ed14a4d2759d943ecf24e78779da1211a9ba7a143b25f30fced6f58705a15635

Analysis

max time kernel
114s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
06-07-2022 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LogonFuck.exe
Size

9.4MB
MD5

0a2b300c470403d18d20e3165e8d65b3
SHA1

8c11a3169e87c5d2299367efb2560100c44ddacb
SHA256

ed14a4d2759d943ecf24e78779da1211a9ba7a143b25f30fced6f58705a15635
SHA512

0a718f62cb3b4f3b656b7f831298e555c136c053ae0ffe697a7b60836c14411cead48f74aa5eb115aea09aedf5b23dfe353742bade5eb872144c5b54fc278d1b

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

LogonFuck.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	LogonFuck.exe

Disables Task Manager via registry modification
evasion
Executes dropped EXE 1 IoCs

Processes:

LogonUI.exe

pid process

5600 LogonUI.exe

pid	process
5600	LogonUI.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

LogonFuck.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation	LogonFuck.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File Permissions Modification
T1222

Processes:

takeown.exe

pid process

4500 takeown.exe

pid	process
4500	takeown.exe

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

266 api.ipify.org
269 api.ipify.org
Drops file in System32 directory 1 IoCs

Processes:

LogonFuck.exe

description ioc process

File opened for modification C:\Windows\System32\LogonUI.exe LogonFuck.exe

flow	ioc
266	api.ipify.org
269	api.ipify.org

description	ioc	process
File opened for modification	C:\Windows\System32\LogonUI.exe	LogonFuck.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\65b9e47f-1cc3-4198-a288-530d74cad20a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220706064249.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

LogonFuck.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeLogonUI.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
832	LogonFuck.exe
3456	msedge.exe
3456	msedge.exe
3620	msedge.exe
3620	msedge.exe
1556	identity_helper.exe
1556	identity_helper.exe
4660	msedge.exe
4660	msedge.exe
4268	msedge.exe
4268	msedge.exe
1004	identity_helper.exe
1004	identity_helper.exe
4332	msedge.exe
4332	msedge.exe
3572	msedge.exe
3572	msedge.exe
380	msedge.exe
380	msedge.exe
4748	msedge.exe
4748	msedge.exe
5600	LogonUI.exe
5600	LogonUI.exe
5600	LogonUI.exe
5712	identity_helper.exe
5712	identity_helper.exe
4932	msedge.exe
4932	msedge.exe
5608	msedge.exe
5608	msedge.exe
2612	msedge.exe
2612	msedge.exe
3200	msedge.exe
3200	msedge.exe
5452	identity_helper.exe
5452	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
5608	msedge.exe
5608	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe
3200	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

LogonFuck.exetakeown.exeAUDIODG.EXELogonUI.exe

description	pid	process
Token: SeDebugPrivilege	832	LogonFuck.exe
Token: SeDebugPrivilege	832	LogonFuck.exe
Token: SeTakeOwnershipPrivilege	4500	takeown.exe
Token: 33	4628	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4628	AUDIODG.EXE
Token: SeDebugPrivilege	5600	LogonUI.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
3572	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe
5608	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

LogonFuck.exemsedge.exe

description	pid	process	target process
PID 832 wrote to memory of 4500	832	LogonFuck.exe	takeown.exe
PID 832 wrote to memory of 4500	832	LogonFuck.exe	takeown.exe
PID 832 wrote to memory of 3620	832	LogonFuck.exe	msedge.exe
PID 832 wrote to memory of 3620	832	LogonFuck.exe	msedge.exe
PID 3620 wrote to memory of 3848	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3848	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3120	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3456	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 3456	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe
PID 3620 wrote to memory of 5012	3620	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\LogonFuck.exe
"C:\Users\Admin\AppData\Local\Temp\LogonFuck.exe"
1⤵
- Disables RegEdit via registry modification
- Checks computer location settings
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:832

C:\Windows\System32\takeown.exe
"C:\Windows\System32\takeown.exe" /f C:\Windows\System32\LogonUI.exe
2⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kaspersky.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
3⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
3⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
3⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
3⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 /prefetch:8
3⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
3⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
3⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 /prefetch:8
3⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
3⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
3⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
3⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff610c75460,0x7ff610c75470,0x7ff610c75480
4⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.norton.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
3⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 /prefetch:8
3⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
3⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
3⤵
PID:696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
3⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 /prefetch:8
3⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
3⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
3⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
3⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avg.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
3⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:8
3⤵
PID:3256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
3⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
3⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3884 /prefetch:8
3⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
3⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
3⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:2144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
3⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
3⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
3⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
3⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 /prefetch:8
3⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
3⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
3⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
3⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 /prefetch:8
3⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
3⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
3⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
3⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
3⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
3⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avira.com/
2⤵
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mcafee.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
3⤵
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
3⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
3⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
3⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 /prefetch:8
3⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bitdefender.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff865054718
3⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
3⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
3⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
3⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
3⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 /prefetch:8
3⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
3⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
3⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
3⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
3⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
3⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6240 /prefetch:8
3⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
3⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
3⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
3⤵
PID:4824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0 0x474
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3965055 /state1:0x41c64e6d
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6092

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:5696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f0e3ac67c976d7fac8c950488be02c3b

SHA1
ba07b838c3298d77e077dbb37619611cd5e5a5e9

SHA256
34ed3321d7819cf644722104ac595ad8b5d54c7d11989da017f4dec6b8efc4a1

SHA512
6718c3465f79747fe7ab39cbb13bdea8a5fca830cf5a91893f0f5eff39f378e058f167a291b0fc26e75d35c6325d8fd4f0432aab78b3724435ba1f4f8f700100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
83b84853e00e88f71d3f54dc9b05f9cd

SHA1
fcb845997eff58cbd6099a99c2cd86af32a12ae4

SHA256
f94941d968a0af4a6e1c305859ac12000f710906010767be6603f176ade08838

SHA512
b489af04c51b40c050ab3527112c376e53a73824560cadd052bc03d1fc2475991b309ea9cd91d317cc2369138d89d5a41f21044fa5a453c242c866b9134ac986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
aac0caf278d2f8c8c494729c202387fa

SHA1
1c0c8ebe611a6b9541a15d7ad8581b02d44a9f07

SHA256
8448392002ea576eb1cee0edd00a3054e10a7a8d50d1905cd82c90f87059c550

SHA512
b0f1386b0b8bace08044a470cdbdbecc95f2a8aac691e0fd850344404b31579b587c54c1271019af8b47c35505b906eaece011ffdcd20794c461454a679ec1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
b1c956844ab11eaa48908c90cba414ce

SHA1
da16f91167ae25720a09566488bdfe019a612fa0

SHA256
ef7162a46eea7305ca2f706a368f650e4e96a8db00980a86c3ee28519c8496df

SHA512
e18531ea356db28f79b0c1ac9d9d65c73f7b600835cb67b9c3ab1456c6c8d437f26a8e71f48d1576934394d1fc8560fa2cac40f69e54780172d496f46f095872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
88227194cb3835a49a329585701cdc31

SHA1
5dcbf7fc0ed087eb6d455e66102cba1fb254ae40

SHA256
cadad7f09242dc9d56a713cffbd229881ce6315d225a141c2c50406289a6d11e

SHA512
3e0751aebb6861322e71af13ebb5291ac523b6ed4041231e2cdeb4380db632e23ca990d54bb45079314323ab1c0db437281838b883a6821856c58044b8fc3ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index
Filesize
256KB

MD5
b4cc0a3b88af0eeaffc7b6fb0f3fbeec

SHA1
f68f7fddd62bd96a7a8d9ae2e3afb47be79a6f96

SHA256
aebbb0c69c1f99e7e87368508cf5786211fddf5da974c74dd8bdf4de061d5d8e

SHA512
7321a2149e425e3d32662b8c342fa69f21c8d2b06d49b23866548b164b393682c754eca21a92e1b86e8295423493fae04a994e61f2df871fd981b0a1ca24ae55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
002f24d30e3bbce1e9659c9bc21e9973

SHA1
97fd48e39078f8ea16ca51bafd09cf33ef0072f5

SHA256
887c2144b9fcb946f1886c813265f71f028e3fe7df804f63cad7fe96e395e558

SHA512
e96c192023f1db6e3af112c9b1b8f0ef141173ed45169f5cb3aea1e751135291f0dc29701d4288f1c60384025e68b42594a66689af44143a7b370e96f88d62f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
4129cb4251ed17ed2daaf7a2c92dc6b6

SHA1
de58b81703c3afce96b8a13dcd76b4806a050e6d

SHA256
585c016f92b890dabe73e77c00841bc46352e0c1f89d151a47502f69ee9697c9

SHA512
fac10f96b90434a087c3f2c6b0eb53db9ce303d8d8866f130c0ec5fc971d9e904b6ab65fe36f153c8bf82d12a48259f956b2a31f384fd608bdc35a5d6ecf0cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
8552bb74f9de6cf4358d9a7d626471d5

SHA1
f987732a6ff6b13d5058a48bf70876496728f3f8

SHA256
1b0f97768e886b5f7ad586d8c9e937565964592928da19bbe6866c481e5558bd

SHA512
6f445ff1a7064fd566789fb400bcdb32114456c83aac6fa7faf13c0ef350485cfcb56dc31a3cbb98fa258fb8cf09a2f237316f0f30a0f09b92f27df9072b3561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
e991f1d0986559c11f082565921dc226

SHA1
f2c5791a2250708187c2f7096125c9ebb013dd71

SHA256
aeb613d7c8e10bd024f337034e83d7885797c860df7497a4db1af36e227ea5e5

SHA512
8e99c252e1ba5599d82ea3a74ed946c9192c6e016646748005558166b22c7d17601867ee5ef2dd46687a0ea1eaf3ed2a163733b321801abf6d65e98d16b201fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
ae6e0660dfafd15cb9dc0480fceddff3

SHA1
2d961c17d76f59b8a00dfb11badde7a24818c454

SHA256
caf52013681663d770a92bc0a2f11be74b54dbc8d6c28cd662620604f050b35c

SHA512
dea88ddce98aa6421031c0d23fa8cae179f5eae0cbfc9e6a040b198c032fd516873f0237ad85cb1e4a850b31e1ca83dcabbee7c629ee06d2b846711fcde36073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
be6080ca85e2e3af5a7871e706e2c031

SHA1
dc5b45c515cb3dedc660ab738cde314270eb1843

SHA256
750ced3a422bb60ff495a51acbd16e43920f39cdd9d216f755089b90f71e6506

SHA512
b64363b13ea1c18632784fdfc630b0bb74943dcf498eb06494a83ef039b87b9c3c8e5ead02f287b1c75949b9e02146354a753ca218b94f78ceb1291a4dcc51ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
4f5b900f5aa2552c1117f9bc69f6f301

SHA1
6345c972c058bd8f1173551d7a5490250aca606b

SHA256
a2fd80fd37bc1bf64db28160294360455342af9131630e5a02ae9932810deefb

SHA512
553fb48b8af0699e37c8c5c774b37ac3e21f055731ae789657b2d75820e006c110fe1a99bfab6bd247d952d529b7b6b68081c73a386326c4698f0375e85dba4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
836B

MD5
31947dde5ea933721850868a2d696c83

SHA1
2200667aa28c3156194f618ba27fa3a0a1f2de3c

SHA256
56fa76a672e8663df81ac41df5c67f90e6854952430e8360652041e3f2db95ce

SHA512
f959b8598d40040d751b5a7fcc406ba46cb84a2150300e1a5946ce879e23db832b41b90bfe2f3c0671af8c8be4b153d5881e76cadf22bb43f786a27f923311e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
58f812220540cb4d7a487cff092db9b9

SHA1
ff7b9e19e05ffaa4e4314a12acf22f55745a97a0

SHA256
59b894eab0bb7f04afe27704eae3cea28237dee408b146ddf9ea08b311e15beb

SHA512
da2cfdc85f17e2072d868bfa2236373f48440b9f81bf6c7ccf02bf16340e2dda44047e5757c04462de52ae0b22b972775228b7d13192e24690c6a67d4d55f8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
28fc000ad8c11e5ca8639a6e349b807d

SHA1
277cbc7a189034dc48ce12cdf554fef9ed759c6e

SHA256
e704b4236aa169c5feb62ee16646fb7eeb04da7529f60ac5a12ffe943c2f937f

SHA512
e0d01c2689d3cdf995f7524156e6096700f9538f5556e52c3cd0d68f4426098616e47e3386db33b5fd4afeb654d1cf2def2fd68ed9dd931ede84c374a33884b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8741731c92531402bb0d53a1b718cf8a

SHA1
620ae6811c5907cb494e79db2fd81c15aa2341e6

SHA256
e188aed486801738c34cc8804b5a6c0a4b3176bb6a2407b68a8500e983533fea

SHA512
88df8cc765e4ded89a64756148f4b60d32ba0ac430789598550d0e3625e1917d520f87459f3b14fe6ffa224ea8ec377991790bef3b1dac19e22053ba67d96f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
421B

MD5
830fb774052064e9eb85cf68ca0de821

SHA1
67d3b683f729d5c45a2817ef37aded79ebce9ca4

SHA256
1347f5b8d3b49fcaf46f8b8de24b7807950d6376b9030945e7ebb221470ee43f

SHA512
3a7fdeba80cb1e7fa1de67d31ed9e46fbbb0ae6b4a145e6777402bb87aaa6baf9841ea185d5a5109429970e025a9bb5ce2623091d488899cf78978c805e09560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
281B

MD5
bc2d5c73fd20e4974ead7981298a33fa

SHA1
5bdca94cb80989f5b6b08ad3bbfd97cabb235e18

SHA256
fc78436e18588e1b89becb8a33ba410097351233df4f8cbba357beb5f295cec5

SHA512
ceaddf665eded9acbdbb47280edbebe3dc5c33e486da4a2f54497dd76fcfe76d5d7c369a6a2159aab8fc8828c2dd00d176baafeca15a17d4ec858d71a13c152b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13301563369853997
Filesize
2KB

MD5
fc8c29f297095a381108b1156334508d

SHA1
5163cc89721f2d3a96b236628e45bc58aa4341b5

SHA256
ac3dbb630b090cc8a93094787761a47b0b8d307a0d20e493e226e3072d772494

SHA512
e06173eabe8a4765c0712095f182b72b13a58eb56fe18e423b76ec845bb4d7d5587e5818ea8c942e74cf6bfe33fe91171e4a2713c406f0500629c951ccc0da8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
d6d3665711151bba623d55b9030fbe4c

SHA1
bfd9d5b0934562731d8a76bc5558e532548835bf

SHA256
7ce6ccccb720c1582828669fe97563117678a201822e1d5a2a8f37b20d4d1a81

SHA512
e927754f5e3a0205d5c78c9b56c9a30658dd7351dfa7086468b96098e4691598b82605d170465de841b22bb4f26a30cd187faad7b90c3a47721251f4f5149ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
018c17ae3bc76dc4fdc90bba9716f595

SHA1
87eb1f6dc2c029c4eda2911402e63e3397bfca16

SHA256
7cd77b2c09efc0b731e28ca1a87191207aa13a0b1512fe8c94abb2ae3b0c413d

SHA512
229326f05ef9c16fffd8c61a1ac34016170e36726af4300744304ad30dd924700f9cf2e0e35a150e6367bec105678938460cf0ed18b82240b4b875805f4dba76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
f7f187d530f28d21dc3eafb9031630d8

SHA1
60dde4496b5aade8252ee098c432c59396a2d22a

SHA256
065805c45983629d5be0fecda20b6ebcf94a08f3e48282b3888cdae81664d10c

SHA512
0de73e6fd4e362218c4784b4ef40bd6fbf98a58f042b0771aeccc47e4a6dfdfcd3c25255ff37e6e5fcae9035b47391dd647f9ac04a259514128d1ea9807557d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
bda6d5792da43cf8296158eff644773f

SHA1
c80ba75598bf0b557b2687964ba4e4ce8408e468

SHA256
d05d67f11b8e95ffe5b5a00a33815f96fe2b1d3f17e6210cbb04d30c01068527

SHA512
cafa687c7b66944786fe1116cf3a7acce78d62dcca444a8307712f47b9f30db278582d2acea199ea0c8091292dd70b090fb0a7a983f0c8111274e3696e1ccbfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
827979276cb7ba1963834979a5675bf2

SHA1
effe7a1e2aa5acf1b0dbf82ed54bf66ff25ec14e

SHA256
529fc752d36d93f68098edb88e61919600681e1dda58c25a31d27e1c51099753

SHA512
d3858c702fab10493a0d160c73eaf2084f114b2234c08afd4008c2b70210f2cb144cdf2d36abeee766dd21b5bd6fc9b077a47b91710cf44d583927f026d01da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
281B

MD5
44871b13332ee63682fe8c8b1bae1501

SHA1
369771181b933babfe43717e81beeebeb5639555

SHA256
82e947ef0bcbdf002a2f58e89402b5945bcee4f466857db135f07cdbdb50b562

SHA512
6a78ceb0a5e9f2257d55305209101624d44dbbe738326a759d3b11f8111e070965062b18c93bf0f1591aa25096278d7e83203362b550bbf1c1b8b7473be026ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
160B

MD5
2e19a9040ed4a0c3ed82996607736b8f

SHA1
5a78ac2b74f385a12b019c420a681fd13e7b6013

SHA256
2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce

SHA512
86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
299B

MD5
f80fe4a15e6d43c46cb0c1eba98f3abc

SHA1
06134d26c7f4fa7ccfb1f71d5f046456ec80d285

SHA256
3b75acbb1d3fe64f6b13cb4fab06a94fedb1247c5c44a5bd1d1a53967aa0fe58

SHA512
308892c66c53ae1d4c5db556664c835a9bedf97dcde17229235e7b123750b2fa773910f336fed6a6decc51ddae3e7fe8f0a14eb50b00e591eb56e39392e16ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
c9c5278bbf15f9d6a6e264af8f9540e5

SHA1
78aefd74681529c7ee4f10e29d95f0b5e4e1e871

SHA256
e5460c6db6df1417d6d1afed8b83648f5ccff785ea21b80dc0c1fe5acf12f2f0

SHA512
b571d08fcedb3c948c7888a9e8726aa37258c523bc1feb8546295f0466b2f338a26d656799808243a01fd18d7b75ada4aa863bcd8c69144ed7199df404a3f2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
Filesize
40B

MD5
bf67d81377514292e544064f4855dbf6

SHA1
1341767193b2201c8fdb39d55d7a013097017153

SHA256
2fdbd0be0263e795b865437aba9d2053d01b97026e46e2ea4ab2fe94a928b134

SHA512
e9b6626765006bbd1ffcd51f40f6be987bb9bab4feace949e5d54f9f870dc84123a4c58dd9c4cc8d8490365e1dd8fd874245c0c26024360d0e213d239fe036dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637926750776941557
Filesize
460B

MD5
3397a6b931ef8459d222b4c78d3c6d44

SHA1
bd5493a620271795734e854912b38028a386aea6

SHA256
acc641dbe6e66540d65c902564dac50942c3a5b202629738c94ec478914a541d

SHA512
2935be1c7d94aabb40f447109fdd7fe5c4e18fe66bcb05b3259edc784ab57e33eaa260f156d915496381f367176476451194253e91d7020a8c57e3fb83e1c933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
Filesize
29B

MD5
ce545b52b20b2f56ffb26d2ca2ed4491

SHA1
ebe904c20bb43891db4560f458e66663826aa885

SHA256
e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899

SHA512
1ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684
Filesize
450KB

MD5
a7aab197b91381bcdec092e1910a3d62

SHA1
35794f2d2df163223391a2b21e1610f14f46a78f

SHA256
6337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b

SHA512
cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774

Download Submit
\??\pipe\LOCAL\crashpad_3620_JJNEFBAOYTLJJDUY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4268_LCTOTVXUIUQCQTEA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/380-253-0x0000000000000000-mapping.dmp

Download
memory/696-197-0x0000000000000000-mapping.dmp

Download
memory/756-257-0x0000000000000000-mapping.dmp

Download
memory/832-130-0x00000227EE670000-0x00000227EEFE4000-memory.dmp

Filesize
9.5MB

Download
memory/832-131-0x00007FF86A310000-0x00007FF86ADD1000-memory.dmp

Filesize
10.8MB

Download
memory/832-141-0x00007FF86A310000-0x00007FF86ADD1000-memory.dmp

Filesize
10.8MB

Download
memory/1004-227-0x0000000000000000-mapping.dmp

Download
memory/1500-162-0x0000000000000000-mapping.dmp

Download
memory/1556-160-0x0000000000000000-mapping.dmp

Download
memory/1652-259-0x0000000000000000-mapping.dmp

Download
memory/1896-265-0x0000000000000000-mapping.dmp

Download
memory/2092-226-0x0000000000000000-mapping.dmp

Download
memory/2144-250-0x0000000000000000-mapping.dmp

Download
memory/2216-155-0x0000000000000000-mapping.dmp

Download
memory/2260-224-0x0000000000000000-mapping.dmp

Download
memory/2344-261-0x0000000000000000-mapping.dmp

Download
memory/2376-157-0x0000000000000000-mapping.dmp

Download
memory/2740-143-0x0000000000000000-mapping.dmp

Download
memory/3120-136-0x0000000000000000-mapping.dmp

Download
memory/3160-255-0x0000000000000000-mapping.dmp

Download
memory/3256-238-0x0000000000000000-mapping.dmp

Download
memory/3320-235-0x0000000000000000-mapping.dmp

Download
memory/3376-147-0x0000000000000000-mapping.dmp

Download
memory/3456-137-0x0000000000000000-mapping.dmp

Download
memory/3480-229-0x0000000000000000-mapping.dmp

Download
memory/3572-232-0x0000000000000000-mapping.dmp

Download
memory/3620-133-0x0000000000000000-mapping.dmp

Download
memory/3680-240-0x0000000000000000-mapping.dmp

Download
memory/3744-248-0x0000000000000000-mapping.dmp

Download
memory/3848-134-0x0000000000000000-mapping.dmp

Download
memory/3984-209-0x0000000000000000-mapping.dmp

Download
memory/4156-244-0x0000000000000000-mapping.dmp

Download
memory/4224-145-0x0000000000000000-mapping.dmp

Download
memory/4268-161-0x0000000000000000-mapping.dmp

Download
memory/4272-246-0x0000000000000000-mapping.dmp

Download
memory/4288-263-0x0000000000000000-mapping.dmp

Download
memory/4324-159-0x0000000000000000-mapping.dmp

Download
memory/4332-236-0x0000000000000000-mapping.dmp

Download
memory/4420-242-0x0000000000000000-mapping.dmp

Download
memory/4500-132-0x0000000000000000-mapping.dmp

Download
memory/4512-222-0x0000000000000000-mapping.dmp

Download
memory/4552-153-0x0000000000000000-mapping.dmp

Download
memory/4604-176-0x0000000000000000-mapping.dmp

Download
memory/4608-149-0x0000000000000000-mapping.dmp

Download
memory/4660-184-0x0000000000000000-mapping.dmp

Download
memory/4748-249-0x0000000000000000-mapping.dmp

Download
memory/4788-231-0x0000000000000000-mapping.dmp

Download
memory/4812-252-0x0000000000000000-mapping.dmp

Download
memory/4824-151-0x0000000000000000-mapping.dmp

Download
memory/4920-158-0x0000000000000000-mapping.dmp

Download
memory/4932-287-0x0000000000000000-mapping.dmp

Download
memory/5012-139-0x0000000000000000-mapping.dmp

Download
memory/5036-233-0x0000000000000000-mapping.dmp

Download
memory/5340-267-0x0000000000000000-mapping.dmp

Download
memory/5548-286-0x0000000000000000-mapping.dmp

Download
memory/5600-268-0x000001C19FA60000-0x000001C19FA6A000-memory.dmp

Filesize
40KB

Download
memory/5600-271-0x00007FF86A310000-0x00007FF86ADD1000-memory.dmp

Filesize
10.8MB

Download
memory/5608-283-0x0000000000000000-mapping.dmp

Download
memory/5644-270-0x0000000000000000-mapping.dmp

Download
memory/5696-284-0x0000000000000000-mapping.dmp

Download
memory/5712-272-0x0000000000000000-mapping.dmp

Download
memory/5792-274-0x0000000000000000-mapping.dmp

Download
memory/5808-276-0x0000000000000000-mapping.dmp

Download
memory/6004-277-0x0000000000000000-mapping.dmp

Download
memory/6024-289-0x0000000000000000-mapping.dmp

Download
memory/6032-278-0x0000000000000000-mapping.dmp

Download
memory/6092-280-0x0000000000000000-mapping.dmp

Download
memory/6116-282-0x0000000000000000-mapping.dmp

Download
memory/6136-291-0x0000000000000000-mapping.dmp

Download