discordrat | b6c7009dd8b089a584aeb6ba37fb75c11a415d63512347beece251e69da5c63b

Resubmissions

02-02-2025 02:35

250202-c21mnatkcq 10

02-02-2025 02:32

250202-c1ezka1ngt 10

02-02-2025 02:21

250202-ctafhasqbl 10

Analysis

max time kernel
597s
max time network
613s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2025 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NebulaExecutor.rar
Size

27KB
MD5

f44ba3369f118e9cc2611886494cc3f8
SHA1

ecfcbd5f3149762e00298980c79137ee3299be3a
SHA256

b6c7009dd8b089a584aeb6ba37fb75c11a415d63512347beece251e69da5c63b
SHA512

b31cd82c9c490e5dc0358459e7d81f12e2ba4ca092d71e27d078d740475fc5857e758b1c3e3996e69ee989bcf21e0acde9c6eeaaba6f30c9f1ea1bcb1eb3cac1
SSDEEP

768:2/Dgm33+7HbJRN4FnxT+nugwNwlG+sbiVTRsn:1Ou7Hbh4Ftou9zfbmRu

Score

10^/10

discordrat defense_evasion discovery persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMzNTM0MTMyNTUxMTU1NzE5MQ.GJnF0Z.22Phw5o1Gt-WE6QFl0-J7NOftNtcUB5FqXmuQE
server_id
1334897427899093072

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 2 IoCs

flow	pid	Process
67	4344	NebulaExecutor.exe
110	2496	NebulaExecutor.exe

Executes dropped EXE 2 IoCs

pid	Process
4344	NebulaExecutor.exe
2496	NebulaExecutor.exe

Loads dropped DLL 2 IoCs

pid	Process
2260	taskmgr.exe
2260	taskmgr.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 55 IoCs

Web Service

T1102

flow	ioc
109	raw.githubusercontent.com
69	discord.com
71	discord.com
79	discord.com
88	discord.com
107	discord.com
188	discord.com
93	discord.com
104	discord.com
99	discord.com
180	discord.com
189	discord.com
57	discord.com
62	discord.com
75	discord.com
65	discord.com
101	discord.com
366	discord.com
64	discord.com
94	discord.com
163	discord.com
70	discord.com
86	discord.com
89	discord.com
110	raw.githubusercontent.com
115	discord.com
187	discord.com
100	discord.com
159	discord.com
111	discord.com
179	discord.com
97	discord.com
106	discord.com
116	discord.com
162	discord.com
63	discord.com
77	discord.com
105	discord.com
108	discord.com
114	discord.com
207	discord.com
72	discord.com
87	discord.com
103	discord.com
186	discord.com
66	raw.githubusercontent.com
78	discord.com
112	discord.com
85	discord.com
90	discord.com
198	discord.com
67	raw.githubusercontent.com
46	discord.com
47	discord.com
52	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
339	api.ipify.org
343	api.ipify.org

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmp2FC7.tmp.png"	NebulaExecutor.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1720	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
4344	NebulaExecutor.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4448	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeRestorePrivilege	2020	7zFM.exe
Token: 35	2020	7zFM.exe
Token: SeRestorePrivilege	1920	7zG.exe
Token: 35	1920	7zG.exe
Token: SeSecurityPrivilege	1920	7zG.exe
Token: SeSecurityPrivilege	1920	7zG.exe
Token: SeDebugPrivilege	4344	NebulaExecutor.exe
Token: 33	2964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2964	AUDIODG.EXE
Token: SeDebugPrivilege	2260	taskmgr.exe
Token: SeSystemProfilePrivilege	2260	taskmgr.exe
Token: SeCreateGlobalPrivilege	2260	taskmgr.exe
Token: SeDebugPrivilege	2496	NebulaExecutor.exe
Token: 33	2260	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2260	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2020	7zFM.exe
1920	7zG.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe
2260	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4344	NebulaExecutor.exe
4344	NebulaExecutor.exe
1720	POWERPNT.EXE
1720	POWERPNT.EXE
1720	POWERPNT.EXE
1720	POWERPNT.EXE
1720	POWERPNT.EXE
1720	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 4448	2496	NebulaExecutor.exe	104
PID 2496 wrote to memory of 4448	2496	NebulaExecutor.exe	104
PID 4448 wrote to memory of 404	4448	msedge.exe	105
PID 4448 wrote to memory of 404	4448	msedge.exe	105
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 2972	4448	msedge.exe	106
PID 4448 wrote to memory of 4332	4448	msedge.exe	107
PID 4448 wrote to memory of 4332	4448	msedge.exe	107
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108
PID 4448 wrote to memory of 4788	4448	msedge.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\NebulaExecutor.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:380

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\NebulaExecutor\" -spe -an -ai#7zMap10706:86:7zEvent2039
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1920

C:\Users\Admin\Desktop\NebulaExecutor\NebulaExecutor.exe
"C:\Users\Admin\Desktop\NebulaExecutor\NebulaExecutor.exe"
1⤵
- Downloads MZ/PE file
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2964

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2260

C:\Users\Admin\Desktop\NebulaExecutor\NebulaExecutor.exe
"C:\Users\Admin\Desktop\NebulaExecutor\NebulaExecutor.exe"
1⤵
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
    3⤵
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
    3⤵
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,5977269597738929662,17787276683780511857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:3384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
    3⤵
    PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:1084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:4256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
    3⤵
    PID:1800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:4264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:2920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
    3⤵
    PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:5568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
    3⤵
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:5756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
    3⤵
    PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
    3⤵
    PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:5896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
    3⤵
    PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
    3⤵
    PID:6224
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
    3⤵
    PID:6336
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
    3⤵
    PID:6808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
    3⤵
    PID:6828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
    3⤵
    PID:6832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
    3⤵
    PID:792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
    3⤵
    PID:7056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 /prefetch:8
    3⤵
    PID:6128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:6188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3447172619057215505,1651981143483426455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
    3⤵
    PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15228796542725843154,7322772501143200281,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15228796542725843154,7322772501143200281,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:2220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:6140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7ead46f8,0x7ffa7ead4708,0x7ffa7ead4718
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:6828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    PID:6424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3068 /prefetch:8
    3⤵
    PID:6780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:7028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:6956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
    3⤵
    PID:5396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
    3⤵
    PID:6600
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
    3⤵
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
    3⤵
    PID:2624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:6976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4827157421527846976,6213732148883005600,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:4772

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Desktop\MountSuspend.pptm" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
545f36a08ed42153635a6da2ca826219

SHA1
eab4a501d6aeea272c6ebcd9783004a7c0925a80

SHA256
ba6134f2c6e67ccca8cd4be9ea456a58b35e69c0a566d5b46dbe61ff1d6169e8

SHA512
0f7409d454f4784b93951f1cc824f31927bbcf8f70931aa235ae971f9e28955b319548c9b7649dfb26f23f11b422f8c6d7e01fba4af5a30c4f1b7459e8d3bdaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
90d62582da7cf6e66f99729c3c177b47

SHA1
6441ee83a9eecf3cb89881786c7106785e66eb11

SHA256
0ba6bac75c1a9a142e217ab8c943aa0554dc927e82d811ae285c7dcdf2ab937d

SHA512
d3e23bb5184444c67f7e0712f55bd81afc35706a9a05a70ce30b5f074a3dcaeb00a01fd7cafdc9c45451bd692abdbbb97fe1151e99ac37eca9e516d945af9218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0bd731d6e6c6178cd668b2816f118b76

SHA1
38a60bf3d4f8fd03907f0e7205bc4adabcbb9f45

SHA256
388abaf0026c3deb8370219b78bcd6929d151f452bfe6918d83a13ecc3104188

SHA512
9892e219cd24dcac4a5e8753dfc1afdee8c50ca4cf8510c4e3164c42d494af9f2cbb6ea3f2f813723acfe7135a8a27d42691d8e6253b63bf30bdc6588553235e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3bea79dc864ddcf151edf16ce24de59a

SHA1
52f0ef89383bccec4494722753c6a84de7f7997f

SHA256
65e9d0c222a8bc4eef46e4380938bb3cbac8c9dc3320f57eabf1755b0c0cc145

SHA512
f6f03d437f8fb259bf6f47033ca16d51abcee5b6fae9aa6d40e3cdfabe0f56e753cc8beff6500af25f9fe7ff04d88a15e3545b82de2ab92e77296e01923be4a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
52f193a2b773293acd0c7438995fd600

SHA1
f2892c19e2a363e207839a79fb1a595fee3f7a86

SHA256
82b60aa0e8e274a8c30d73b17b494f3952a22799c980d0f392ca3d245b3d5257

SHA512
d817ea6f7822d032aabbf31d28d08a21759704382e0685ccec76182e80d9b3177d0e7c3ef6366eecbb0e6ea48ea1b35446465237b7a8cd9e185cdd8d8a39f896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
48d6b9a7c3e1d981e1ba123231a4b4df

SHA1
3302085b5ed6eac3d3f0d0ebf76ade7c52108999

SHA256
61450a9da4fb6cb73f57125daa7fba86a27c5e5bc724240298ec86b819a5f4d9

SHA512
3068561f716e4322ca86e3102aa5ec120061f07818d4e368452746124715112f6687632faca6c23f58dba2a54498ccef6a795bc173dc14c376aa174cadfb9bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
28KB

MD5
59357e34d8432ac6b757f8b4d88ff06a

SHA1
15e8869a64812a23a8192f94b029806eb5d4ec12

SHA256
21f102e5df82464c7bfa5ea7f0f40b8e33b357a72cf399b7fa39767f0231590a

SHA512
b098d1b3106afa6097244c81a76792f7bc8d95195e2fbe0aff0414cc508d24f06386947aac38c65f81acd79593e1ac06ed8ce4c387d70f4b4fd91e7fd34e1f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
a3a5e471edbc3b6837ab93c166b0c63e

SHA1
cfa7e1b829c800a78e6140062c0bfe85f1cff4c2

SHA256
4a64a548793e06b80b17b38dab11f36a62ab60e927848276000ea18d8a5cea64

SHA512
db9a1e38414b49d9f94fe0361d6398b62751a1e3deaf80e83545678925e62acdc2e25e2e8e5ad799bc672a5c3fe8af7870a3e21d9bdc3fd70d8e7178c1907cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
88KB

MD5
7f8351fe91c5a56c6d608ab0989a44a1

SHA1
8dd694b4dd0a23e8de32a5b67fff2c25911092e9

SHA256
afe31d0ef4910a1381c6cffeeab40f6085939dfb9f26b51a8e2905c884a8a1e3

SHA512
ae4d1aca4f8f261e34b2c6e0057c77e3c00e2cc89ea9d780916e0a7523fd07363c7593243cc82c719319fc429b78c176b1345593c0068d5436bf906dad5234b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
28KB

MD5
0dd25e4fd6d349b150029297a14ff1de

SHA1
4d2d1895b157d868ed538035a343a72b0dabe1a4

SHA256
b279d2ce468f91599ac68efbd63dd1c5c24d39c64a76e4c8e0d3eb57adb7006b

SHA512
475c4048555f69c9397f36a3275d6cf5a587ee4d50793f8cb2a7cd790518eaa45419b4b960927402607a9a703e05d59a83c4c005024af97a669e769f051979d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
36KB

MD5
28afe735c8cf73a6c88376fbd85508c1

SHA1
34fdee7096fb2cb28594ce2d5ff63e41f09c22cd

SHA256
22de5e30581bae29ba36f0a045e9901d996880838619b2af86d16a9a2c055111

SHA512
4b64d34859ebd25287e5d15ad2e622abe7222c38200f34f9e46b6e0673982a6f7384cba8353fcfe55f4ce7370f0ac4fd6126f4acfc5d42c7ddb0ca306dfad250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
c84c1315c5f796d2de1a42e62ec08f96

SHA1
270a980cbee942cb7c4567cc8b806cb58dce974d

SHA256
f24be89551b4dad34adac7f12e2d14c01322084c63a5d56913eea2f9f77f37c1

SHA512
f28a0b6d08bd842d59d012f07a1a092df7e17a46c0bb540dc50113bd5fc10082ed942e85bcb6aae9ab5c4a308ccee5ca79e4e8694d6ed551b74480e9373dc929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
16KB

MD5
2882c2f6d375ef43ce7d23380b1b6129

SHA1
522a10b74922def728255ca76754d2af37b4b62d

SHA256
1af4145d0c5a7ce346f24a7cb7c6f54f63f3b6bda124e7c6fe9e362e7b4b9236

SHA512
86444739fe5c975a05ef446f44cea67299ad38ae69727cac3aae83b0170950bb33d9649ead49390efeb3c8864d5807682663c2ba64d39896ed8acd680d047a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
19KB

MD5
26d4a83894469a81af8d71566ade44d9

SHA1
dde157bac8b01d647e7c43f8efbc7101da3e15ba

SHA256
c803a9668a769175c7154c9f1d6ef7b0d63c55a4a8e92be6c272b9478280c74a

SHA512
8e35f3f982dbb0f18338762e1e80a1f3aff25d1654e1f2872258393f033c4fcf9eeb824aa13eeaa0181163606167aaeb06add602dee1faf07e453397fbe6d738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
17KB

MD5
e59c446fe269cd4fdbcdd184c4fe88b0

SHA1
14097cb3fdd86cce8a27762d9438c5b31dd08ef1

SHA256
c1cbb4eed58ba1263843d48e91a64a4566fce468c2cc82944ccbaa0a688037b9

SHA512
e4fa8233e1d937c432993db182348c976eff31143fb89677e2d1d4c47379bc811c5b1b67ab290767eda27c5b39d266a5a2014d78ed731203a60f30670ca45b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
65KB

MD5
c8bf7fc1a7f32d8e69daccf720b59a08

SHA1
01eb5030356a47d14135e96157ece40ce28ddfed

SHA256
0d714c013ee1dc2d071d52786d91741b1382095314f1844dd3ac4744f2e59193

SHA512
5e3e6e3daf3360e88d2f0cdd5d8e46143cadb9e9d62994a5f5c0507ff228da6fc53005fc9cb85343e588b5c31f6741f112e81f9272c1710e51ad307406cf644c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
17KB

MD5
7df344c16c64a7b6762c205f505c00b5

SHA1
2ccdab8fc5f983a3f5d906051158f95e82b16e3b

SHA256
ddeac823c805ec55d177a14aea55dfc8e5d3142e26deb37df352637ecebd3668

SHA512
4c707db2d87e3c51fa7e0c289f918d4a5815d76a40c3e02c9cbc9f01e15893c66e04a6ac8aa4425799e064fbeb9a8a6f2bd13863d7fa181bcbda1c2178ceec09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03d21fd74f411456_0

Filesize
1KB

MD5
f200454aea33301ca3221b2cac117c5c

SHA1
0b8c56f2168960e25b21d79b83ccf5b2b1d52f99

SHA256
4d017f84b85ccddd5e47cb494ca80d06a1a5715127bd44098372fbef76c29908

SHA512
ee6709cd56c397d42191926a6495807d3456213451374b5cbefbd13d82335d4319d8e23343be728d03e9d9d2d394bea27b17495156a332c04b7faa8b9412cbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05bd979de154135b_0

Filesize
89KB

MD5
ea756f6babb6b2bcf11881ddd92dd7b3

SHA1
848df89b7d777aff7aeb8922f5f554c0ed3cc6d8

SHA256
b86d88c47883d7f9f4eb4efcf1c220667e830d63de524ef0cb0b79ce32244764

SHA512
40348f04233b735f562e6e8f40044d45b2e0b0f2415530345754ea7da438605beb55bb6db6c47097f7c3ebf1cd115b3416fa9fcfb6a3b1953a897a3b4d5f263f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ef075775c69ab20_0

Filesize
265B

MD5
db59342c10697204e5495ea8450e36c3

SHA1
1b6fe4166472e38dcfa577b89bfc96575a9ec534

SHA256
c3088f2f3400ae4cf5c52b6a08f789dcca75ab27b1bdf8b58ad9be584d97aced

SHA512
d33373d4ac7bc72afd653721fe6345b5907f33866980fc0a5bd3353f99fcfc5f1eeda01cf1a0408a1ffe24743ba7b04427c2255dd6d6fe66cb27af4c33f061fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\119cfc5d85bb7853_0

Filesize
2KB

MD5
ceab37336ed4026b09b7ad02221c9f6c

SHA1
3610039661639a3884bafa8b498e683f5f801fa4

SHA256
d56b8f07bca4355872bd0bca8a1fc3fb6488b444117a81ba99fd4fd110815c46

SHA512
0046aae2ba643ab37a7b516671b136c10853fcbc5de35ec59a252c469197c5b24875bb525f696bf45d002297e5772a8ce22475242874df2eb1104be5806fdd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2602086a98dfb98d_0

Filesize
2KB

MD5
7e88ad5a08b215ca2f8ba905fb6ffdd2

SHA1
a2efc51f3234b6713bf7d66e8f614bb1b33787bf

SHA256
b81d517089f2dbf49a3c27a7a51ceb658e5eaa0c1a392aabeefb9f42cd7eb596

SHA512
90d54bf0487374d23d87f7e2c77be405818ee3d1ee8746528bf48d46a01d970ad7c2c8c066e750da30b4095c987d56394f59fbed2fef9f723216faed139d7b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d6e1a4601df0a0a_0

Filesize
4KB

MD5
4b18b508bcd71913fe6a935e1946e627

SHA1
5783b783f4160e8142871cfdd64678c58951903e

SHA256
d7098152cd024c8406b2c0972e010d99c4b24a0d9464a12dc874a6090968df07

SHA512
2bb3ef42f8547f26d4560a5f2bb50707e1d0449dfb3f503d938f4adae97bc4e2b5ac735936937f27df1698afa30c9dbe14c61dbe77269581a291d55f7b9a329e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4829d19fae9749df_0

Filesize
134KB

MD5
fa9e24e2da2281112ef3267f5ae9b651

SHA1
d3503c146c5303d2c32a92c43f753556671163ad

SHA256
6742a343fbbf5883e1cee23fdbc289e5cc89265bfceda9597193100803fe3004

SHA512
6096cda6f9242093671fb63928f84b11a79acaa598c777155d7c6772529152af51288bbbbb816b6baa3675505883dcdb219df36f77adba52489d56a337ec7f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4eeeab5fc5d38751_0

Filesize
3KB

MD5
5907e1f862f47854e6cb1d2354926e26

SHA1
e85b82781a7d8d81e874a5baca0fac9eb4917259

SHA256
700900024ae0ac49b0ee09b03ffb79d4229bad1cad10b276778d7b9d237e37e6

SHA512
cd956371b5577eb49dfa8a64cf59964a3f7fdd1f67640c31c8212b09c2b1717ae9925b5bd9c8cb116c1e1226645dd275a67020c307859f75d3e3c86e1724e9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\634e4c4d8912b368_0

Filesize
2KB

MD5
7825a479c8c66fef479944535fd8279e

SHA1
4e698bf2fb4d6f169cd02fed18f2d1e77f066796

SHA256
986849f2f3ee897f2c6a7896bba996a60ca341a7b8a5df5e8486c4b6cde7c014

SHA512
a3f90ffe072dcf1bd91baa3938c68c54e271b77fd28a956c0e2f8632cb8255a7b50375bf4de42b22d976095cc32b9387b73daf5ef87102239beb71c3e677c6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75a5098eb270b1de_0

Filesize
11KB

MD5
c897396f0b46601a3d353b9128a382c7

SHA1
90b387e00bcb34965e70e1d42a96c6d824f984db

SHA256
f5e211c5c12a00d722c832126f75448b747baecb8224734b806938d0898ef925

SHA512
261be01f45c80d9a85c3725a98abd9b7ef2b4f1ba730b9e0f51099b9e8854f7a02824b100ca8742ea4623bb501d929481b377dbf47db62f2b18976a272bfbdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85fb26b6c4273f46_0

Filesize
21KB

MD5
e4ae09a433d340ac2d42ba8590dcaf05

SHA1
bda9412292a3d871f919be26a86a513805157c46

SHA256
feae13d9f2ac51adbe3e139a8b8b51be54b222fbca1170d4114d9253d7fa5708

SHA512
1b0bff39d5262e1dd991240e6403eee0a0351d0c4b42d2dcbbdd328caccc166a7bdf5445e5a0d7799e50dff142f7142e641b26a1a72dd11f9300fa666e9e6e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca13a4847b44e77f_0

Filesize
5KB

MD5
880a96e19d73965a7478d90ca21e3ab8

SHA1
50bd239f50aa2c0376e1068cbc8d1887372fcf67

SHA256
d745c8c2a120052a9fef90ab056cfaf8e11a33c53c8486a6a063e2f641dac785

SHA512
24d6d47e632898f746e721bbfc8b79d4e983afcffb43544b42b8efa7520284f261bce929f30565c2f61a6f8670d73e1163a5c9fcacd0980dab334515e59d4943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca2def54de39dae1_0

Filesize
3KB

MD5
b06c253eb696fbe136ad750ce907834d

SHA1
bf9c81b4bfc3bb05dfbef87f1e0131cfaf43b747

SHA256
9e18bb5006394e73760a887714c707b6c56a638d9a7ebba6d6a0872730671b81

SHA512
e695437a440f4ae2ad3ffd903e204b2241ad36e83b1a683bc22068f5c7cc25f86cc6614b10617d8c0df8311bf04db86f902a892ced02193e210c59b546c5448e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3e06f5af569ce76_0

Filesize
1KB

MD5
a7acde8e9aa138b390d501be745bf823

SHA1
56610c8f807a215e84a922e8384aa2c194d9eb29

SHA256
076aabbf7a071d7ff92ab420c935fb444deda3b3c6bb3d5373ec6e11c2529c46

SHA512
4c16f8107eeea742bdd47aeb0195e62e02b046cc6b9aa9254f369a931e8a7f7506f2f262cbb171b1492d0fd817e200eba10fc3dfd7965f16725701142d0d1f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d9942aad92f23db5_0

Filesize
10KB

MD5
6f83736878561818ad5238c4b1ec8752

SHA1
26caff74b3ab1c8370dc72dabd1fa5f88fc4c135

SHA256
feec91d0679a7978342f48d862b44ae013c784c1e46b3f830ebee8bb7521993c

SHA512
28024d587d079e9dd7df7889b428416da10285a135658f1c27700c82efeb727eacb1bcb32dbf9d08ae7d9e3aa44a972314edc3f99638f23dd9e60967aca01ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd357ae0a01f4267_0

Filesize
3KB

MD5
703803f08bd147acd68baa8a45406169

SHA1
92e81a79f31d64b9ce0ce98861474a6302fc17d9

SHA256
50dc3a60c1056f8c33d7e548c2622ed339a825e25795f53c27f5d6377693059f

SHA512
9e76564138769ab19315067b6a06ad26294962e3781f2dfb737cfd51b75a96801617815e7002dd2207cdb958bcc47719ad934743be72ebdf02a638e70b3d1276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f39752e2a6b60dfe_0

Filesize
269B

MD5
12f2be839ecdac54990476e7336aa588

SHA1
f2fc57751db144ad509a5c5de83edb33dfdcb21a

SHA256
a9a202f6073d81f5b93775ed03ebcd53929f80219b40c224fa22d5a10abee0f4

SHA512
752e93bb41c9c2e7cb5f5e65b847894bdc4c83869007e6484cd6d9531ba81feb4e364aa3b6d5a12eca0624f02eb20aceac90c88a2699ef41f9e0b0ab146b9839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
17a308e997db173fcadd3c1158c7f008

SHA1
9f071b0f3fae99a816bb757acc0d66a3f308f753

SHA256
d8cd108947511f6167b2fdab6395a28fc0702b3f4a3ed3471ccb00a12366537c

SHA512
b40c63f34ff5c5d23dde3e746957aa659da5d7507bedc58a7fdbe03edd8412ab0842bce09357b0033c9f3bfba00deca1c8f04cfa6a18b356fd23bd5e972c5d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
baf5d3b84907819e6679e528a2255958

SHA1
2fac8096ecfe0f65913f8d36fc288afa495a71c0

SHA256
9f3c2f804e07eab0e6e2f0863e5b0f8645395a85976778995fd016f366c45379

SHA512
28ac1ebf220b8b900daef3911b06618dce14c8c8e829dbd7804b50cebf96adc010dce4c205f5155bb2cb74730c7c47bff14424a54a7d387d8db5bfe8b5742d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f2bebf73f2e6ec973fcf1dcb6cc1b4fd

SHA1
34279d760508e9536d4c36238470f7ece79a54a9

SHA256
7b25bd276fca662af3bb59f6f7426b4533bd92a75b6b6d26ea66f89cf0db0115

SHA512
606d37a16164ca4a0ee7b60b84260e5ef766232b1102249c4931cc3caae5eeb5147ed846b33134efd9c870f5ec1dd94539a575b36ee6a1eb576200382aa0988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6cbffadf4aa10ceb27d97289b10320b6

SHA1
40c4f5e9b4ce6edad75df2d3b85a5f6f28090017

SHA256
4450a8be1100a2993babfacf081e014864315063eb84e151a08db666568098aa

SHA512
d5ed70c8c10afe4add8c2e6fa226c60d3b2665491308f551429c727e9df667e47fca84c586646922518943893fa94a4b95fb7f9456a64fcb9733a4435aa2a502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
cfd437d82538481263603a859a988bf5

SHA1
4e38f4c126ab8b3f82099ed071161c70242f739c

SHA256
732e4741f32d9a91bfce52cbf468f05806269c5d8c1ef58170909d0b672ed9bf

SHA512
1b844d4f36636c517c3bb628ef2f9682333504ee90f0acd8afbcb19674e0a84f5710f0004200057622111e83f8d30b5a8fbfed883a493b464864d5b304679f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
81e9a4129bd4eb7995955120feede2e1

SHA1
a7107072cea4c0eb9ee3d2a7bfea3656449eb667

SHA256
759a345f674571333d7f15c69265ed3f8da8f2ad1ff91c91f6ee5eb88e426a09

SHA512
491829784ed724c5008e6135267ed435ac4d558aa709c863d27d649c002bc7735ed8225f29e683316b697b62a43753eecf67dbd7611c1b2f792ba8ce44d46449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
bfc7c24366f4a3c9240a5c85803e7241

SHA1
ccbe05590598bab1c7957e51941e29102fe20019

SHA256
215f89a2cfa3767215314347d8cac7af431abe1bba53bb4d9436fa8931a12189

SHA512
4e2f38c481ed19d521528fffec601e22b36e730dcdb9b86a75c591886d492fa628e0deea6869260f8051495aa81bdd4b7dee1b704136a71eb62e42ff56ee97c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
990B

MD5
86d1919145a6270d93bf342a83da3e58

SHA1
2f44f8da2db428b3fa70b360df85601db4be4ed0

SHA256
87c458de7fe8cd6a02dfca2f8c7e07f130aa4f82bc53be013c231e3a83254e9c

SHA512
db3a40c14104a32321c7472fe060602ae43a1d2ee271bc2dfb2853404a8d7df69c72755a978ae308ae0d8d1e8627a92adf71159bd085828cb398506fd7fbae04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
101B

MD5
7cd971003443dc7a10589095276055b7

SHA1
dc00eaf0e8d9c45b9e74829f1be01862b79360e6

SHA256
d0164201a832f3e8bc38204e74defe2192b92f69696e5980a0479d63520c4956

SHA512
bc0cbcb450e5b0558f32306b5416163088482fe4ef2e4a93bc5d6bba27b2dd970c16aaaaa821bb70121bf79267dd0f460aa7078a09d45cc89a68d1e293567616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
b4da709508348abcf52417465f2350da

SHA1
1696aa2dfbe903b7e338fcbabe68f24f43b94a08

SHA256
c1870b2b3712c6acbdb4b7ba4a6a76e393f9bd1ea2fda99e411bae5b1e3908c4

SHA512
029600c2fc1bea79d2ef1b73cf520083bdba37a0ebe3c4f711738f58537952d5df1cb87475853d023fd7a40dac89d99ebf4b859753ca5bed53b203a8c87e796e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a01d90e1123e350eef0916f58c455921

SHA1
9f51059169ed97bdedb83d29cdc719bea5afa05d

SHA256
43a4131ae46ab8681613d63fec1268fe8a3c2fed16bb98bef2a3bd153b693352

SHA512
18dedfcb01fd77c6c0ccba72b5c46a70db3eb22b70e31e4b69be4729d7c92c9cfc1f082f0a20041fa090b7bfd2d0a094ac6c1106ada8b9648eeb9326fc17980c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
535e07cb039acf533b5fbfc2ff4ee7f1

SHA1
c2b1aa442fbbc1f6f68139c3c10c6f5d53ae9504

SHA256
7f5f4afd9664cbcde21141ab0bb7de1907a2293547329de795fc2d030dfa4275

SHA512
9502bd5365bc3451aa9b829e23cb462abab3fe78d2348ae0c4b6800fe6dd5610448379903ccccf5ccbf8f357cb0d73c6644eb8273e6db464639ca3ebcb742a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
87446a66105bee32b0c1101331808fc0

SHA1
a6bc9e3b6ea687f223d805cb7ef9bc38aea38b30

SHA256
a9a4b3df01fb2c63bf4aa871908b44b3b354ac51300d9fd7485d6d845c4e2177

SHA512
1e80329d2051f390815beb122a137a731f25d7ba52cc1d27357ff4509d34c756681b0683bdae371fb7a1285538f88e55dd17bbacdd6499512fbe3d1809ba2806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0985f9a1bf83765d7b259ab75720a0e4

SHA1
28a5747dfb9bbafd6934f1f3c3af6c9d7060f49c

SHA256
bc2899af1e38dae60515159fd39c86c0245b3e4b6fc4722d0e137d9f9796abcd

SHA512
ae462e057b7cc996b38e14fad121532f991f4db8501b9490f5ec4a1d05dc22d3c2113344e5a95abd213f82c968ba8df14cc325742781d264e5c48c69b62113c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
301d6f3205714b53f6a238321f50b3bd

SHA1
6677894e0df9238bde2808400d9b27a74fd69ed7

SHA256
16926d609c512feb6fba1a2904e2899ddbdca4e156bb8c6c22bea623f06085da

SHA512
2908b5e46500c1bfda55ad9963145092255f51ae41f5e6858939a3c82e219c27d609cc1653a1c24d2495d18922129956fcec8206d6a396ef7521c6d9a0b2d20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95aa43a10c3236caf2ef1d1a898faad0

SHA1
1014a99196ed0cc5c20a9a30071b562a229cf4d7

SHA256
938aa991a1ee0ee9bd69611c741babfc70bcd8f79f249c736113c0c3730459ca

SHA512
444c8c6acb8a10d35a98dcbae7fd3f9d65fbf2f64ffc8df02a693806508190182e57c4dc1b00b95a0a6e06c7dd083a9bb15aace49248522ce57fa6ccb2cb87e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
552bee24738b6551e025af40c82375a6

SHA1
d8fab70948252529b5532a5079a1c9f5773cd987

SHA256
b3b33b0578f83136fb78d36aef6f42dafe3c369223a836d425865e5f573f2d71

SHA512
a2070009406a9294497b1e3cb69c66f2564176a84820263422d82904ab52f0d2cc64c3f98356cea5cd17a143f01a12ba99301e9cf0a969d35ff879ccd85fa14c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c01aa5ee7defb970accecbd6a95e4f4d

SHA1
2c6618d176c6ef6e5ff09c169f25df4bcad8747a

SHA256
009e3234018de927a94a948f010a45d667c675003b57f2f693e663f1c3d6e835

SHA512
02061aeb86be4701f321b541d05570b28784fe05205716954a1b675e3f673b812adbb6c8854d17577be4bf87bc4f400d6a335a85590403c27fab3c61ae43ec60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f2d2f3e13506912c235d93d2245d4559

SHA1
67364f3741911cfb3b04b25f165e2a2a99488ab9

SHA256
3a0f4118a768ee6a90f4191774c712469cc47ac9eac6845be12574b32f1d0ab6

SHA512
91c2e972652dd638784d27dcc380eb07feef2e7329849966f14bc37b593b9bafeb9c5a7a427e4e6c868178c87497d6db2a93d74de2f20aa19e90ebf2655b0e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a98e5ad5a9f48ebd008cecf8e7715026

SHA1
51049911db45377fb139e188656369b28cef565f

SHA256
23383f1b698245cb7afc8af904c86d97e1d0b0ae3cbabffb6d29f863eaa4aa05

SHA512
b68b24d013938c1720b6d1d7a5ded395b4acd5ba75e2c2a6a34ad3b7ae805f211225dadbb105c1b9e4c6872ec7d170ff6ce2c3740d048a0f7f657af455d3eb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
33add81369ccc766e10cec78fc7bbd1f

SHA1
ac456f6b419ae718e8087539185bc5b3aebc5c0a

SHA256
3f5d015a10923e3591708aeb15881989fc5c5c5096c8145a81cdeb5cf25a8f6f

SHA512
8e32a774c235e0efe08c54a5472c35ee1285b0f7307b6e1b1f39fc74a33d6ae6d25da3b88155b76899e395843924481d5ce660d6911f52b58b28b8c7f667a530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1e4d1576a258db9c272fe8a10117dff3

SHA1
f663f8ec38fe065e328cba9199dab7e62237c41a

SHA256
8e8e18bb7f7d4a48b0ead74a3ddeb662535089a0796207653f057243f64eca5b

SHA512
050e9ec5409ce37247629f077571de26db919c73c28d7f7065308c69ed32ff4fe75373e8d142a3e8631d2ac33917b68f459bd0753cd4dc0c24908fa2caeaa673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4ac803c51118fd1b72b8b89a32bfe6d

SHA1
40427136bd0d6e5203c376ba04ed15a319020646

SHA256
c3be61964ad2bbb3ab9132535fb97119caf00fb05c29c183c80b82cf6d933a5f

SHA512
2596fb3ba3be1db9fe88728e3ffeb55a9464e03a9af5aa9918250807c5692d3eaf9bd5d1a6729c6ca87ae2e17afe4c8c87b271ae144fca8bbff5c82bfe81fb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
873B

MD5
b7f9eef4853e405e6d23c4c32f61427e

SHA1
ed826e6ae41bbb46a8c4700660882a7d1d9f7ebc

SHA256
8920fc0178729b1ee582cb0ea5b236fe6317c30f5bd3fd01f34f3ea8477e928b

SHA512
e4ca5d2b7d4ea4a67b38f39621d9e77a719e27336473c795dbc87317459709bbcf1be94e7adeb460fcbfb13161ed53dc0b407bf2ceaccd9a3570d5792f26f73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
60dd83455b24175f0e4e7b026d969dfb

SHA1
196ad52a5ab7a588dc1a5d436011bd8c1795d965

SHA256
6b32821b093245ace17fdf9b60e425dfc757c194013d63b6f657f585f925eae7

SHA512
af8835cf6c35a68091d3ec5e172f64fbea1ecc7dabe2837d3aa63031e9ba24c1e703a250c05b666fa28f749a7181c7c29cd9e639c9971141b814558f7e92da4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
07e96eddbbdf16b6871ecf59f89c784a

SHA1
148a3425aa52b61bf0fff4e178ff7e8c955d80ec

SHA256
64e01e5c155a803055532202d705b05f2a8bf50451f8546eebfeb925b1bdafe9

SHA512
b83b3760fa20a4bc0f2fa80595665a6a1ba27196336da60cb9db7dcd29c21fa010eed18d158ef968d587614282c1da377329facf21491271ca2223dd086d22ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5f432c.TMP

Filesize
48B

MD5
fb87de55eaf2eb00ddf3500d7c0d7c48

SHA1
4bbd9cef757abe210233d299ec1c6e0ec14d4ae9

SHA256
f8e396cbd28a16b0d3bde6262f30987f715b926864baae7a854b0a7ca831903c

SHA512
05bfe647d7d74e48cf648c018acab7f4e4902866e635ca671da02c120e4955a62484d464ee35771b3bfc8c4fc6eda78457f8056fb98715e0e5a8892c6a1d8d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
904B

MD5
dd1485e244cf86650b782a4bc02572c3

SHA1
3e84639839f628caef5e38f89dc097450df7f994

SHA256
b1a40e12ceceb56f026f75b9e11b3be407e42b4fa4f23364afe30008ce5760d4

SHA512
55dbba3191dbb64745d693f258517e462267f13d38b13b7d9074ed0e6a596d197a530428a1441496b0891522e52e26211c95d430344d8f42b0b53f95ff3be275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
f0cee2254489585468f6207d98aa4fcb

SHA1
07441a0ac821207625aa485fc1a6d8b3b0135613

SHA256
4aeb456e0d974893c3008d9f52d87c4af73474b2ce60209f39e4989534725341

SHA512
1097601fcf6bf63af65a43ae12ad86c03a0eed328d00203bb08bfb4d77735d3438c7c2f272c660d04b4d83300c8e8ce354d5c8a14f4b762374fced2265a85edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382937009070815

Filesize
7KB

MD5
c09edc75355579e6ba3e30d9c6ed2e74

SHA1
6ac1f31730ceea1b6346ecad5d17cef629c71834

SHA256
2ec12a81a0f722205b02ca373c2db2426f29848f8dadf72967e96373d44b9a07

SHA512
5fd9982699ec476394aa482e0a6bc127f6cfee08c0ef2ae4cbc0f7db83f1cc5b493a7d9e9ea2b62725a1b706ea1ce28b9e9606d2ae05b3ac6efaf474d63ff92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3749bc24786b64272e3f69dfc7df7daf

SHA1
2fa8faa729156958162eefd75f2e774732bfe7df

SHA256
c07bc895416bc04535187dd30fcec2a5a2cfd4c4dfde162c75b72eceff168c02

SHA512
062689c61c9822acfc3215a47503852fb9613669204f88d16fb1737ad2d7d49f8c166dff2cb1fad87d10c0e27b125880854b85c97be050d414892496226eb297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a7a2aa0a58df35910ca6dcce9dcda6a9

SHA1
a54edfe7e26a19a21b3c8b4e08e0506b4d05d720

SHA256
04394213778f858dd6f10a8dfb4b04bd77de93143af48b5cd528489fd74c141e

SHA512
1a91864ff4606f55a82b30af161b5f8eda04a40f56ebe6c4ccf3aff27e354910652cdd69930759553cfc6f336b3055edb15e354cf99c176753483a026efdbb72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
19ff2c2d55dc6a4cda99903d6f57a7a3

SHA1
1896d60096b6075363a52800b521382aa5b9ea24

SHA256
bf14e1cd91599b3e186469693fae5da8717998d6f85c3254e2b525d9b7d8cf9e

SHA512
0d31a8caa84cda6c3418291ea6795d19af4b2c664c38f98d505b47b53c6a7039fe54cb478eeb9de055e43d342dc17ece7a6234d2d484ca94ad1e00f617faf3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69ad2050c63f1d74d36fe97a24128a36

SHA1
b5eefce2cf90d3704e77abfa9c1f29d39c539e29

SHA256
1cf5270e4b0593f16e95d017b308474cacf546f08eafe03953b008d451473918

SHA512
2b1c7a610127fe9e236ad5057a154290de52c923969705adcbb8b1fdd33df3d3eabff64938b9bebebd2fd7303764850fc0a4088f7615556f912d2b6b1ba99225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
00f98ae8808857b6bb75d277943dff68

SHA1
378cff55239c4762b6b6de6f2f670902bb6d7ad9

SHA256
adc38f231ef6178301872e8236d31d9daf2453ed71b0f8ab20a5ea52536fcafa

SHA512
e4757c2618784802bff4ed8722c3e4a9d1b2aec085fd968a5375c06df47d92379db8fe645dfdd956c78fa2d7510b415b21365d73d604707f3a8214eb063ccbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2235f447b884f8a30277b008813eb366

SHA1
89d9386a6d3017836a21c65fa39bb18f5cf5e622

SHA256
3a6678515be805617767fec4738fbe09cf0a37b966f63cbe2ba6f55177aa3573

SHA512
116c5f79847a25526cef1ef55046a1386c9e34064d2b28a9ed09e80e712bd351ee45a0a355e1cb5c48e43bf545d2ce5bab8f67217893c6bd17e517586b8a514f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
7894ff6928a869063a4e3715425ff53b

SHA1
0f9f3df5afcfe4214a8cf38a888daf61a3cb4d41

SHA256
dca8b16a6d5c19208e20b8da4f798b813c939fe6c3ef483eedb8596f964c8b27

SHA512
5630746bc8d6fe2ae8c6ccf7e5af35333cf702f7bb1f6f6bb47c3049e4d9c66d08de4f3f1a4d1f3ce34754918f9181267a09fad0610d52a478ffde49c4e258ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b45879f6f1cfb9056f4c98f519bd894f

SHA1
edc7494df2a58e71ab18f9e9ac38999e4757a0d6

SHA256
8e476b25fd68bb788239dcd1592a77d2c3beef3e3ae9bcc7d2d894857fab9128

SHA512
35275d5dab44d223e9ce7dce9ccb1221b76f6c6990295bafd40f6d36b134f629201d61ceb3617c5692ea6649395c465decd523b6e8bea4910f92e0aaa5fc7272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cc6c2276d41efbd36200c48490122842

SHA1
438a8e64c3d603f76d58c93d5fe1a62c14d5d208

SHA256
27c71128c8745a118e60dc250888c2d8e45fd718e7697532e36d95d3f309187e

SHA512
9878645d21e860897477d3695fd6783f1d8f80939d296c869b9157d9f61ca3b0d0db6e8180ac8cf6d236fd774127d05117306c5ccd70d00c0e033e031ba4bab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b21d4808-7d93-41f2-92b8-5048b3b95b5d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
9eb7a43989445437270e0bae4322cec2

SHA1
92915de55f1007e29303c4992b635eb8e4fe4b50

SHA256
dd93852f5b0ec58d870c6bd389e0b3bb0bb49bcaf0774ecfd480290ae347db21

SHA512
ae0cfefde0386225729a4955e3357dab8cc921bf64bc698282047641eb0e1d3339bc9a320ac3f6a37f7b95c2bb159fb317f46cc0eefa6f5d8cd1df4dd6954d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
57fda95672987fede49240230a507aa6

SHA1
92162da8e51ace27d5fffc1468c9953bb84b1051

SHA256
667d13bdc7176483aecf35284f3c2b0e7b575f852d004b69668c145195f08c30

SHA512
0732bfbe4c800dbc3f42efe08a8ed0fcb03b975c9f04a2c018e5333c1f4e221c20e146386d48de2ea13cb5ad4bde14f88505218237bffd77ceadf1697d9d5d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
4f56e5360d79cba0b5d04ef3be850cf4

SHA1
87623b8ae2db96cf7549cc9c867c1fa02c3f8262

SHA256
8832af10588412ef74a35dfe449ce4318dcfe383d8095b06230f4debb1fc718a

SHA512
8e196bc59a8057205e99bfb6f27a9118a671d4bd8ca4cd475566e91069589c280595c49a47e82aac2bb5b28d8dc2497a1c1d3c1e39082e2917a52daaeef86d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
c826117f2347e10e0baf85ab5470dea2

SHA1
0d6e1952a24be032bc70b8008a5f00edf2d09431

SHA256
a9d17fa6531bc6d00364b1ab62992125264d0839f70c06efdf345ff2909212f4

SHA512
87eb73adb674f38d3cd9388be07bc802001fd7caa50dc4998caf38c777da78e194fb146cb2dc9919d7f75219addd43ac7dc154eecb5c6a845703468ae1666300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a3b978c9e18c449c57217872de89874

SHA1
559ef6fa4f7bed64d6431d43fc586c05b2f18d26

SHA256
d166a39090c3c79beb711d79917f260df873780509efb7410137767ad45934db

SHA512
056d6fcbaf6122fcd52b462d0934628d5ac8c709828610a067eee7896470c2b711139b04044bd5eb22848391c4e9632059666ece1a5e0121611cfe664ece662c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
605718437bcd304a1009fb752750c2c9

SHA1
f1c316ceba47c88d22fc11e9aaac07af847e75d6

SHA256
3cde004b2dacfc48cb14ceaa12a64059ee528575d4d2f564b93d96a65003afd3

SHA512
075038d48b1f8dc7b2e28229bbdf355a72bf2c28ef5d9c43f2b95c9bda431bfb3ddd0ae1d31a1c6a0de9f2136e18e35c3fe9178715fca98f4d0a3200eaa6efac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c8cf8e7a9779052ae4c05427c22e100

SHA1
9c9012ec43c7e7ce48e41a0eaa3f4eae920a456e

SHA256
e658f95d41840a4b04661410c9262719829c88a4e4d533e12bcfae4b883c118c

SHA512
6c45f1320f957207a5d07540b6a6970d6d72c2177332da13e92683b32704908097d51e6a339ea33990267eb49229a91750c00c1f09bef60de0695ff766de3783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c1c6a99c68588ab8f4e662c143cb4ac2

SHA1
fe816094e1be693a2511e93a174f4bd0fcd6405e

SHA256
4a10a69836d90bee8aa2a7773fccdd2a6d9d792da1e66fe9e6728fa2a5f02dab

SHA512
684c1547273de90e0531358017f5e782781f07368aa1a0930a9d85dcf9b37a4b0c50b841a9c59d181315204b2f7b8a53d68ed3e852b10e118fecdc41e7961ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
528641667b2a34cc3d5919949cf5e3a6

SHA1
efa3e569f603d6f340bc9724cb62a5109db58bd0

SHA256
b10863add94a5cb344b7c8880741912af1704767bbc4469fdc2247f3c56e47ac

SHA512
d360081060bea49b13df9fa48a4e66c2bf62c6ae35a5b20f415b6b9369ffe60d0fa55bf32cfcd2fd9eb55a2d209a1a62b1e55bf05d87c62003655d309cc35923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
cf77912dc29463002426981c51ed0d9d

SHA1
180aa75d053cf5763c40962970dd0c29e0e3a22a

SHA256
4398a03daa700941c3440621726f2a89171554938940310283e2a49e17f93256

SHA512
e3556d357093731ab46b01f5be82800fc0c5b4a305d68e71e7b7b62c3e549db24c83728465f4bfdcaeb07a150ee8377138f3f9388c9769f927395ee2be650093

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_579299FC00BB42FF8339DC801EE10EEC.dat

Filesize
940B

MD5
8070292254c6e773514f676226370438

SHA1
feb145f27cca5e2154840b8737087858e8fd017f

SHA256
6be6264ff4afc911f468dc26c1856c0f98ba99fba36919a95c2b39c56e11e0cf

SHA512
50fc8b2ced89a0b08a34e2061ebcec2b6f8d66a24641d60560b62a1ac48e64da73837877754861e0c785338ad62d8cb1ec43f187fc814868ac8c0c5ebd9d2d1a

Download Submit
C:\Users\Admin\Desktop\NebulaExecutor\NebulaExecutor.exe

Filesize
78KB

MD5
1f7c55917fc1e27a77bcaa3497156e87

SHA1
81f89045a559a1836a3fac0a36a7f7076c995339

SHA256
399b3c64845039ef901bd16539ee97688cc75eba8f9aae39353784dcd0d5f0f7

SHA512
381d354b71987339a78acf6d1df8db883b617e8da66ad54179a4f9940cf319d866f602ca09cb409cc95764c5f502dca24b96134e2305aa7feacc124d3ca05f8e

Download Submit
memory/1720-448-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-450-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-449-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-1826-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-451-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-1827-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-452-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-1828-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-1825-0x00007FFA51E90000-0x00007FFA51EA0000-memory.dmp

Filesize
64KB

Download
memory/1720-453-0x00007FFA4F890000-0x00007FFA4F8A0000-memory.dmp

Filesize
64KB

Download
memory/1720-454-0x00007FFA4F890000-0x00007FFA4F8A0000-memory.dmp

Filesize
64KB

Download
memory/2260-27-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-29-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-21-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-22-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-32-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-31-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-30-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-20-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-26-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2260-28-0x0000012EDAAB0000-0x0000012EDAAB1000-memory.dmp

Filesize
4KB

Download
memory/2496-37-0x000001BD1A780000-0x000001BD1A78E000-memory.dmp

Filesize
56KB

Download
memory/4344-9-0x0000029BA0020000-0x0000029BA02EA000-memory.dmp

Filesize
2.8MB

Download
memory/4344-12-0x0000029B9D930000-0x0000029B9D9DA000-memory.dmp

Filesize
680KB

Download
memory/4344-8-0x0000029B9DDB0000-0x0000029B9E2D8000-memory.dmp

Filesize
5.2MB

Download
memory/4344-7-0x0000029B9CB30000-0x0000029B9CCF2000-memory.dmp

Filesize
1.8MB

Download
memory/4344-6-0x0000029B824D0000-0x0000029B824E8000-memory.dmp

Filesize
96KB

Download