61931b24357112d81d8bd081129c5f560a2c32d62335b53f5c73406ea8f6089f

Analysis

max time kernel
198s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GeometryDash.exe
Size

8.5MB
MD5

04f507bf81891694cd78fd68029da04c
SHA1

85f3020aa3d6721c1ad266b631d26f023cfc3b79
SHA256

61931b24357112d81d8bd081129c5f560a2c32d62335b53f5c73406ea8f6089f
SHA512

926a9ca48480fb2b19735dd4a1d9b9faeadd7a2ead09e92791aeeb34a591da29f8a6cfd270043f20a8d05c1b3148bb9114c2921abb39fb48ada0aa34187a6160
SSDEEP

98304:tjB4nsWzGChWJi5AgIPEP/+VaApjBWVxfS+VxfSLoBvLue:tjB4ZEi0PEPIamjBWLfLtl

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{3A5A845C-AF36-454D-8FF8-9EDD9B1AA4A6}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 270338.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
3984	msedge.exe
3984	msedge.exe
5516	identity_helper.exe
5516	identity_helper.exe
5196	msedge.exe
5196	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe
3984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 5040	3984	msedge.exe	101
PID 3984 wrote to memory of 5040	3984	msedge.exe	101
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 2540	3984	msedge.exe	104
PID 3984 wrote to memory of 4504	3984	msedge.exe	105
PID 3984 wrote to memory of 4504	3984	msedge.exe	105
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106
PID 3984 wrote to memory of 4904	3984	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe
"C:\Users\Admin\AppData\Local\Temp\GeometryDash.exe"
1⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd884c46f8,0x7ffd884c4708,0x7ffd884c4718
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7416 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,16178522093366157455,6498988162992474785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
64KB

MD5
3a61c4a921a5ca2d7b5f9cb7a3f14b86

SHA1
baa77a16eb147b94d7650abc46428f184b84bf87

SHA256
db67213db9a2565c4dc926aa6c9a8a7c613d65f81c0e4ae4eee328205aff5ccd

SHA512
ce4f8c1190af97e7cb76e931551df68595763b351b1524ed67a36272db8436ebf77af972fece9e311c80fbbf3578b2ec2e9121ad3ec1cf21cf1c313b1c7b17ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
910KB

MD5
e74fbbf578d1b34e4e8a34bfb1be3e5c

SHA1
819967b818e8f28a4680f4571b94185500a1bc1d

SHA256
2dd5499fa75d18104f2795ab9d35359164d7d33a5e36d7bf3230fc84de89d897

SHA512
e329f114aada14da75afc70d92de04e4f07090f5f5e120b7b9dc5c16f03dfaf38d092302e9a3940b8aa355a564aa6988c145a26c2fa9e66829ef5ac11058f9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
21KB

MD5
1f26735e2461ea779e87a144d64ace26

SHA1
bd71ea74b63f939ce87248fa29ca0ae867c9a0ac

SHA256
c2cde15914e3d4c64bb5999380f91407b82e6872de689ef6294e39e4b6fe7e89

SHA512
ef4c9efe61372ab3f09526c317fa1bb26356c4a3dd3ac9e8383912a2f76df98224946d04548fa3496a135462e3155259c4202bfa954f6d0ed1c067af33759579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
51KB

MD5
120676807dff6c454db3eb74fc73a450

SHA1
cff9fbeb09b7334a5943062d989e3b3855186117

SHA256
970ce38fd6f79ae9777b70f1ce33505477e4f3d0dac33b612b379f4e41e79f80

SHA512
9daf5f8645074e0aeeefcc2694e06c982a5264138ff3353d6a9b3ba5ad47399ce7f4b65ae1fa2cd72ff689aeec63a05e335080c49f6e589bfbe017d2cd79cd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
21KB

MD5
6615235258c72d9ceeb9694b7fae4cb8

SHA1
6f0b59e67b19bb5f9dd01ffc593c19eddad9b5af

SHA256
e973cd1bcc9eb73332147e2434bc46118a601d49b99fbcd333e0fae7db5c2a21

SHA512
23d0031b0980f5b183285f39036c75ff7d2fbca7238994176b37b5930a42a625003464daa399a857b9384344230b5aa131cad83fd2f77dd91e25f46332b22601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
16KB

MD5
66e26bb792756e2dd4d9ab1b3f41f006

SHA1
cdea248f7fcd7082cd2a3ff3932eb1ca10a17785

SHA256
aa44d79be5af5962ce76232f7a219bddd6311d7756ac2f774c0585f3758775dc

SHA512
d2ed0a8483e7f0607aaadc224aafbb5b17a0ed047f96b8a139ad9d0c76f50f879281b4b5b5e19408eacc57cd52f3e49f875b17c340eef3e7c1d41cf0421cce08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
28KB

MD5
d422a4576461466148fcbe428d62bd14

SHA1
227cdc40014d1b87494da2988313d927c3d3e6d1

SHA256
14d03e49871dd769ab4cb7551ddb78f8a219459bab3fd708ea4a5ebdfccf9d2b

SHA512
cd6d33e9aacb2216965448b64649ff879ef9d2c824d7e0d8c283ff9dbcb3fb8bb1cae37e9eeb100265ff2ca32aab652a675efe39b90062c20bcec77a587bc217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
121KB

MD5
e021129dbdee715b8fce5eeeb6d1f024

SHA1
9eb1b84e67dda243e2b2318917ec219eb6247383

SHA256
0845d801cf7be0c14e06a31769a4aa590566131515087993a6b8a48ce1aadcb2

SHA512
49a1f01ec8f4d41638315ebd1a3e1cd8ab26d695e47512098842ef9bd456b6e58856adbf1576245b38cc8e4081740fae6173dbee3f53836a337b3e57cd7618a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
72KB

MD5
36cc3a8c04a1e1bca211904018052925

SHA1
32203dc477c1b7bb0717a68ef6fdacc0463853b8

SHA256
058f53e3b9441fd23a5592ea66c25374a9e16cddb4fea551d8775fe3afba15b9

SHA512
ab8f699b27ff05df4b43709a97b70d2f8aaf86dcb15dc91832567c59124d1639c01523c6c51afb2fb17d4b46e9e2eeb26b315b731e20a5a5d1c1cfaf76e46db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
97KB

MD5
501c12d711b4a2782b4405cb18d150be

SHA1
a8a8297e83f92611a659475f3f3c5c8563c27630

SHA256
58f697b896dff041a0269124907bf106157c89950a12056b8284522e0c677a8b

SHA512
97a9e361dbe53d01cf9e8095cdadab3c4c94680572ba567f6c057cb42fef2c4a57e363cd9e2094b527447307f85d30207c8be0ca9a9f471e023317e3ab61be9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
17KB

MD5
19c73397068ded824edd2c5b13d0a9da

SHA1
7f0f149b66309aaba41974d524ca69390a34e4f2

SHA256
8c93e33fb098c30a82d774c6a9db9aa92ea0e34586e907ed7d9d2935582c6100

SHA512
8795cd26570fe65181d49676dd9cc9a8012bc22c3e505ac8ed8c1bea68ac7db7f77d6bade360a403a8d79cc4126ac18c2c10e3b83a163e3b42f2e3f60c32426e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
136KB

MD5
155e8e8cc98f47ae2994fe73f55bdf9a

SHA1
7fafa51397484a722c82562e4b0bf8375e75df88

SHA256
c54f1149db53f5c99241e8e928cf45283984960c38176c8cd461b38fbb33a600

SHA512
faa34e63a9c055cdec7482c0ca0293e8833b3ea1c13c7b8cdfbdf0a0cad179b764c7b8ad9fb992f7408c6200167bd429a11ef8c08ffe2046ba4f68fd8ed66c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
76KB

MD5
70d1cea484a9d319724fd6d4bf6da7cd

SHA1
d295f7db55fcc7b8e821ecb254eeca674ad87048

SHA256
15f69bb214e5fad09dcfbe65a12b6db846d5b12b63106db8971f98d7e453ce31

SHA512
4d127ecb79424149f5f1163d774ed0db0e82d0ead720ef5be57ba66a73e4aad21cc4eda30580eae7948411e44942f6037652c88ee42e3fa06813f3f75310e691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
70KB

MD5
9ccf9a0b8c04dde607428fa9a7c4037d

SHA1
0ebc2a71eb5a566ad66dddd687ee7954884c5cb1

SHA256
fc1a1e65cfcdf265c735cfc1abb63505a2eed0ee18e0ecbb3c1859e65a456ebc

SHA512
019a1b5b902efb7a6f70f1fc4638956b833a5e98b0cb34d735209d9ce9489bf4d7e731de70c8d760bf5c7218c102161b1ac4c016a14654736130ed8d90e64166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
69KB

MD5
c5c4cec0485da9eb00de8c3ea54b27a3

SHA1
5c179a61738fbde61555fa35b687480a304ecc6d

SHA256
d45d75c739f971f183cd196379aeb2e55fe0ec0cb7a5a7703dba42d92df2f1bb

SHA512
ff67645c36b46229495a8cc512ec72f79478f6f342d47c9189995502411bde091328fb0816f7623d1e7d4f784492d7cc3a5eed70abbd416e70f00a906b78daac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
17KB

MD5
ecafbab146a6a25068e0a211655cd954

SHA1
fc9b07817dbe758cfee964bfeae0bb016db7e2ca

SHA256
727b022381ef85d0fdc9732daa9f0d5ab87b6faf122bb00b7f7f2fa26074fa6d

SHA512
76a960f4e24a2e52350754856cdf16318422e079787706f80411978f25ee1700ebeac2a30089b651f7ee3ae049543026d345fe5dd65333b180d2e54a8d62f070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
71KB

MD5
f314220db67fd4f62d5ff22199441737

SHA1
dacb3f1241bc014e6c710cb15c70de49dea39e23

SHA256
960295e79bf588fc10263dd783ace931a582504de67c9799ac70327736b9cc5d

SHA512
9c569ecb4cdbed8e7469770f028d02e194ffc07f4a92e8486d02c33baa5cd4d5e39506a71d32a47909687dd636d8847ab8da24543ff390256c9aff4bcf761809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
47KB

MD5
b6dd74b19f440fe04718b71fad475f19

SHA1
89d748dff0086f37579d501b658764e13f68839a

SHA256
9f95640ff9451e9d06ab677e573c1ce22ce2df91a08efab399c26ef30433ed82

SHA512
baf6cdbaca8b6534743e464d33241b870d6ffd891a3a9507dec76f393087ccdb1d16077610232a243338ea0d191fd685fb339522eacbe5e9e0051ec868e1fe45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
27KB

MD5
b17d8e456d36586fbe2b6123d15e8f60

SHA1
1c6274260ae8b7745d20729057c2d74ecb4e2dea

SHA256
12a2697430421343a9c0abc73224670bc4de0b85beb4f43e2b89bcee94c43b7d

SHA512
39ef193106db901af5502ed329af92ba3bef82ec3c65a97f4c1f66faf33e9bd5d87ef848eb27ec92ccf0bde024e32c3a31da1e1b354d07761866055bb0bb9e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
51KB

MD5
b7f71400bf436f328ecadc4636953c91

SHA1
60233ed36f75988edd1857e65afecc262e057601

SHA256
ae4dc7da1fab4a87e8e2b22d5ee6bc8d6a0479778635fc78d7ad146100a4e5ef

SHA512
f384ad01d0a23f9e880d5664fdea6c5b228bf395d9ea8bbd22d47824b65e7d2946accfed162f099849c8293e9482b3bc76c4d3e1a2fb99aa959cfbbe03c06f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
31KB

MD5
a1beff89082c8a75c37e3f94b6e951ba

SHA1
b6e2609b87a243e1e837f5999e114f016787f27d

SHA256
4fa2d8ea0637eae513a7db4a0e4100ff1da77f4f9b2d7ca81a13490e83bf9b4c

SHA512
f87f55590bb77a4a5527c513beb282a2b5be630b9386452c8734a0765639a5d76181685b6a3a3ddc6e0c57ff6a56e2a2d143d95528e5a6486b0560c2838d276b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
62KB

MD5
fda1a2dc539b00420416a634801a0351

SHA1
29fdc5f3bd353bf545f3327a4c506b90ab3d92ad

SHA256
3d2cf58a0e5e669a4b26e56d53d5b4d658e96aa82aeeb96b6df54838e5c0c93f

SHA512
9d88f4c548bea40f9335b4655f3abac4bc62a7d8609a44fbdc59abb1a3e7d781285b50316fe62e7e4beb6a33dd08ea8ec8b8fd546cbf9bfafeda52cc5aa79c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d726c8b0c244a76_0

Filesize
224B

MD5
f34c486d238e3d2e007e76905731c117

SHA1
9c85c1e5226bbc694b2ad68feaf3650f42f7971c

SHA256
f56265fd554fdeaa7a6235c666bc3beac7f225b11e60348795ced751cc93e515

SHA512
3747db0638ea6c07fc44dabffe42cb4605c53b58039401c3dd29bb8be9ea92dce39bc690a32c536facadca4b7a114c3dbb664c88fa75dd3f3b554773666024c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6fb9422223d00b961a92d0c78c3b5fb6

SHA1
9fd6cc791f0e6df56d1a46d36bb6068652024224

SHA256
f527cca8f0a924d82306a1a5edfd3e46bd23cc7f3e645c941842d8a5e58f8268

SHA512
55a0ec8f2949db37c3607878ab70198220477b754ba67197efc0c599968f8b4792b1e6280293105c0300a1a029d2a9cf14a482c6cdc0bd765ecb111f6a0a842d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
c3bb5bfe74d8fdde0e734375b1b6f9b5

SHA1
6472f24e0de2ff81626fe7afd8a1b2024cad8ca9

SHA256
37adb2da6cf0e1fc619c595adba85e89545adadb9d2875f4a7806e7fdb693bdb

SHA512
a6290369ae4ad15f2c1bb756ad0a74d750c421a13b8da410ce5b664d17f037347dec611ab3d942b2a0bc050154e19f9e1b7d11cc0c8d1bbb1f0758f9f5e3ac38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
db27dd4b3b7bc27ba8e3f22c53018f3e

SHA1
8c3083b2cd7f05ffebacb008bea8a359283a607f

SHA256
bf7a376721d7bb216d14e7613ae1b28cd9620ff0684e81427d2aa5a7957b9bbf

SHA512
182fdaebfb6b0f30219ed30e85fc655aa38f83f1341a5eae4ebc9f91accf5091c26773668c70b581a0a64678e5ea11d7e69abbac2dba15e4ba721255bd890687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
698c1e43cf1c1f904617576f3c3de158

SHA1
46b4c2ff459d91b92d057954ea78e4ab00529ef7

SHA256
0e13a42bbc4e8ab1199cdb04a47ee97b79dd03610a8f3f800b515a4b3dc38216

SHA512
d17f17c14f633d3ae50b87e0e6475746627902c8baf8e1c2ad3462dfb8df497e97d0f042f93f7b6affe04d0deb03aa9e77b794729e89aeb8e70b7055880a2af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
893eb796f83840d477e3225b9634739a

SHA1
702fe94f662e317f0b1be66c6c33e5d8b258440c

SHA256
e3faed68ec2e3907717757a63a169c7dfc9d4d5cfe55aa66e92396a3ded73cb9

SHA512
b02c40e30842ba347e659192aa84bdbd8980c152c652217d20fd987338f8cb405ab91a4eb51d51f1f08b225cd6313facf3d3e28209a168d67425ff4701ef697e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d75d019cd086184f9f2c7a92b604ab99

SHA1
82ce568fa8c9c7f4c7f30472402f67a2f64c707b

SHA256
dae4a2c5111da7b0562ab44e4ff6925c5cba0a248be2fa811df997ce6ea93207

SHA512
13f4a592959b350fd019c6a1fe5cb45662b56dfc8ff59457899160da43063e529c2d14cc3e6bc8e7285c94fdb194b4c0a989971b6639ac30e5b6fae93af06168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
928a75fa110207c1153d9d59aac826fe

SHA1
bb6195843136861a034ffe2cbb0640e4676962b8

SHA256
2fbb85897ae767762fa9a7308ce45ac837d9ed25cc7f690c21538858cd08d8c3

SHA512
ed6b6458995f4dd7caed94146179dc4f69f7510c5e0409aba7da6919f57fba16dab1fabbecf2c44deb32c754a082c785cb9a4f3448cf9a281b48f788573f5f23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81602c630013b3a76139d48a0930f6e8

SHA1
62e12226da8940a570f3f680896c638059a3298e

SHA256
4278ecab69cadab372fb3a8ec6424a547e0ab8dc815598b82e940b89501ef1b7

SHA512
422b753aa9e3cc0e377fb0e121fe57e95ebf96141f17ed3f6eccc89eb0ce8db3070e4192b97b9fc3993883249c4bea3e8b7a968608175c02a6ed692baf558453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
114dcee260b03357c0f55d2f3affa57f

SHA1
2dadfbf655293029909aff9497aec0504ae77d10

SHA256
0ff08a7cdbb918a5f434978b09443fe2e7f92ebedf2902d3eae73702099a5142

SHA512
fe2db4f364fa59b224a6f54d88dc343fafe572d93443aa99e6bc7162a59da6243a7e748bd863b6aae86c720bdf736ee76d7a2492fd342d4d6cda648a0c8b7d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
b9db52030d7bde2a980ac46d0fdef672

SHA1
77b549ebea03c7ed6d2f9ba3577389f04ce73c58

SHA256
82ddf0a898cbe5255ef1db06ec3184cabcfe1b1e9059159062345aa473a76278

SHA512
f3355da62f64fb9f76fdbb13f899e990d8f73294b77835172ec62b8a52b2847de26bbd6d1a69e3ff5fde614fa07162211d6fd82698b34a764e341e6a8095f7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
529a8df8b1cac8a50808b0f7214f5671

SHA1
74b03127222f33bac5b873b997691c4c452c9301

SHA256
6350cd1cac70b0222698d56aed5549f76dfaaa8aa3523257e7be39d065b2737d

SHA512
d456367674d392be59ecb1556084749744f7b6792bf5ec1332518970fb7f574e1a83c247712b02a407cbef1f00ccecc2c05b0fc6c23c3eeb0c4f9b4ca0e53401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
23a9d22c9e849b74ad78c4dd20969985

SHA1
1699ab83ded4c1b17427349c7dde64c4df6d0d0d

SHA256
d63796dd5a2d77210ecce110fc36ce8c1fafdfd037683868af02c7ef3b6db387

SHA512
04e472b9797147281349825187a72326e4c375340e5d2dd6d62f45581eda4cf817a4488fd4facf7f2553dbbb7ede2a999b2884d6316d10bd506ceef1be137ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
dccbb2d124ac860930998cc2caca0a7e

SHA1
d89ec8ff01c48e9d7d624c27e654d556955e1c28

SHA256
c4ee2e3133b1b156ab2ace6475ea5ef0ff736e88faa96420b4ebb2b7403ee96a

SHA512
c27a41151bdd22c044c23cdac029cb7cc3c0b03c0518238297b73c38868bd909e00e4b9b772befb18310c8e989e14d0ba1f55849522d84aae98a37c134a3b52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
b88b8e9cba1ba44242305fbf1f1e05ca

SHA1
5fbef09b35b564155beee3cee28b98f9a5e7476f

SHA256
23285eaab5fa2ef32d4b6f8bc1c8e35915839a6a51e8f16c23a056a6281ef894

SHA512
fba6ee75355c9bc0b2702290764d500ff1135af178b586daf4233b7fe23ecedfd37275858f2910a70672c4d4ded16b34bd575584baed0577c79b9222683cd0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
34f9d2c9c4881386c0c626f87265546c

SHA1
86a7de772e5c27c696ad50c536ba9e75f351fe40

SHA256
b4cc5e3c115875eb37f3c8418b0a8885afafdaee813ccb31763f615cb7d20f77

SHA512
9995a99495fe939706d5fac333f7c6a77b59a81245eae5bf3639c9addc2e3e309e403100be59deeea00fc6da4279057d94f7842bda6ac5d07de8b026767fad96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6a2b2607f8723fbfe5660708c22c241

SHA1
e36001a09fd377c2106130e7dcc62f48a6bb03a6

SHA256
a21d20fa1531ba1311001660bded44921d1d2b9f78a7d28667de6509305e4d5e

SHA512
4884cd8117160b11b471c5c5b3a29078e18c016e0c310e1cb6c3195bab2185e22d86ffdbcf7b880166d69e058c6a16610fe34f2780bc727289e1f83d1541001e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
34a28353c6ff38550090d65d5ead860c

SHA1
bb2796cf9a1030084657a31dbf5ec08a63d2aff8

SHA256
e24bd6be22c24dd5d956ed6c078b5e323db6370cdb38acd717e61e1cbe317dc5

SHA512
a4d8e8f95b386a769689e628f85c707fca1e0296f7beb675672ebfc7919c5a41bb1568f29120142e4b7d0abcc23ee63d734b438274c1f33f0ec595d0a0b65416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
caf6e5e27aedb08e395fdae5a22a7b1d

SHA1
90da1fa6dc6cb16588447cd72e4e6b4b9981a6d1

SHA256
8adf967e4f407642adb822be6d60a2f6aadcf0817849384b74b196849e0a649c

SHA512
032997d897b33981c8af7c3588f7a389a3e4101a4b3f31f0eca92ff894b05dfe91ed0293213ad32c1001413e0e42c5d0536eb42b791df2a5187f104ca98449d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
71dbb83ae871c0297b04b2b1f1f95f13

SHA1
820453a14570eff3a4c991abe3e5c5f070d86df3

SHA256
c9d72e794e8346b0c547379bf18b46fe3c1bc9ad20925b2aff20088726cf95a0

SHA512
18701e748a28a1ab98cc5df7a328a2174792811793023547c2c88253b667ff70c4b88d1fa52952c6d51c437d3a649b85f5a5954eab6743672e96b0a92c4a4461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bb72802d9986939b5ed750c29143d24b

SHA1
d15afe7ef7c4a68a5c29283fef22339d01bff70e

SHA256
8e1c85d2eeadd7d5a301e3e1bd4d8828a6adeb809c23221ea0b8a4d9915cfc1f

SHA512
c4d307f453d06c60f44b75f41adc0e235757ed7fb88747db21e2dc64ddf71bc067495234b6bfb28e3d1c861c40af51dc960b0cadf0b4f4595555f7b70b2e55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d398d57008f1d73e4bffdee0fdfd0936

SHA1
c29167f29e05f7174c7ca4bcb731a0085f136f55

SHA256
f443b65e42bcbf7820bf5d82cf9c8e8991fa173d31112058c32e4be8779a1ca7

SHA512
17866639c6ed7a803042365a4d2d3b97ca94ef7596f4e2f8171ee5644996f4e55bb38109bd19422a7a7c53e3da00b7c6191c63e85530a2fdb6e609158573af6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c9c926b65ce0d43757fd2d49e1e65aaf

SHA1
2bcdf070695ff5195e99c5ee3d47f6d7a2ced6d4

SHA256
568756a95c0b9d48ba34354d3a9c30574cbb97e6c14490b65547a3385eee80a6

SHA512
2dec44b85f1f73a4fc715a02990be7f5d1874f3f408ccdf9d99f3fb78928828d2b2a496714df496dae9a926658f814400a2fb55fbdcf07f7c49acbf9d32add5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588056.TMP

Filesize
536B

MD5
3645bff0581d53d0663b35099edd0b6b

SHA1
b8820c67c4277c7853177c2119ac31b8e7e5c5c1

SHA256
c46c06adaf9fbbd8272bbb2b2936c705fbb7ad56456687089aad1a47fa9fb97a

SHA512
0200b9039c797c73a1ce42e9c975096e70938ace71537957c19118a630806926313f815d9670308e046a89f7c7cca23ba9ad0be6b1c551107bb9b5732f175638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
27045df58231981547254d2a14c29270

SHA1
f7697cbcdf3e45ea8554eae1b789e982b4e87159

SHA256
d399086971e7067c9d23ba412a1c19141261cf340efad96b6ec4c29aed5ae16d

SHA512
2efc9377c5bd4805ff686a19ef26a564457752977e7d5790617b893eb4f76befd9bcd181f01aaaff1666257a158dd554f926cc23f0ef24054dc82e6c8bb860c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a511554e556acf7b32058768a065f1a0

SHA1
7497131b034e5ac18fd9c60f4673a0eb3465e523

SHA256
fe1c32ef88caf51ba496a81a020858e4964b86d4f56bc3e25618fe3acc362b2f

SHA512
f45e629b8020dc2ffc91d6a42e6edd7fb9064282b91470b621d2e5c01c5b0b919e122263175416530933c56c067e45e2ebfe2ebb5711c58d550d3a20951b9cf8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8f92d5c20be01c440e58e40a400cbdc4

SHA1
2861d3c7c9ca836c1056bda95daaca52f167b58a

SHA256
43be4bf243dc540b2a779d5f3b556511bd24273285b9745dce9bd47436d3093f

SHA512
854f7ecaf30239d497e585591b29729e58ea21df613b76d8e4c0633a6f7f2a54f822deb42d7c48d5efe24b7a6c3d7027e0bc2c96f515ab7791b399bdf641e904

Download Submit