eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

Analysis

max time kernel
433s
max time network
443s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NICHT ÖFFNEN ODER ENTPACKEN.zip
Size

43.8MB
MD5

da596c5fa1bfe53dc6ef777e810c2e7d
SHA1

dc756fddd264eaadcc0c8e8576d11259bbe1c150
SHA256

eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744
SHA512

bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3
SSDEEP

196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
103	www.iplocation.net
101	www.iplocation.net
102	www.iplocation.net

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-579863200-1180944266-3450597144-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-579863200-1180944266-3450597144-1000\{66F6ABBE-9ADA-48DF-B54B-FDD61788F14C}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\zbxl (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
3248	msedge.exe
3248	msedge.exe
2636	identity_helper.exe
2636	identity_helper.exe
1192	msedge.exe
1192	msedge.exe
2068	msedge.exe
2068	msedge.exe
5660	msedge.exe
5660	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1020	firefox.exe
Token: SeDebugPrivilege	1020	firefox.exe
Token: 33	2512	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2512	AUDIODG.EXE
Token: SeRestorePrivilege	3252	7zG.exe
Token: 35	3252	7zG.exe
Token: SeSecurityPrivilege	3252	7zG.exe
Token: SeSecurityPrivilege	3252	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1020	firefox.exe
1020	firefox.exe
1020	firefox.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe
4688	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1020	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 3000 wrote to memory of 1020	3000	firefox.exe	82
PID 1020 wrote to memory of 4760	1020	firefox.exe	83
PID 1020 wrote to memory of 4760	1020	firefox.exe	83
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 3180	1020	firefox.exe	84
PID 1020 wrote to memory of 4820	1020	firefox.exe	85
PID 1020 wrote to memory of 4820	1020	firefox.exe	85
PID 1020 wrote to memory of 4820	1020	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\NICHT ÖFFNEN ODER ENTPACKEN.zip"
1⤵
PID:2716

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.0.39731593\278662272" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ca12d20-06c3-4c6a-aa2a-1ed42838af3e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 1872 2157dfd1058 gpu
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.1.1580708938\193176870" -parentBuildID 20221007134813 -prefsHandle 2220 -prefMapHandle 2208 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {80c1602d-43f6-46a4-beac-0f673431b4c1} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 2248 2157db32658 socket
    3⤵
    - Checks processor information in registry
    PID:3180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.2.1233695978\191924911" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9d6b11e-9aed-4cf5-a572-18f7e34b4a6a} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3068 21503405b58 tab
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.3.1553746654\774753900" -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3424 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfc8cd17-ab1b-4034-93be-bb51e340c6f0} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 3388 21503827d58 tab
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.4.1887567360\1195129033" -childID 3 -isForBrowser -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17d1a08a-11bd-4d6b-9a8f-83cf57f31c4e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 4724 215055a6958 tab
    3⤵
    PID:932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.7.1113998383\2131639300" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6924851-134d-420d-90ef-42bb1111446b} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5424 215067a8258 tab
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.6.363746070\2069884192" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26d90213-b285-4bf7-9e2d-665819181e1e} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5232 215059a8d58 tab
    3⤵
    PID:2884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.5.1389061004\696654055" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 4892 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c25e123-b594-445d-8b19-a88ebc3a5c14} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 4712 215055a4e58 tab
    3⤵
    PID:240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1020.8.1102931419\191496967" -childID 7 -isForBrowser -prefsHandle 5432 -prefMapHandle 5468 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1348 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b02da4db-f3e8-4d90-8299-0d0aaebd807a} 1020 "\\.\pipe\gecko-crash-server-pipe.1020" 5244 2150744e958 tab
    3⤵
    PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5053cb8,0x7ff9a5053cc8,0x7ff9a5053cd8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9108 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10148 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,4663296444568363705,3077485619293221935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8428 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3320

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap8890:78:7zEvent23413
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bfba10fa6c480f99af59a64b6074ca5

SHA1
4c3640f96d8c6748fcd93c318168c0fdd2a9e490

SHA256
887d03cf55cc9222818b2e91d7486ccac2483ff1808617c3fdbb21f6faaa5f67

SHA512
b1cbae5e99edf05b1ba3bee9650e00747ef4e40c44fcb9a0c2c241c0130cc7697f8a62482cd231845bc130b94b398a87192915d32fb85afc0bf2a2c4572dd553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3fb14b7f-3281-46c6-b8f6-e54f3a364e9a.tmp

Filesize
13KB

MD5
5ccefbee71c1c4c97f4b4ebd5550e57a

SHA1
31c4dcf2196bea0ac0026c94c526ec76a48fc64a

SHA256
542738f09b9f1d5e2790a116dec3b37c97b4ba250172c99966bd0703279e8105

SHA512
7426f1c889279b660c7ed55ab3b76056836cf717cc59cb37f4eca45b85d82e8fbe0e9d82a531ee76fae29977d621430875f6d2c7174ba3b13382255daef1fbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0a7ae1160a540943e254b4de70fd6c94

SHA1
03004a6ed12ce1021523dc71fc418ec588b8803f

SHA256
23b83cf36183c4963c915126c585b6a45d11c7d2525365325a76ba0dedd43bce

SHA512
d924d2ec633031895a584cd342e1be175a7fbdb70e054a1bcff2c8ecbad161187fb02cfd6ebf986d574765290b997e1e547c2a71dbe0f7231680a0488b75acae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7869721057ec0ab0ae5ba4dd1ab168e1

SHA1
37bb98a22736fcbebe99329223956ee28083f614

SHA256
3cc1001d75c4944c3bd8cce87da08b938e6772f4a762f2afd4c5e4bcef2f76c1

SHA512
6d5ff9f13d84880ef924f9a41638e570e18e7601ea395fad8ce939caaefaba1744b002333e57996e36e26dad87a2fa20981c40291e571d8af3d5a7abbc57de75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
61ff6d3398325ab515f1f0b806a1d13e

SHA1
b52470d2f37769a57c2614cd26fd218fdc372ade

SHA256
0e4d9e06b2ef0ef1553af998f8b5ed874df3dd29f4093436380891fb2ee4035d

SHA512
86f4fc82c9fd360f1e92c80588db79d280b4b3072c0bdf0cffcf04e3b8765feee8d8936c0106a73f2af8487ba383d2324342d768c3d369a1b683a18ff7994bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8508bbbe9a36110250843b794675c693

SHA1
5737c574f304736dbc7405e5936ca14674959f7d

SHA256
65251d0b0ece85b5b3e5a6107772b8fdf63f305bc920fc2fdefa322fbcd1e34f

SHA512
c191e936b2395c82cb65267d9e9f51cbb0c75004a18bc071bdc7ac5b82f24fd5ae795f1870dac65da4d4d6e1c0186007350fc35eeb2ff9f831daea8ced83f628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
3601620b8f29e58bb820de25c91a4622

SHA1
3cbf37d13c97a5c667441d3add2b517b7ea8eac9

SHA256
5c8900f527ecd54e2e5f0ebd3d3d4d651cd9d3bbd10d269663acc6d20d3af0c2

SHA512
30b9cae58d545af89be522b8f4b9792ba7a654098fcbdc4ebcedce2dea4c91961abe1c29515b349e4ee3b82e7676765805348b9bc57604cfc9ba5ae6c7e623d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de9d3ae2cc16e15e1be6889324646dc0

SHA1
a6feda9994a91336777144e3b4cf1982c20e92c4

SHA256
3065574e5c76fc1b35f4484870265247140485267e5d6dc539839aad9c540836

SHA512
89c4f726104658a744eb18a03ea4930669a8f923b3b1728cb2796cdf86160a224a375b7e8f1a33dbbebd67715c9c6099fc1e32f07c21df887eb6e8758eee183b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f89b1b4cfdcc097fae3d515ee424fce

SHA1
1b45685f0133a4f84e940363701ecefdc23e1519

SHA256
1dfa4349837ebfcc20710735ff079fb27346dd7edc8a138d46c917c703564ff3

SHA512
9ce9f7eb4739e1df2a3ca9aa77af3c5d9d4a07c812830ac90663ff9ca2e494b78079caa0d632a7c54fa0ad3d0f5e7fb55ab7b388fb2c7ce76900ac411a074863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4ac2111e06918f7d3cad9fcb4bb63e5

SHA1
26d126f7c9cf106a340b524ce31950fdb832b2d6

SHA256
3750bde9182c0330f00ea1d38053e7dd5c481bf065d6d9c1cb9be8311e08cbea

SHA512
0325abe0bc0ea407d2f9d1b11f31c6be0187fc8d6f56c6efb93d993ce11642b14d9b25910d1eb5d12d2fb1f56fb4441e4217663a27224d7705ac42ef15158877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
83fcc872de0d121b379a95cd25755d45

SHA1
7f59f6cf4b0a78600083f79316573c23c74d2478

SHA256
62706c198cda32a06ff2004b35f75531ea8ccb41b6155ac9de991477df8f3f01

SHA512
07863d91ee390e77d52e8db06e85d25b6022265e4cacc5d6317104bc1472750783e56700f1e98fecd5596ceba800056f5f12a711184061eaa3695895831f5659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38135e88b67039537686329b490dda5f

SHA1
fb41d1c8c69de671e994e1e2574714402bb26dcf

SHA256
7be7d712f4a7a9c56eb345302c382c7eb8446cb6cfafe5c43ab7daa672a49529

SHA512
a5ae88d4986f174b0339bf31eddf64c6a92e1172f336eb3dee7628d6bed984c235994c97383bf8f5c8ecb19b43d5e37d016aba1d364dab6d5cea04861cf6b3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffbb4df5627c67f833fbc8f30a5d5b1a

SHA1
5b6e2d5ed7046b542a0079e2e1faaa532821a842

SHA256
869763158c969c31a5016a7bb340816fb6c13df73d88abb6fae8b25b8517f91e

SHA512
2815171e7614e9cbdecac12f09cde6df451fa06fc942ce43ae257add77471865d66838707c62786611fdc2a4948f5707cb3f770d4262b7980799873f095de349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c424fdbf0d63b3931e2b63dbd5bf6c41

SHA1
2c79c863a887794ccf4990c0e1e88ff43490096a

SHA256
bd7bba92ba38ebe164990846c8b612fba1be6716692f648ddc2ef7850d997ca8

SHA512
451b93f7b2c0ddfc8f787c61172717c1713332cbaa143cb54657f662bdfb76bc416b471734eecf935af9a3b3c58c1b44d2eec8cf8e32a3333f0f40aab01e25f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
71a8ef6964e0212a521c24808d69c15f

SHA1
33c54292a6b19372e418de08285a9e17af35064b

SHA256
ba455996a65b3bd9bf6860415716b4ad97401b2a0416c0d92a958b244d30d746

SHA512
0cdd8d789f31e9410837a5bd500f3967576dbc29562b0bc6c69eccdccca0019aa867316c289308d954029d4b169119cc52f76dcdb6931baec2ffbb262f2f7daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
6c8c2722fd9b3559b495c03a0bbe794c

SHA1
3c16a586fc9137ea47431209374a12ed5b90bc92

SHA256
fcc46c78ef645b5429c3d9b49e156eaf68aebdf3efdc5bacdc926231c99a884e

SHA512
9542bc5b6b3d1b107b15aeae51494533c1f46c6751c266e4fb2b3c05224865646ee37716983ea0f6512625bbd9e8443befc58a7cf512a1dcde9e339f940e80b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ec32705-692d-4efc-817b-8ab8ff2d7562\index-dir\the-real-index

Filesize
2KB

MD5
8fca8bb1f713f8d33d0abbba5a371ac3

SHA1
526a30f4f285330e386b1746fb884662ec33d2c0

SHA256
800b8d38e07c7a60c0ee27229229a737d4c7dc596a4de572e6fd3ca56aed154e

SHA512
e77502f79ed296e7dd3915cdd7a64a1e0b58095bf89fc03ccbc9d8e6346cce586a97f69071c531e257dac25203ed7eada640d876058142894aff471d4c3d4d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6ec32705-692d-4efc-817b-8ab8ff2d7562\index-dir\the-real-index~RFe5baa65.TMP

Filesize
48B

MD5
d00a4fe286bc99b958368f69bdc20f23

SHA1
9306d7bc95051a36ebc30eebbed7c03fe4c0e084

SHA256
2448688c5c0d144e8b821832cde08fad48f7ca091bafa934d4a5b6661dc1c421

SHA512
adf6c1979a88b068eca0fe8cf5d5e466ab53aeb76cf629112de0a1bbe61039a1668bd1bf6e6c0bf93b63c9dc864100807f7228e0fbf2ced2951591b7755bcd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
8bc777530f6ffc8b13cae8c9f4ce8274

SHA1
3e9b9f65f640b6c58fa7be57e89e8b4b7bbff141

SHA256
a4ed51bd8c2f5e74ac2dfd5b160f0c585c9678b8730ba64c1c4aa87dadabd964

SHA512
cd3aac18b145e7b16c3af2b9ed0a43681e6e47abce0efa33b21650b87ebc6070ea8f50fd1c656743b7a4c718edae5fffbf48fda70bb10e7009ec46af40a92c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
23bc80078a224e5d2f9e3494aad99773

SHA1
b530e7e85af1e70bc84866bfe0c80e21360999a8

SHA256
b444e0d7e266c7dec5006d09e27838c6a71579a21b315e6f95e75e4838ef62ef

SHA512
530165be90b9d4a9f9f29d82a9626af01ac9217540606cc47be7219bcf84a3a2af44d162285431773dfc7187058ff7e11d72e146d9ced12ba041adb4daf15151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b3112d3ac3ecc48fa2c382c34cd25d67

SHA1
6cbdba02b5c1a473ff544cee96a26d4592d8fa3f

SHA256
832c5945343aff85503a6b2b01d38c49d134c6d1f7d2018a6e26b842dcd75955

SHA512
34ba9142e26c378db709f0f3a62062f11713cb6b0974290c0b0d08983ffc1832102ef8e846b95b27321562122bf1293865269ad1f0ffcee8aa78272e2be25e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
7ded0e10c7ab6abed822587e5299ff77

SHA1
b878220a5c0f2d8eeea2463f9d974e39ead5c247

SHA256
a7ae03285dbcdc9f13ee159161ddac26c88252828d2a12f37521c277749979bc

SHA512
5a88c3532f5e37cf8497a9406687fd67b4fa4dfa0a6af7122cbc02f5fe4a9fb58dc78e1bec48f637914abfdc640edaa95fc6bf26dd8efd833329243122bbfe32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
377b8d0b9a833c2f98439f334813436e

SHA1
00bdf551f68f54a1bc91ea76eb5b4fbb03ad55b8

SHA256
890eed20953a9c72092c95327d373ece00da73e14f128b36b9bcbdcadd915d9c

SHA512
104605137560a33046a7ecbe90c5a9a8faa1765f99f55746b5e9cefd6fa63ce4d18fa740d5da070d4008aa56b6c922eef254e803041d1999faa51d9fceefa3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
0cb2fefa2a981a64d879ef62ab5affff

SHA1
84640ff11dc3a759eee138208ff46e4102173b23

SHA256
b7580188f58e1b0f36038104b851b63ab8dc5aa5982e558513b7b36b00cf8b25

SHA512
b17e1def247d8aa2b5336a7307bac42e0ae93d50fc235fd1328fd1543cd2610acf1509d0f6b5c6e823a77582fdecf827317705f88e661651294ee341b7dd94a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b3ad3.TMP

Filesize
48B

MD5
2f66347bd8edcac7fa9fedba1eb102d8

SHA1
ce943330c1de4dd1aa2bc4cf5f93e5d9a2899d2c

SHA256
599b30fbfb1acf002f6a035a095dc7c7a032c9ea7d90bd0a8269b3cebb1f089a

SHA512
612b5b19922618111e4af62dd56b73506cf261e47fbe981bd90bf035803d80a5e4667d16269523a28e5f1e3cc34a918485029432072d49d69edaa3d8a8e3816b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
628ebddc1241366a208eacf7c6b0f16b

SHA1
13863755177082a8204d18b66900636815571a5a

SHA256
e0694b8a293ead7ff938bdbf3a70b8e153b3110b35a9aec5171258db0693e3f9

SHA512
48b26822bb9c8a85f9b38549f15e29590603078171b242763106e00ef6f569db681192487c2fa33832473b5a01764e3eefe3047383a0d365ebd01c08a829d399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5f5783a976ee68f432a5333a4d8b8e7b

SHA1
e171918841d0145be3f4a5b5c23de181d5512439

SHA256
9f756eaba39c873e0a8cf276fcf8d0a3ac21d38b9d0efa6ea29087997877cc3a

SHA512
b9180c5c576f4d2a326c8a2f2f8eff054e2734cabc373d7ab803cae970db062afb7865d78acbe0dbc893c8d3e0295bdab7449a090ddc184c0df98b5a665a2835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b78f711e996f63d0265cb90cb051fb71

SHA1
8259fceaa11a8b00ab11e8c14f4c77864d7bfd00

SHA256
a456a25db423c41e2a98db1f9b68dd5d704310931fb697c00d183e7a2d5928b3

SHA512
a4da13fb44ef9fc04ab418619250e90994d15bf4922ff73b2daa719263fdf4cd22c379fd5e68cb0d88eea04421bf4d3927684f8824e0c9ce1ad46e80a99cdacc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e9b6bb86ce168eb519d61e17693dea3

SHA1
f8785745d0c2e811d7783f71bfe580b49523dc5b

SHA256
3c38bfc5a9325ca3d937d6af741cbdde8759545767753eb6c013aa4cf3c615fb

SHA512
543c70b15d9f4947c2520898517f86a92e019dadede2011fd34cf5f864cd95a9ebbb4a17c78a0c6a7b5ac540cb0be19c0aaf93bea408a72d335ad914f568443c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
94d5c8c5ef397f879cb4767fa1a5573c

SHA1
c208ec50e84e308c5d6cd713cf059f5bc19e32b9

SHA256
67f2fa43d0133e02a584a947055ce4b4248987ddd98fa051bdbf2a075dcb4d9e

SHA512
ecd1f83492500aecaaa39493e5a3c113e3b1c195f8b23881cb60d2fc04445be1337100ae410fffad95387ed03a6d067af46e787ccf8a7a51150ef2258546583c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f505b23045d86cb57c086c7d68cb9482

SHA1
57bf1778337d025f4e5e97f98de87e9358fe3d1c

SHA256
6d636f683247da742b1cc4e0c2fecd7f4b97ed276c1a938e13b0cc725f77a134

SHA512
090c1e9cfb526d779b099e27aa3461e824958a3a120020ff187898d5e174be4db83fd0550e8834d180fa7479004c5145a5fbddd7debaa41ae768c90bc913b9bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa66bfd6aea5a5b5baeb5863d8ecd893

SHA1
0f86425400b5aaa5638229a0ae695c33fc715f7e

SHA256
640211e6e7cdb39df899aa44a20ed6bc1c1e34dbdeee3f54cd8e064d4ab63679

SHA512
16b57e3b776370f304018c3d7d8da7c16a6eca24cd2cf400f3e69d8ea3a053fa221d965255d720af9685fde659404ee299cdb162c4d54f1772af2015074bc433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b23a1.TMP

Filesize
873B

MD5
2c6a3f93d1036dc8ac8850c10cac3b62

SHA1
a612fae3e7d1bef0ea5ddbde7fd94cb6fea457cf

SHA256
ba789688429b90dc9c551f9f64dba21f3a0ec49aeff1b053c9c37eb7c893de2d

SHA512
c6023d292bcfa17ee6edd31751803226b90cc3021b6e41caf54742695a798d6271b358fe81d70d1d9c8ad1209620365fdc4cbc392165f1c0b2f7f49eb218fc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
28fbf7606745136350279b63144c9506

SHA1
ac379f571a6748a3695d3a65801fd2c76d188a94

SHA256
2ea7bdf558b6ae5f93c235bebe843e96de9ab9defca89e4574a008a1a07b2513

SHA512
981e933e9155de29f23d72f39aefa2496e7aba110678225979b4d2754d3592482897177d67bbd20798d9024e76f4ce7c43102562350d2b853c75a2b3d2111949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b6e89dc0590096d3bd762f5ee5414678

SHA1
f57ba16053507e2b84d9a537f4af6bfc50c650bb

SHA256
7aafbcf451a7a13d93325386482f3565a772d55214bf2cc98a86ce5842593402

SHA512
73c9f087a11dff6c9413218e929626f900a9a35ae3647e83d8f2adc69d7e07acf2ed04bcb1c6a947bb5653b65c4d5ed42de1bfbf0ce9ea1dcd82e00d4c7f992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f236310e-e1cc-4536-9069-b397d34d713a.tmp

Filesize
11KB

MD5
27f0d24e6385e887f509123e0f1b5a32

SHA1
8ea037bf96ce9499de79708d195259bf20a5bd44

SHA256
083a1855df63ed6f830007a351dae0f0587c44b73a67e1b0682a3079f508041d

SHA512
21a753a10a507b427d1a4678a6b3ce2cf8a1bbdfe3fbe47f1b08f036e4ac2b33a5d15b1bce74ad775630e3b2a59f980fa13cb18f8632d87b5f104643c8aed933

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b5cac3c9ec4a827db0f3315b755f4852

SHA1
54031a1c5ad06934446cc17e7d25cf5ab2a75f1a

SHA256
0edb5868c5d7997b6a1642e3149982a727d53f9ec555685f8c522a369a8e5bb0

SHA512
d342a36c4c615871f5bbe3e1b5afbc5f9cc49e9a482a86054592e9f8044fb2c1a1bfff7cc19f79c6c83ffbcbf5ea33e6ff206e1e7e04c6583c5997fa9e692167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
84d93cb07bb1aeda21fa12fcdc097a77

SHA1
174c4141597662daea31aca314ae89fbd55e5b86

SHA256
0bcfacea0c5b7f2b26fa9974c88ea26b29221c0205c06e8f761b39a1f138b87a

SHA512
c2174ccb40303b2010c5c09779e09982e1fb8d04fad2c417b8ece3c001ec89e1268a9e19653f435576bfb909efb61a5161f772f3ca6b24ceadd4e1b75f55e213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\datareporting\glean\pending_pings\8d2cbae9-e9d1-4e2c-ace8-a56a18968187

Filesize
12KB

MD5
da94cb32ce6fb25fcd7abf8abe3c18b1

SHA1
1934cab2a53ed615e3322e869b356d8f78f05e56

SHA256
ef73a2f79de4f413bd44405aa549b587e9630e250853f61051a665b1a46bd0b6

SHA512
b31a9c6ee1ae80cc49de0bce854331ade8b196294956f51a75b566cd0a4827671ecc0ad38af61213cc8c97437db96adf9a764b78bd51fd57a595d6391d322615

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\datareporting\glean\pending_pings\9bca9864-3b73-4a4d-8122-436bb2d16430

Filesize
746B

MD5
2f5e11120baed09df50fbb511730ffc4

SHA1
2632abb9377330440253f7248b3572cd297ea858

SHA256
46e2aad02de25332a2cf38e6d789113d9a135d85ebacd83f6c881dcd244326cb

SHA512
eaf29a18045131af8323182706a4f1d216dc7599751c776ab53cefe1b67aec3f0ca145c84ab65333e1de31ce3de4aeffdbfa027826a4933f2b7f558ce1335003

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\prefs-1.js

Filesize
6KB

MD5
7089f3c31f114b7f0bfc9b2b99e719f0

SHA1
170198ce3a168a091bf46bfabe9bdd98e749a4fb

SHA256
b38ac9e78d87a2b0e5f44ac49b2a57b8daade8b406afd29084d5fc23e30c9812

SHA512
1b654e1cbc0dc9654e3eb8508a712d8260548dc778d1662cdaf934dbfce2512e543b9ca21444530801165c77e5238003eac2cab3cd9253d6bc75ed1b81b6e9a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\prefs-1.js

Filesize
6KB

MD5
1bb4cf0f43d0e35fb8987cf32ebdfec7

SHA1
eb8b83f47246a8b52fbf0a5c3e7d65849db26ce0

SHA256
00077c8adaece5e65d725658fdf919af3bd79a03e04e80eb535edbdffdb70ef9

SHA512
e8d7fde873f03c3770381a4444dd92b773f09988c9aa0e4f6a32157ab3572c888ffc236fb1289162dfcfffbd86c089807ee4db6d70b96ab937ab8ac8ab901359

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\prefs.js

Filesize
6KB

MD5
11e6e3feca3f49b7fc16df672402c32a

SHA1
d9278612ec3da9841c8ec56b72a6bd724f259411

SHA256
394a6dc21529e8b9ec12cc1fcab81029951165938e9142c177c14c9383e3db15

SHA512
bf2e02b960606bdc419583ecf001f84229260c4f1ab8998db32d129d5ca981cd7d5cedc7282534a671dc39f1456e9567195553c913d6c5f297e25ec1546b25f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1015B

MD5
2cd1801fd1744520f854f73abced6ef4

SHA1
b56ff076ab3197ac370ababcf7c6d9620b41b09e

SHA256
ba614765a61e209990488b4cd539e21f7834c7c7b181fe2bda725d598c69ad4e

SHA512
faec1d02d26ec8f086f1d826227ec9aff6ea136210404ad860bba0f077cdbed41d0936832aed53bdc2e6cc6f52c569a4d16006168087a2edaafc98d81a96b53a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4af5cd037859e3e9034e42a18afaebc8

SHA1
da837af17d4dce4408882a0b91a339fa2b6a79ba

SHA256
3a1f83fb7803ce57a939cf27db23ba3441728720bae0ecb9f8c14a4dd8b6dad0

SHA512
a86f4c08f553345cc49f33480e3c7e7c6ab6dd934b58f18f7bcb35d6da3d339048744339301f29d848eb479f01837ea7662027a9e7d466540c8c654c449e488a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
73e0ffe327d912c4f3692ff614a6cb1c

SHA1
8673bd49a07203a1c765d1edd0d03dad0e5b9cbf

SHA256
c60a879d81f325d15335576bb96630091313960988263e7829a767fdbc4bb695

SHA512
2feacfdb3838598a6c5da12a874da087dc894433925a49f0a961aa13317b460aba3c5359fd9f4e020fa6a2679020f744d9de7347153bd05e4f5b903d2036924d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b4b2n7z4.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
62928c41c69c70da9dc3c4de12f1d129

SHA1
13cd3cbe3b4d909b8f7b837a8978e1216c2d33eb

SHA256
15e1d46b27d260899d6703ccdc3a7ddd33e074eecb105bd3058d8ef0de849907

SHA512
a236c4a334f2c1ecb3d927bf77d348a0bd7a83b87d4c841fde5c998d1a4c2751a46a597787da0c62d644330a330f93bad2ca2d948d05a458497003ec4c41aaee

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 177452.crdownload

Filesize
9.8MB

MD5
29517cb1035f00a8a1a6c6b0237eb47c

SHA1
85e4d302f53ab3aef6fd2362a9d568cd7ea2d161

SHA256
2f1adf55154a23cca7157ae0de19c74717f04ed486af59920c0e17acd1cc16ed

SHA512
80e9f0499f66ff24cb33956f6f5e735c504a288f68e14ceb2f2035757fc4c8c48f34e71bacfb9b8781efd1e391650bb8db686660a191daafec5f97a3a1abd4a5

Download Submit
C:\Users\Admin\Downloads\zbxl (1).zip

Filesize
14.5MB

MD5
ba5667a82f7527067f843e85843362f2

SHA1
80d31d0f8b6514a247818205b3d818deec16d2d7

SHA256
93f9b58bcdc819f74c0d7ab765d5fbe83a2b0bb78e645660e1c8e38485bca868

SHA512
da85de1cad3822a7573ff8f47634e4ee0cf7892b49dd43e5612e2950367ca5ff664785b2ed6c3669bb5900984497dac58d758ef20b2abf49bbedfa5b74d70845

Download Submit
C:\Users\Admin\Downloads\zbxl (1).zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit