39355342222a0cc5f16ff1c0dd0031a06d486bd5d7a7b0087fa668d605087a5e4b32154b02dd64e844ff42ff8837e81b87f612121197e2fefd2b05c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
5c18750ea9355607035b0c64d78bef42

SHA1
7aa091c6a4303884bb5eab52942a9c48bc8c2084

SHA256
ec463e8b87c1041cde8bcc40d5c9df2a56381c8d6a169d9d519d70bf0413a0ad

SHA512
2fa3f9d4b739a7b258cd4f8346227ec5eeff70fe9b6f348226f9f969ec2b2794bb576984d7035cb97b8dec9512a50f7ecca2beed6600dc0a0791c8e67b41944a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
7f05fc891c7c476635a2653c13a8723c

SHA1
f9b992fe545a23241ca329c3257ade007c5e72f5

SHA256
6ad04b1dc3f195a5c58f55e90b6ac9d1561a98a875e45af74d190d307e11e0dd

SHA512
aa413d533390e00aa586af97a713e1ffd0d9f28bb197b0097067aa80b0eae4818c94716e53e985cd7fdc2bff370193072f63b93aac842848e43917947c0833a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3b681f1b553061b1d406dca73509e1

SHA1
1d0902a780b041766c456dca466ed6dd88db979a

SHA256
45099d50c298e321f628997d58aff82c1f91aa302cb6a46f5c8a2819a53685d2

SHA512
b6e59b2da8bce61cdb2f0bdbe6dd0486c68bb583a1066cafb979314c4c1baeab4136d9d958e9e9ef3a36b1d7988ae8518080b8aff9748c102d05646aea914283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
165b9ab5b6100e149d42942970795741

SHA1
873ef2b7bb080cee1f9eb80920edb54a235fc326

SHA256
fd01e423cf1b8c61bbc4e1c63f3cd70a81586a9d03a88eebd6ec3a16a1910364

SHA512
5ba31ba647b158325e7282ff6dc83e683b62895a1e3ebd5445a1f121d6d5fdee4b39164514f7c442bf67dbefcc7965c3ee946333e77047ced40df144aebef9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
47KB

MD5
2bbb6e1cbade9a534747c3b0ddf11e21

SHA1
a0a1190787109ae5b6f97907584ee64183ac7dd5

SHA256
5694ef0044eb39fe4f79055ec5cab35c6a36a45b0f044d7e60f892e9e36430c9

SHA512
3cb1c25a43156199d632f87569d30a4b6db9827906a2312e07aa6f79bb8475a115481aa0ff6d8e68199d035c437163c7e876d76db8c317d8bdf07f6a770668f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
75KB

MD5
20281f5937bb9ac7fe51ca3ef8a2f79d

SHA1
9634a85aca8cf140fff175784e5779685dfb6c34

SHA256
f21f10fca393559f373f54cfd341e8857440d2281e43dc1cc739c486def2322e

SHA512
886f661960c910cbafa495e582ac90b05005688b78f5d78752efe6f9078290d859bb190ed09bf3cac623a6057a553e63d48dc2d4ead331bb45a36d3602d6d428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
120KB

MD5
ed37fd6fc47488ffadaa5da07b1a14de

SHA1
5eec6f9ca1ef201a55e08584760629c765ece31f

SHA256
8ec598ce27d788ad7673c84ea68d616957326d1212cfece634dee28f7de530ba

SHA512
2ed34ce0aa1f5b218172fd941d4625a8278b2adea18e1279b35498af95ce43de3cc8ca03ffa9d3ff21c585059c513ea8256304e1f46ea2037ff445232fd6709c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
23KB

MD5
64b98f55f67dec85559273ec790e9fea

SHA1
f8754712f265dab71814931239640a8ad8e77509

SHA256
dafc69368255faee47481a29fef6f8f58b925313131d879bad09a4865b9ab1a1

SHA512
ed8cd5406fce708b7bc33bf7f6710c280e410eb1d61d557093c92000c6111a8de155fb7383cae98d9b0253b560fa4fab890c8b1b02c9eaa534534cecc9bac8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
1.1MB

MD5
abf8c79cb852c461a4f5c1695ffa33da

SHA1
540c8293450c6878812906de58d4b2dbf430ebc0

SHA256
df527fc88a4fe6b7e17a56148c8771429b751750fc0c82ec59c691e770d4c149

SHA512
9031298243f81e06e43ae802142b91f5f1e44cbd643a0d783b0e743ee2c982f7eebf43d6140c6676566e7201df1f1525920d26c9059adabfbc61a6fb68a9d136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
6b7bca8ac98844e9802193d5cc74e246

SHA1
d2cf85543b8414cd622c5397e13e8171042fd417

SHA256
76d8b95c35aaeb1b2e9e636c07983b39a5ef344d25efb47b8f962f64dcce8383

SHA512
7c2452d7c16fc73427e787d371dcd5bbac6b422ab8d14feec0dd596deccfab1458fb3bc0654f1c42f570d4755e566c8782a273c5c056425ad99793b7aa4af683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9f608f61e011c420_0

Filesize
3KB

MD5
c953faa5b798a9356fbbb31531cb3f0e

SHA1
2dd9c56704aaf96666203bba5cf760b7d0861f65

SHA256
7e2998fa1938e6f6499822c8093abdcb854a7734f245d5ef3d640d99b1b282a6

SHA512
6e5132fd5e5d08d441ed5a0a68fd94792c8d2bc711840ede94604c08db7ef54cdfbef5b229c632ef96b2a795eb66e029b4f59669e3d910299d7c4e96453b1855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
4fdc01f17b51374c153c71f51b3fce07

SHA1
e14b1651858860991c781104a2b0ffbf7e11f416

SHA256
334e5054c23343b085f7dd79ef6d31bc322da979e1057378daa8a8c28d20967f

SHA512
a9ec6c0a5b78c841e2e124fe6bf9a8bb4e7de9d1453b246b913d4a678efb43c941c61c936689d5c70dc240c296135fee6b86ea492102e9a848025ef37bdab752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
96b202ee2a18820400eff5fab5310c27

SHA1
e9cebf3ec01abf6cea5f8dd20475a856e4fd3ff2

SHA256
59426a735d63f205f16eb4b0d3a0ba89848d053898dd9c9423800061621507f2

SHA512
65f71e315b9f8f9a319b98f0d69f3510f698510131ff6a0f4d10be18e29a07fcf1e4b0fd434198fb0484c6026140d6f284bb5e7648f559455ec2e77bde27add1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
1ba1e4db7a5bd10e2663ba26847fcdb8

SHA1
c0ecb84a27f73d9a983c9c4704e16bf705062e81

SHA256
de7aa5c0924c3f4b8591d9f8f47bb05198b954146e13f83b82c2bc2b3e7973d5

SHA512
8f47df7d663c35ebd25d511d7afbb135c175e1504b185f9f4d1264ad21dbe313575fe565b67c6d714d161516037d7373aff3bbaf45590463e478f8caef04c493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3336a46f505fd6b6d097b826e452911a

SHA1
72e308156afef972f1ddc73477c0fb02a0fe11ee

SHA256
2683ad79cbb2acec4433af3a5970149d928903cad35fc3e001d7eeabe560aa60

SHA512
300616c99bc3160630baaaf1da6aea8dfdd0a38f12d0cee3fffdf03f61bdafff43d5891e9f36b3106df17af698010e9279444ae465a7d519cc1aedab266da79d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
738ac22535f0510054c25eb1d3fc5008

SHA1
b091bea04bb503167ae8e0d2b17441d2c580e339

SHA256
cdec78bc08ff8735599bbf4a6d8230dda4292f278ef430d778734291b8b84678

SHA512
6e81f1aca640836b4e221adf041aca7f4676bb63da82cb802e9695cc53394ec927becc6f7adcc2dd73f8e6bf09aedbe8e11854ffeef2f7bced5ce4d23ca0fdd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6330d7455c61673a9f3a5cb2408d9777

SHA1
4d152b3e41bd40bd07882b05776f12418eb1e1ae

SHA256
a5918aa1cbe58448382f4a81f10e03d7a701061149e6eafb2658baf58983ff3d

SHA512
fe4418b2738c820cf28ab52e678ae5b3f5a1a7fbbaf85d65db2ffd514a9a717e033a007e93d9e4cff692f53c15504e6a51b1df46a451d17717fc8b43f9b1fe7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a86cb1a6994d9d9c7682235698e07434

SHA1
3b840db820fdce598ac4250bc4e41f4f619abbca

SHA256
7af03514203f2a0d3b1fdb9671b8bed9df5002a6425f3ea7bff869a5647cff90

SHA512
6605c89f2dd66bf1e43bb93e1446ce4190551d0a88b1d37178a016c225dc840b5b0597961a9b2458ac76d9ddf5dc4ba9d7cce38187e526754b5b6731bb11305b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
04cdef4e6e886af20d794674a1a01e22

SHA1
21a15c236eb0e9a7b6560e10749aebe9d4dbc80f

SHA256
dfc6ce2703acb7c37d09b91311fe9fcd5f69f3f8507c186329bd60458847554e

SHA512
aa80329b92221ee4c035ca4cd537b934cf11c6b48331bdf5d3ddbe63394db6e82011e472bbdaf128e895bc5f4ee6aaed356bd44938dd553283c295eee8707067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a8f01b0e6802d8a3cc508a5267e1fd91

SHA1
cfc0191ea38d8ffc2dc333dce1724ea8ff55f6f7

SHA256
069e256123c47e9993c4edd8d8ba87406efaa4ef7f3938d25259bc15f28c523b

SHA512
0ec4689f90a55cf6e2602217f83d90245cf52474683bf0ce0a638f86ee831c9928f613676d65a030e67b0c8de2de48bd276bf41649d22fa0cd74bcf0460f248f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9a29d22fb00e6f4ae3b72824e0965c8a

SHA1
5998034b4880d369524018061cb6d6f2ecc83b46

SHA256
b0e660bfc624b8af49406cfce9277c9ff966e47a0f6cac4007376d1a11538591

SHA512
8498d9528e43863107abcd960153e77c0aa36cd40954e834bb4b6023802815e5e3939a30d1e85e80d72e5df54a32e125be54df5452609a87b76fa8ce3c011aea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
22e43f81b755a45515722cc23f5bf2bc

SHA1
e7a5f620c46b60d791736c5e3ec5796450729bcd

SHA256
db96189885550e1fb9bbc56751e3be9614e2d138cf5e08ffc40d8877e16e201c

SHA512
65b0065c1756e65d0c2893536e1daee540562a6d3e703578836b7069f9ba31c3de40ffd78ea4a617620c383da265e9b0bd5ca60a8d4d0659b42bc1db0e79b2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
ab4360fa0b122d6765ed26e02341b046

SHA1
3576ad4e698948a32f846fec25fd10ea75435841

SHA256
77b2f2debb3c70bd8ac1f2251610d8c7c8d1b1266825883e4cb1c4a46c8472b2

SHA512
40a039adbc611204e4d781aae4026a30337f763a675ea1078ed2ea88aef88cf10d7225797ed83cc233f8914760e2d1cae53511e26e01e7092197fe85c6c7ab50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee3866bdb02dc96549122ac17b6c2204

SHA1
59ff6a4caafe838ef6344a9359e36f308757c766

SHA256
d55e049f1eae2bc42315501bf47640a034cdf5da7b28a6c89538f51a981ac1de

SHA512
2fa80c5bbfe2f625213319c601480bc7df0c2f2f3649cfa2b3e308ecf05b84765efeadd54d278c46c0666ac8296906dbcc36b14c3d748b3a8554fa792a963355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16189a163b9b824d768d03a42d45dad7

SHA1
65e00833ad398d5b52045b2f8c4d1cccdb0476d6

SHA256
fa683c1e5be9bdb17cc4a3f82746fb1d37f0e573878f5c9d831ca7ead06f9f70

SHA512
65c965ea0a1bf385c2e19b937c4d8fe01409f85bc116cb2a348ddfdd9417631114f39c9ef72b87ef8c0a5a9f7c07885096bbe01a9236059d1a25feaec17d3128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
623eb2d32e0feba7a7d933c94ab59dd5

SHA1
676fdb3e18fdc654453b5fa321cc3bb2e4a3a094

SHA256
d3405d8b34c018f8bfa7e6dd5ac70fef2212b2e7d50e759780aa2c6a65d5de9f

SHA512
e86f1601bd34f777d18a5332d48ddf5bed85255d58ced0ca642fe5e43d3af0123d649254e5f030e261a8b5c838f616c583e3384528fe5716dd27b3389af4e731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e744eaaf58a3eb3d61b10231b26e22f4

SHA1
25dba4c65e33b20c94179c8cca89e3719b9e168d

SHA256
de16dafce168921487d421bf37fe7455a89ba5c16726269a08116e770b27469d

SHA512
4af58d73154e23e486a11beebefefbc61f292105efef3ba2ad516121deb94048bde830f51dc9d00f145979bbc5e6e215004fbfe7702b38cccb59ee76e8353fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
265dde520b0f8594fd939d96e5aaf2b1

SHA1
91e0469ce04a86c35073352855ab8c49cdbe7627

SHA256
9534aee46024bf5f1afbcb3662dc0e48875cfa0cdf828892d3ff7e951781df70

SHA512
79c8b71e43dd3aea53ddb6a661e6f6d48da27963e695050494677d31f66e116fc05d27598f1071bbd23dafc6339e4fbe5606598d71c10bffa549746f7fa502f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8fa793eab4ca8c8037eab834c6176956

SHA1
a5c147e6f64faf26161b4b15412a151e32bbd15a

SHA256
903697a21e91b79debc55e0ab50316ad1add4d3441fe63c90a3a0c023d40f1fa

SHA512
4383d40deb94779ef8861b621ffccb91b8b67d0c5c0bbf163757cbbe4031c478d95546e8ae94ff8eea686d6f1c25728ef2a2046d1583f61f4e4a634859cd841c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f13f844e3cccde600c35fbfffac68a0d

SHA1
c2e819152a02d297b5aebec473f1a4f5a157374c

SHA256
3018789240d7b338b32ce065cc899d9f09a64959371e6c01d365f31c6a3f6a01

SHA512
70108d7bd1a46c18b5db9a2967d5161d03438dd815d2025bdeb830b2d3174b3493c32fca1623b057dba1e40f697b1b964cee048cb9497f07a9d21b14b6b33c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8b3b1976ba2e818d504d7688c2065e2

SHA1
7dce3a3f865db3d36b07e1fc5f82531c79feaae3

SHA256
f56741cc8516c8e4be61c2e3aae21c3903a0b2744b927903119d62bf212a1c32

SHA512
329c7b45f07f25800e4d5527fdf182a21b4bfb7678ee6b9397c673598c0de1c6425d61ed152163d3d377bbf86752842753594ea874485067871a9266c84cf3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2be6b9998b5a6f01feee3159bb8aeb8a

SHA1
a51daa4528327f5258fc993216213eccd9d4df81

SHA256
e47854272ff40878894a142f97d74799cfed358a245dfbb6db5d61119398a48a

SHA512
030a3f76f610eeae30941ed33718114259b5693397f907b223b36959737d9ee832549b7dd3edd2d982eec4ff90c9e2b7b7c83896560173f7d747d1207ee9aca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
75925f15eea21a8d6265c8dd3a6060d0

SHA1
3ed4f9b0b449edcb4cef9739a06058670b8d74fb

SHA256
f00ac7d08ac440d26c391e4a3af78bf009f26d948f772cd6e924df1992713b57

SHA512
fc156d9003c824f6226fa2fd1072631467cee018d740519392bfca22dd0d40981b334529cc662da602da0ab233213d5abd74c9873afb143e04f732846b559661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
266fd022dee7f7f93cacddef83561998

SHA1
6172c07bcfc47788e58076c79fd9708182869687

SHA256
54d9f72052ef6a54771f7ad19c71ee006f8b3c4d6e780a0402e6362f37aeb891

SHA512
b9531f8b0a8dd9f24afcab36a8750a5dc4ecd09712e4c50d2f02b346bb26056ffb2a24150bcc6cea3f9384fe1cbe7725d5aba7c139e911897527f1d2c5b3294a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4dee686d555dd2b78caead1c8843a2ec

SHA1
59845fc28ef8d1f5f49509cd3b629af27110b24c

SHA256
016ecc5b63524823a03c03f6859661858e4e275a3799ef90690648ae61083ed5

SHA512
1e3f50c39b4a12b7b9102ca6ac2205a2a1f213cb0d6880a7f50045b21130bd388107c1ab157adf0d6e82b002e23097b3d1d5d39b3dc20d0403a36ba8a21cd264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fbe88590eb53324a07735f547c527495

SHA1
82f2fa6d9a68beb45570c334a96a9b007090d7db

SHA256
a49685af73be5f5296b628b48867043e14a37a3d02842698ff163c47a60fe1e5

SHA512
3a09cb9b6fbc9ebf19a7cc0ca0ef78cb84082bfca0c3b4af134976fd8aec91dcc10990fc1454e2498130795fe1f15b3c560ef25ea88716304748b2e10fa8df1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2dee88eca0a052bf4f88db17fc799738

SHA1
feb758a17466d43d5fcf56616135e2e059f79cd3

SHA256
bf4a5da7489eb131618decc11558eab3e81ba374a3a10483cba3f0957324dc81

SHA512
275e9f5864048cb23b9c2f2e51eedbcbf0eb6b1342743c67452d302fa12152c0cb01b9f5063fe0aca967edd42263e80a0e9d5060ed8f281f531813128afdaa41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
524c0eba78201e8faad29c29d0a611ff

SHA1
b8d23f3f70313f9f0f8c1e293e70a3f8173adea9

SHA256
693ac11a04057152b30e8d26dc646186c3e54bbe397122b457374d92620fde52

SHA512
5481d83540551f9999d6dbbe94c7ac200b53bb81e5d9a5a94761274332a0b4e4aad05a9689fed5b9ad6fb2c1d06f91e2730eaa4f53950f8e14cef5cf2af452ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eeec2e8fdb3d10926be7f7f005a6add4

SHA1
ef91d915a57451a526ffde4634f1152c6a751104

SHA256
3a35c99ef359936c246b01412cf6c3bd0a7b190fbfefa584d62cc27e6f6522b1

SHA512
c2044601211d75abf5bea962e73760289ec660326f7e8fce5a588a6a7672923682fa45a0876f197ec75c943d780bd06649d1810edb8331a293365dcc415cb4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fc54ad5a2d34d92348fe2f1dde9b7c8

SHA1
e0aabdc48fcf33a4ea273e5e0058392bc91c18e7

SHA256
f66abe9179807849932089b8a0dbc87e3ede04701dbd57327a834a12180204d7

SHA512
9ded5323519d9383767396ed15871af679b4e111771c1d1cf72da3ce6929ce1c532d679bfad47b294a31a17ea6ea0152763f01126963f009453c185c0a9cec66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f42f8d544aa3d68269bc2fed6587b9ad

SHA1
311c765a8e68d18ad383e24e11cd93fb5679675d

SHA256
8ef6e0cabfe67b7ff287aabe530a09722d3b90b08c120b863b9a2d0ff791721a

SHA512
826fad3e810de8e599599a44444da607a2756bf7853e60c3c96e91a20bab2175f88371dc303387b903e418c127c677ea969597d8227d1424d536c92c58b47796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c21999170d631a5b6f47b349b601f422

SHA1
6de0d4a42bc47ff8ad943027d31474c19a680b14

SHA256
42750a01edc8bb24982c371273134aa4e6b6ea08aca8566c114165a9d9b21740

SHA512
3dd1f360cead191f44f3a51f993629680606a0415076f9fe1640b8763a18652c7a1c1d142ccb57d7d0e4a553e31af4f9013dc3144356b96ac3e1396d26b0625b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5371eaead1f7c7cb3d922fb23206aab1

SHA1
6ad566ea0f9c164d415cfb0b0d1a6b389c3f01fd

SHA256
15e8f9a7775bb3e5d2c89fe5ae4f77a76ed84d4e9da8d07c157959c8dc1300a1

SHA512
b35a7580270a6d4bc2d37bd6f4dafdebf0365c8dacb4da0044167958ac5b712a840c2975835ee64f7b6bc01ce3e71b5373f45ab392621c724014d5853bf498da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd6e765828e9ca42f2e629f6b77ef951

SHA1
93010fe572c26939248826a8c46dfe1598be78c2

SHA256
f27a96309926280df104652745044d867129e5d3e5631b875da8cc4f63d254e8

SHA512
ef4d71176486113c3eb095a7b7cbd27d57e5b521a58f2820bdd542ec282aecac865203fc025b3a75e616ad6a8d7043a8550091f6eefa9b48a6191533fd3abd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9592e4198062ff9805edb25c09d8075d

SHA1
219da4443f0d4e73080d8944c5578244f7da53ce

SHA256
4c8469849ee3c5a36025d86154af77909107fdc13b8b7bb924ee64b768d91001

SHA512
47b198db12852390b0eca64201308a34f071974c50dcb4a5133ea6e89dc48bc3fe89dd1d9c88d124901db2d61d9a321717b09c6780d601156135c34b38c482a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1c0a2aaac23624989b547a03746fcad9

SHA1
3fc8ffcdec9ee5c9cb9c4c7b6c97bd9662a673fd

SHA256
0c0153169aa2b39963be4f17c3f3e886322c05a57d1a39d54b2880b56ddb1272

SHA512
972510cdd6c37f8f098fd66b18e3b0ce43ff9526170e6f73b1b168c175e774509d9697cfc6a118837a49e0de6594fe9188e20dce02d81b395f790dedc0ac4c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfb87dd6650f0c3691beb545179ed770

SHA1
93981b77b07e859264cb4ec55658a559a8860e82

SHA256
e49bf39aa0e345b0e47689bec40b39ce8914ae4c0d6c80c7f7e10df4221dadfc

SHA512
bfcd2e7df35c393ce08ef8f4e8e5ba2c8ee963e6257a84d5f4e185a0ae9906f307aaa964d4cd496c4aa23ac0c6fbfcbcf3d610f347823810ed047fcaf15ddb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b73fa3e00785e85516c0580f84bba733

SHA1
02c254b0d48c8785ae18ad2eb7595177788e33cc

SHA256
aaf6aece972238f193c168349691beecf0c6a21aadf464cbdd953ee78467c7cf

SHA512
6287d9a2e744c47369673cb231d3662907a2bfe0b34eb07346de5f5f5c99224d128432864e2de8db55ead671a6c487e74081e51a4aa68ac66dda85500d09c461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17196fe36804207d8d639f309376ccbe

SHA1
a220bfeae5cc425f0d9a671a293b2011a572546d

SHA256
128af8336d0d3262eaf6fef59a237ba697a963311c2eeacf670c23bac3482e85

SHA512
b5dde7b99eada10722d93c16a05a176c6bd202d875bef1386dcf9ec96a4ad2c194a6a5121570716c016283970ba206b0c0d941cd0a3896c909763017b48a54b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d040.TMP

Filesize
533B

MD5
bd55cf6b4a14cc3d45309a431bdb556a

SHA1
7ed8737b282fd528931707cc25d8fff8158f3634

SHA256
1affc8de3a1d87a040fc42b99f97b0710f5bada77d4710a10a899186163598a7

SHA512
8f505de7bbd4cf41353a5148baa977e70d7b8cbf04543a76392a4c43bdab7237ac758bcc67fd39daafdab29427d9aba9ac0178f740371912e0c5973a32d1ee0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0b505712d9112f5be9cba4c2d98f567f

SHA1
0635d15d3a04e25a3c5fc914f8014466f2e8c541

SHA256
3f49a86a3f858adb0e08cb581e3abd5eb17b46ec772cbe589223a7475ede5bf9

SHA512
8a630c892fe61407f726acb7d9d528890f1759d9ce165be35fa28665f21c509f14bf92dd744579cc4a8608a2e4ca4e9d772829996c7d688f76bf3c9a02ddec08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d949b2d631405411d4aa1dca0c19d3d7

SHA1
178e1e7ab6677526cd4002f411bf1b586e01c7a8

SHA256
4b8dd5e4fd9ca4c9339b74e31faa6c484a27f3365cb090af0a08747f2563c404

SHA512
1e38a470f0398068d3a50532b06bd1b93a360a19bf8ee351e870ead42994f752934c167489a66622134ee6fa39db902f10ae627377ad4965a8f56bde0c8e6a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5a342b568c79f7be09d9f81bee9da96

SHA1
9aa891d91cef9b1990444112483280af0377af38

SHA256
7cce796ffeb52fe2c9ce18cffbc7f1ee6b786f6338493a2493d8d469f06f206b

SHA512
c2a8e69245b2d8e9cf7286223cef6ff8991bd8be7fe96dd679775b9c49543eb9ab026d36a5a46f0a8dcdaa874317e60905f07cb050c4a3bf5e54c4392eabb3d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c857335e9aad052248dab5b0523388e

SHA1
0c8c0945fd9e6a6f27e18621e97670ff51720bf1

SHA256
c275083438630728a51ca336f4aa6d9f614f5d147afbcd6d3b02917ebd4f7441

SHA512
4a177e3ee14a1522028ee0d4abb6cd9f7cdad2739f2c93425cb4dd3d1faeb53feba845adc9b5c38a84f5ea8d2083aac5251dcaa38d41197ed637f4a53afc28a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
35c11674e41e303834acd14867b68053

SHA1
7aa31f015ed12549d3f6810e673186f018b6cb6c

SHA256
b54c1babcb1df779a77ba535562af0feb88965ab0aaafeaaec4d05982fc68780

SHA512
196bc41ef6e5e9deec3fdb086ea3f9458c43a16c55878a05c939b3cdafcff935354585f760bd2441eb7cac354c1f1f4108ab86501883a10b46cc5c01ca712e36

Download Submit
C:\Users\Admin\AppData\Local\Temp\36d38698-59cf-487a-9a43-c8001acec600.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2300_466481186\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2ea15a85c5ca3e77ee4f6984244c98dc

SHA1
02dc418b036c73ef558923a507b97ce0f4dff29e

SHA256
53ab26858022e7b4fd47d90cc89243aee251e98aab9fabe6bccef936cbf2df29

SHA512
592d27398e3d2d95e8c0ec522a1c294ea3d7e8029e40c4c1eaf3819a07a526185fea8a44c58b503126a32629dd58e330fbc45e62c56fbabd631601d60b7f03b8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5b8bccdb6790cac77aa539bd0a0c03a6

SHA1
9d1462317d6cb7c90cbef4acb63c1e4b6cefc0b4

SHA256
a060ec4fd65780079289c1559984eec640c7172d990893600d72569ca37fa161

SHA512
f3d6d66a382b66c3c81e9f8eecc99323d56f05bd03c667ad9acc8d4b507d3ac5a2db7b06f1e6dc1951eeb9b0abc536bd8c80f3f2b04507949d8bc97e6da59933

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
a4d029accbca9242640be8de6221e079

SHA1
28c139306ccbf12e48d25297c67824590bc11af6

SHA256
a105ccdfe0d75effaef4ae106b80922ee3cfda76e3e51246e3b7f1203b639afd

SHA512
0c136eb8e1ae64d6457b9fb304d1c1927546f3cb881bf09166c35a7bdb97db460a97673afe4679cc599ee59b4df24abdb5f24f0df19b98c6fc7de94dcdc3ad75

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
717835e920dde8cd82120e479529fee7

SHA1
319f64a1f29e4722c9a82e42775598f709256dc1

SHA256
f6d684d596fdaf69d99bc8bb36f8e42dae05d8446cd77c17561aa68429ff281d

SHA512
2984f15a54b02c280c9081eb5c788d510a0f0949ae6fd9b80b17f67b04d9df331a7a76d489a58dae07a203bb5a0e0661d2f602090525d22ef9d1b4864a9215d8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 539044.crdownload

Filesize
904KB

MD5
73ffe4ad6f24aee464e1835ccf7daadb

SHA1
b01bd18608eeb3ebe06abf5b08952c0482ab10a6

SHA256
90f9da2052ba2e933a12066b12f3dfb4a74ea2428c86bace81e7b63730c406e8

SHA512
a531e50afdf35095f1ac2a2b51ce57c33983a7b44689b0f662749c5101b72f6f540be9cb28446d090656a025d5a50fce5685f97a1dbb0d5c2f69de29e3e627fa

Download Submit