hxxps://www[.]techspot[.]com/downloads/7086-fortnite-free[.]html

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.techspot.com/downloads/7086-fortnite-free.html

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
4928	MsiExec.exe
4928	MsiExec.exe
4928	MsiExec.exe
2840	rundll32.exe
2840	rundll32.exe
2840	rundll32.exe
2840	rundll32.exe
2840	rundll32.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 449715.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 75342.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
3584	msedge.exe
3584	msedge.exe
1220	identity_helper.exe
1220	identity_helper.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4792	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4792	msiexec.exe
Token: SeSecurityPrivilege	644	msiexec.exe
Token: SeCreateTokenPrivilege	4792	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4792	msiexec.exe
Token: SeLockMemoryPrivilege	4792	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4792	msiexec.exe
Token: SeMachineAccountPrivilege	4792	msiexec.exe
Token: SeTcbPrivilege	4792	msiexec.exe
Token: SeSecurityPrivilege	4792	msiexec.exe
Token: SeTakeOwnershipPrivilege	4792	msiexec.exe
Token: SeLoadDriverPrivilege	4792	msiexec.exe
Token: SeSystemProfilePrivilege	4792	msiexec.exe
Token: SeSystemtimePrivilege	4792	msiexec.exe
Token: SeProfSingleProcessPrivilege	4792	msiexec.exe
Token: SeIncBasePriorityPrivilege	4792	msiexec.exe
Token: SeCreatePagefilePrivilege	4792	msiexec.exe
Token: SeCreatePermanentPrivilege	4792	msiexec.exe
Token: SeBackupPrivilege	4792	msiexec.exe
Token: SeRestorePrivilege	4792	msiexec.exe
Token: SeShutdownPrivilege	4792	msiexec.exe
Token: SeDebugPrivilege	4792	msiexec.exe
Token: SeAuditPrivilege	4792	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4792	msiexec.exe
Token: SeChangeNotifyPrivilege	4792	msiexec.exe
Token: SeRemoteShutdownPrivilege	4792	msiexec.exe
Token: SeUndockPrivilege	4792	msiexec.exe
Token: SeSyncAgentPrivilege	4792	msiexec.exe
Token: SeEnableDelegationPrivilege	4792	msiexec.exe
Token: SeManageVolumePrivilege	4792	msiexec.exe
Token: SeImpersonatePrivilege	4792	msiexec.exe
Token: SeCreateGlobalPrivilege	4792	msiexec.exe
Token: SeCreateTokenPrivilege	4792	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4792	msiexec.exe
Token: SeLockMemoryPrivilege	4792	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4792	msiexec.exe
Token: SeMachineAccountPrivilege	4792	msiexec.exe
Token: SeTcbPrivilege	4792	msiexec.exe
Token: SeSecurityPrivilege	4792	msiexec.exe
Token: SeTakeOwnershipPrivilege	4792	msiexec.exe
Token: SeLoadDriverPrivilege	4792	msiexec.exe
Token: SeSystemProfilePrivilege	4792	msiexec.exe
Token: SeSystemtimePrivilege	4792	msiexec.exe
Token: SeProfSingleProcessPrivilege	4792	msiexec.exe
Token: SeIncBasePriorityPrivilege	4792	msiexec.exe
Token: SeCreatePagefilePrivilege	4792	msiexec.exe
Token: SeCreatePermanentPrivilege	4792	msiexec.exe
Token: SeBackupPrivilege	4792	msiexec.exe
Token: SeRestorePrivilege	4792	msiexec.exe
Token: SeShutdownPrivilege	4792	msiexec.exe
Token: SeDebugPrivilege	4792	msiexec.exe
Token: SeAuditPrivilege	4792	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4792	msiexec.exe
Token: SeChangeNotifyPrivilege	4792	msiexec.exe
Token: SeRemoteShutdownPrivilege	4792	msiexec.exe
Token: SeUndockPrivilege	4792	msiexec.exe
Token: SeSyncAgentPrivilege	4792	msiexec.exe
Token: SeEnableDelegationPrivilege	4792	msiexec.exe
Token: SeManageVolumePrivilege	4792	msiexec.exe
Token: SeImpersonatePrivilege	4792	msiexec.exe
Token: SeCreateGlobalPrivilege	4792	msiexec.exe
Token: SeCreateTokenPrivilege	4792	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4792	msiexec.exe
Token: SeLockMemoryPrivilege	4792	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe
3584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 4076	3584	msedge.exe	52
PID 3584 wrote to memory of 4076	3584	msedge.exe	52
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 3864	3584	msedge.exe	88
PID 3584 wrote to memory of 816	3584	msedge.exe	86
PID 3584 wrote to memory of 816	3584	msedge.exe	86
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87
PID 3584 wrote to memory of 2120	3584	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.techspot.com/downloads/7086-fortnite-free.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbda646f8,0x7ffbbda64708,0x7ffbbda64718
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:7000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
  2⤵
  PID:6976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9336 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1736 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=10140 /prefetch:8
  2⤵
  PID:7040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,16063000390751528456,13517461723934481192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\FortniteInstaller (1).msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4e4
1⤵
PID:6036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3928

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:644
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A707CE30D97CF9F63B0B8327B885D654 C
  2⤵
  - Loads dropped DLL
  PID:4928
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MSI7D18.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240745750 5 CustomActionManaged!CustomActionManaged.CustomActions.ValidatePathLength
    3⤵
    - Loads dropped DLL
    PID:2840
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding DEA165466944C0153E3551C95E6099D4
  2⤵
  PID:1040
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI8014.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_240746515 10 CustomActionManaged!CustomActionManaged.CustomActions.TelemetrySendStart
    3⤵
    PID:6348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
30KB

MD5
a8ec3d8f452a4e0c10911bb192f84d1a

SHA1
7a8cca27cce9408e0e17ef40300f3a1fcfc048c3

SHA256
33210bc2fbb6dd5afe984e10ebd35b476b0f1b1c62a2c70d14acfd23acea1d7f

SHA512
49750a91eda5847baf71fc75becf253d7349b0412e006d800c7ef46b9a1605a4eb6684223ad7f482ddb747708650a16c9b8b16df320142650de88bb59431402f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
52KB

MD5
7b0e25272824de358ca7be832c6116e2

SHA1
5efe6ca701c4c0c069fc5c2437cf150a273fbae1

SHA256
ae520b8e0f691c91876962908c458e5cd98b401929e856a0ed3fd7a94a403c91

SHA512
1626c7e3cc7879f93b5373350539752be074a5414c0e392f87e5d9c5b82be191884d5e9b63e773f6b99ff73888931bd6d4c327f4d1a57c1f2cf717d8586cd638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
243KB

MD5
ae14aa867183750808233ad64f53db89

SHA1
3fdaffda2f1f4d71050440ad2569ad846689ad55

SHA256
fcd7b73e67a2efcf9a28b9e602addac393c702e8d7d996b8ec3ae843f8964f83

SHA512
7ab8e63de8ae00fe83fd5313c8b250f24f26938678274d75cc5227058f66866fd9a2ad7f80054d8cfe700761686d44a01bde3dd35c72ec8b389c392d8ded5cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
31f0c9761a4ccd34cc1fb2018002b373

SHA1
9767931a17e325e3634947418c81e7e7b195879d

SHA256
d2b7f949bd2c9ab05bac0f71044e9897928927d24c986cd7d03fc3e3896a065a

SHA512
e3294c9b034027977288cd35ba2a5b91771969410d2b08ebc2b78731c086880925b18465ed25923d82d5a6bb8f7c160416de411ae4650df0ed1755f1e84b226c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
90KB

MD5
b89ee5a85f7d453db5b07d7630daf1e4

SHA1
a4eedc4b1d5d960181709a6aef84abaaa1d42852

SHA256
a8543038e73f1357a0d91d31a70490e9400de6a6a5d8ff497066c233511fd954

SHA512
0e2a72c9f20694d384d571b077ec1c6938edecd49e4b9c5bc0f077e1501a41c57a8a664fef9a93d9f37498b90765ab119a5633fd46cb03323418ede5ddc5af93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
49KB

MD5
17448059e21db9edf50b964388a9fa95

SHA1
ebeb97547172fada6190f17f42cb54accd4eff2b

SHA256
2f05d823a5c7f63a9a3ffbf3fb8e63de57f90b35febf5be163e244eac4c279aa

SHA512
f758fc486fb9d93408687bee9f8b84d40c7fd1d65d385e83647886db9803085f8bf9b52ef62f7cd4e35279d3d3bd3ca9a05981b06cea0b849312dceef02889c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
96KB

MD5
3de185dc9ad43f77935c84a51c8e4a6e

SHA1
ab18daa5bed8fac985fe4079c849e24cb6a94e87

SHA256
db5b717a339e0efa12ee95c439cd6d282cf3f5e63d370e7453903391b00d3fda

SHA512
df693ad88fec7bb3944bca3409f7bfea5e447de5c241bc54dccf4df0c8531d19fb409d3658ab72e1680da1671a7f6dffbed9b77465412e802596ea6b91e9f65a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
18KB

MD5
268eb4e1bc8b5c7224bc505a94df9fa6

SHA1
4dcb04ca08d2bda8199cff7ddf7193f4e8fc6b1c

SHA256
2d6bf71158b8cf688430bba3c3bb1a1da4cb84524a881a04a2d4dfa3ed505cc9

SHA512
70d3eb4154d079c3d588ea63a188de1f34f5da2a51f3b1749c26338d0378fdbfd17585fc09ad040b0c64b9bf7f73c0c67b5f140a3dfbe0e9f658793e7ca82ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
138KB

MD5
b4f89d070ab8823122fc3c88b12933d3

SHA1
737fdf878630bceb66be09185836a69cd04dc13b

SHA256
a26d7a0fc608a5dc4dbea44e5919196c7837fb50e243dfade49c45ce0992e120

SHA512
938a7ca8afec834f47fb904a847434ea499f8b4abfdc1ba9a6a3cd3868a2843df4ae8ab4beb14a9d621a28cecd6fd5b09f759998d005e8cadf29cb42a6efa664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
57KB

MD5
8517ff0ca8f71ea4e1c37aafa304a295

SHA1
ca81917a99a5cc090add66d6fea9b792b70b526f

SHA256
6629ad65393fe45b5d11cb03c7adbf285ff65e08e93020693a697d1b1d0f819e

SHA512
e17d5919059f73ca9d1d763f026877e241671c2f54e1dc6a54ca9380f05c3686dabe4e1ec8fc96eaa5b342d9f01cca1b45f7f6e3a6ec0b30d3982a260e668e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
51KB

MD5
35338fcc6bdb7c1120c49eeb4ce0d57a

SHA1
97637219d826a12dd8425fe43d303c4dae212110

SHA256
35066b49cdabc9723aa965910a6d2fc05707b7aa51afc673f4847b95776eb0c9

SHA512
a12a4012db3a415ea44c1851ae48d50fae112b3976520590e040b370fb77a7a64584fa581fed0816a25bb87d9d21342a59f33eca715db597620bf6d29caa5b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
48KB

MD5
0204f8853469342955802784ee9ffc92

SHA1
0151dc965ecad99da7e1d805125c96dc536ce56e

SHA256
1c34d83f33ec46baef49eebd2e359524ceef7f9ba1120f85ba157b9242872f4d

SHA512
385b4ca1fab74f18d82743f05b766ff8be42538edc5f5f5ee6379532f18941d3c92a3f49ebcb6afea96640f3adc5186eb96f8176da5fef981f303035973928c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
78KB

MD5
e619654ceb2a70017887c3de70eb7ed7

SHA1
b6098413817ab216e5e31ed4d86543525142f4c6

SHA256
c097b27593b90a3c8979e61bb672e2d4853d703ab0a01ff37860f9c362096d07

SHA512
2a83b094d0f3f11c64cae76da0e89a9a355fb16da7b96d89b4139ad16d1a422b030ec838da7579586ecab8f0526aea87827c797dec356f7600ff3d46b15407da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
31KB

MD5
67155ed272c396390c21ed4f07178b7e

SHA1
f499aced8c1cacca341bfd933ba940a4016e15d1

SHA256
400c2dbb8812815eeda4e7d123c068a5232d5b52067ec099e86e37487e2af296

SHA512
493febd9c6ac625e069494c82461042c17bb9711d661f4bb382d43adbb3dc9776e328df20d6643305bbaf2ace64efaa7f588eb8378126db81b90a7e883f261d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
71KB

MD5
5d871cdb5a8faaa254b46388bdfd3ab9

SHA1
c0cfd0f52038e2bb75ef621e6c5aa8841581eeb9

SHA256
7d09ad5625a316638ba37ae13e84adc5c2a367893b0b8cbb4bbb4b116bda03c2

SHA512
e848095f3e19660f7d40007bb0aa15b19314158a27e3b8e2ed2f2a3d2e8fcef3601f2342e3818355767e735339431770acce4cd91ebc46debbae1956f0ef0699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
28KB

MD5
c3a4471471b941289e41a8f09a132bdf

SHA1
720f2186415a9acb1244235cff1cf70abfe29d6d

SHA256
0c59ee00e797b9fa0bd36214e1f570eacea8e21ad883ba765b4de32d031bd858

SHA512
c893f8d366262fb3860d981c8e45c97aaefd7067a4ff4e392886ff23ef935da196c8f5538d8568bec6ebd1a87e8ec76412d1e5fc1d36ac50e581b3cb9305a12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
134KB

MD5
4787dd34ac59f7876fc7a3e8c4d3c01c

SHA1
0a2fa42f0b64a361f9404802fc4eea75da616df5

SHA256
cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

SHA512
fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
19KB

MD5
9a31b3d6658d584e8d16bbb25cef3ae8

SHA1
6015d2dd9ced18d00934ece35776d97f06cf7f8d

SHA256
46e709f66a851b8819579122320debc189a7242fe2f7c307fefc98f6e9e97e8b

SHA512
ff59f8eaacf725fae5c55a7be92125c73d573b51baadde86a1da28166738351ca9481a0d78edb32f6376f38e4dd421e450a1c8926e6a7ca7f168eb58e6104aba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
62KB

MD5
bd7413700347d61e76c331f09e872ad0

SHA1
edcf8c0e570d8f6dd4251bd68a2800d4dfce4235

SHA256
0ea7fbc16f020a826084718b4a536bc6b5d0a8315687b2833f64294d833f25a7

SHA512
90028946c4504663bddcd07afd11ac964b4d34cd63d090f4d1dc2d4ce34ef540efeb6a9f7412dd4a9e5691718fa0927e0f3c52a2d1a5a9e4512e19071a9532ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
31KB

MD5
13cfa53cd77baa3cd8f46b2649ce0a06

SHA1
dbdbfe23ab336a3a5ca28bfca16197624b85955f

SHA256
a2306ee57d806468b732988af50f9c991e0b8d005283339b8c24130a455df109

SHA512
80a07ac13f9b730b90bd81565fd611be03eab85c407819f800772f136ed4b35eb2bb1c56841b2b3ba63236c91d98137138e0f149214216d5af84beaef0f42ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
137KB

MD5
b83a95cf07ac50ee8bb3bafab78919ed

SHA1
f1b6eaae4ba0e58e20189dca27deef903a29950e

SHA256
9feceea882a4a89f45a4fb79dad91d658613d833008eedb329ec2e3918a7a802

SHA512
80ae45a3f7c6d00293c1f2433e7435b3a8e53dd4205985399dc378b5f08fc73d2a2532271c021bbcb2ef6aafb5e7e11585340890a7bc5667dad5f3368ba11778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d08126aeff01bdd1_0

Filesize
269B

MD5
1b3d21e76ac6bfea17596d143ba82587

SHA1
610baa6ddb10d19c213d68dfbdbb1dbbf68f2420

SHA256
40a6430428b2c6305edc9289aa79dbb0f5039809c66b35bcf00c730813268514

SHA512
5b7ea434f245f3d6887907efe930c570b8b954d76bdb4eb3cab06b22706af1b0a947f13942bc99b638a2f24b07c3b2069d64606f75af1eae31e32bf0babf7d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fc993e2125eb8129c0dc37c4185a46ec

SHA1
3a5b617635d8ad0f09fee0c81c1c6fcd9d4f5c60

SHA256
f4054bfa26dac4932147293d647c780ccfc9e34afb4326b90fb07b4c7ff14e10

SHA512
5ef18da75c37f4ccfd4f410b7cb524dc7fc94218ef9eb63c0f89e945dbb9a29d0be491a736e29f516117b981304dd1024b41f4c511f2a7ce30f90718d7774125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
38b7db5e2766e923348b69bf72f1a167

SHA1
b7402da9713c17027b7de204d09ec1eb11e00e2c

SHA256
660f0fb063e8465314d96ade16a92d9e3799c45d1c093eaf644b607035e52469

SHA512
be04d7baf24469b7efa951fa914b1e8fe91c11f55a7c1bf989cab704a5d6056366b9c7a384d15f43b009b8217d90564114d9352f0250f10fa0f10e0d46aef8b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
772dda5b2c16e78075b260d72f38747b

SHA1
76a012b5e40a6154d99a5e72a802af8601894660

SHA256
c1b7843bb8a50db5a29db46d110450b7099cd7497026d7703a15da1f44a3d5f5

SHA512
22b94338eeaf64e944cee123ad448dcc17a42cd6a81d34d5e1c1d3cd97fb155dce4da658574ac0114acd090cfcf053eaa1d026dd5ca5a9e01d20ba00148c054a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
d99f5a84139a9d12d082e5060c054239

SHA1
8b5595a5dd25912739f625a054559cf9c2855472

SHA256
38985a53ca8d5b99f7b5310048387acd2c9796f82d2232ea73ae57b1551ca777

SHA512
b1bcb55fa501f95970c85284da8dd6ef31bfd23ccf0707acc16e325ae4c8eb46395e94d0d2cf30828e861194c8c1ed0fbeaeb101f1cef342fd2cf1caf011ea2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
482e23097678631c77f4fdd06935e991

SHA1
5b57cceab711d54210a4bfab94b183e67e9bece1

SHA256
001bab0d8d05b88a8e453513d67f34011d07ab77082c16dd2d6eaa8fe88dd171

SHA512
5657eafe31bd260f239af87d650e64a84da86eb17056b9c34d4786e0939db822b3a5d3b19528cbe6f4b57a27aa46ee114249b8bc551cb52b41e655e202dde2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
a571defa054a514d29b6f1c3416e98cc

SHA1
c1b1fef4e04aeab9c14d23ce97ecb9f5d2478bf4

SHA256
a36c556feb090e2dec7c7b03c5e3333f0a0a7f4c408f3959f88ea057f1884d2e

SHA512
8eb6354a472a276d5fe70c25b9a22f5c914b246584ad7a483facda77e9aa73e59620934f15d8f5a02457d0d7ad4ec52395deb80fcea4cc52d5ba595c4f8cbcf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
9f9498f123b37760ddc11a93740bdd23

SHA1
1eed71b7de3175a93cdd485769a9577060cf7f25

SHA256
a994669b3705d776914a1f3ac0f8bd11875381fb7b8469565e1f0f4d5c5c59ef

SHA512
8efeabf4eb68653fabbed7d5cb139b89eacf5714350616d13eea5d53ded76d38c7f4428ba25d65fb7cb27f25842e9e6bb8c4c43b9a04188b6cfdd9d3fef4c8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0830ea9605293d5acea7c7810e2b7a5f

SHA1
ddb5d3b83ce0fada0d1e1ab05e5541110f394c79

SHA256
3397e078661942ca3fc2bb7f1d30ace0f6234db1911a4a8ef40f9e10b20fb962

SHA512
ff96f9561a8f88a48013ca7ec5fb3c5327e89a2e2dc2ca388f764d2b58a45c3832d1ac4dff3c03225a1ec0698ff0a61294e8f85595c0fc8985e418a2bfe99003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3f97f73341e70dfb446b4ad5af29a04d

SHA1
a9f7fef6b52c92028bd56ca9c45a7f278a8ff659

SHA256
79e5ac718c5cb0017d7bb8de863edf6d15725e0e9ebad0c559cbed3b3e273856

SHA512
2ea673c1d0c2515685c6a1e9067e334eff2992534139fa5d84909a94a17aa95b567fe46de6556a4310c434a43a3c14310774aadaa1d50f128e65af690e0574f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f9ca48bcf1d980e9de0130bf033731c1

SHA1
132d6ab6ccc182129f1616faac70b321c2f1e09e

SHA256
c79eab8887a3b68d5ec8f57a54762fe4c0a2aa0afa61e762cf09321ac96c43e7

SHA512
d4e055fcabfa29d8ad619871b23529699da9e50da1c151ace9099db22df11906027b4c18e4179692115af5e1049e4a89883b4ab6057270182d1e312e3e58efaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fefa4b271185d2bb5655f97f7fd12385

SHA1
26d168b57c607c48ad06b9bde926584b4f1ea92b

SHA256
e5680996f873cf3a2bfb3f700f411c594b8651152eebdf03eab46d2703774ab9

SHA512
6cdba31f8f9b285b5628e21540c2a64e33b3c90147e07cd4c5f6655aa3697f50eb07b3a08e59f97fe759bc8df5721570bd621c3d3f1170a97fcbd56e7cb2e2b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
32bd65c659d53dc4c8fe5700a6450e1a

SHA1
a401596b20db5ecf12b307ce102c1681b30b35f5

SHA256
514665d4a5582a29c89a4b431a97e369b519c6993b23d787b29939a77c01c329

SHA512
77697c133dc10b1cb14bcb71f193d3017f73ea207e490338189525baa5e77f35278c12c7e42d5fd578dbf20481a50c967e6c8b446fd145e66797adcd8411ce1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
25055f4492b937abcdbe6ba16d3b4f4f

SHA1
feb03d242c9ca54bde1ad93b0f792fadfaa2aa89

SHA256
8e0027235eab37754de24f9fd8b5acda8efb542c6166de51e4991aedd41979ae

SHA512
ad40dbd03928449b9db0e9959137721a251225a3a46fe5aa75a03e035a7a6f4b22f9266385e7abc12a910aee880abe00431bb8f0c2c36f9f31cde9263a8aec85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5792f9.TMP

Filesize
3KB

MD5
f769e77de0a0451983eb202ac9548b19

SHA1
e395732b5bee0ce11440f238c6af94bbbdfe1a7a

SHA256
5c64c92405b4134e30411ffae239bfcb1e0013dd135b16bf5a213a9dcf1906f2

SHA512
779f4c3e2156149552a5f6e7a162200fffc602f241693e2af6c4ff43f462f3ed3cd5a3ff52e66e92e211e8f9afd7f6aa5777bf733f6ce848060eb36599458d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
364dc4abca8a5efc52a599686008c35e

SHA1
1525cc14bcc88aac3927e7729a7471684aabaf02

SHA256
fad568c8b80c715c616581727703ad89112424fafc644577af20d14a41604dcc

SHA512
bc53fb982d2b5541d271c01b6fdbfc7393fdaedbd87a17b9492daac6b6a3f8a5d1c43c435b16e01e9fd35d727775b6d055b7436126167de98581037233d72c3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb7c7956964e3d99718a2d8bdf46a2fd

SHA1
4341922786e579b83776a050eeac3918eb11c938

SHA256
a5894fef74f587f249f715d804039be0de36f9fa02181416164e2ae5b5447f29

SHA512
6bb1e0aee3ce377edc67dbe80518dd021ce4df8d18355cfbb5445a0d38618a948cf713631895b6bdd59459379e30bfdda2f6767d9842ec260536ed188d026be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a2ced204c322a8f708f84b4ab9270f41

SHA1
d6b1af2485634b0be2201389b136cfc406ce0a85

SHA256
bae8b1b21e27d35fe0dbd3b795aae8ce2a16a713abf07c253d4c9679a9910b76

SHA512
d02285ac6ab954592aa2a76937f2e19475b422149b82ea9b0369562287b08f3c8f5da8a9fc89766aaf3ce0647e7ee33cb14f6469789cc5de09380f2e2d21ef91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c44755b4e4a538ff00ab8ffc7f80410d

SHA1
48ba99c0399db88af4b874a4ff42a275a28f863d

SHA256
a585d2e8507fb1d1c380ef6ceab45ebf5f1d2d81854a6f98ca979d39b975f5d6

SHA512
caa1ccf7a307e08c569899a6856f267ba3cdc4238f47aeda2202a5aa41a96cf0ef74181925570a8de87e8474f780b5fde02c19e3c1e7e6f241d4afaf1227f2b5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 449715.crdownload

Filesize
15.6MB

MD5
028f1568ec52324c693e0f6cb4df2a49

SHA1
186a2e7d04ef8413239045de6c8f08cb21ebbaed

SHA256
2cd565b23cab7d1518cde6a864cf077d1148c596ff4d9b03af39a63c0b9df0b1

SHA512
9e49a86fffa00efb080b28f7296e02f3f593fa682067fd84012f5158972bc63ef9a247ed3faaddb225c1ded9ce57eac37f2366f81fb714e0da8183f7207f369e

Download Submit
C:\Windows\Installer\MSI8014.tmp-\CustomAction.config

Filesize
1KB

MD5
3a35350940b2fa2c5a9c57bdb25aae3f

SHA1
f4d32d9e007478c80c23f7b70245d6401550ce6a

SHA256
361f2f5623b1e11403827ffd625c9edc5d7977d584393d6475fc5e6559c3edb7

SHA512
62756d9247cd6ead152f00d5ff7627e3158e5f0beae00520510830eeb9b1ff5b3a33201bc81240bd31f066198c6b639e3f2cbceb9155c2ce994900ab3a685e8b

Download Submit
C:\Windows\Installer\MSI8014.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
57KB

MD5
4d353092190e33544164b068a728e4d0

SHA1
cd637208d9a8a2d438fe051eada8667467846852

SHA256
f2af906206cf6331f1c440cb84eb095343dbb95d3e0bd6150190af6ee7333e64

SHA512
40e7231a12edbf3f55981eadc8af28b64824ae4ca7f27db14f1b60690cfa8d788fde3824217879efb96227a989e52f977b524d9fcf9426d98d55e86be9fd489f

Download Submit
memory/2840-1222-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2840-1225-0x00000000029B0000-0x00000000029DE000-memory.dmp

Filesize
184KB

Download
memory/2840-1228-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/2840-1230-0x00000000029F0000-0x0000000002A00000-memory.dmp

Filesize
64KB

Download
memory/2840-1238-0x0000000074340000-0x0000000074AF0000-memory.dmp

Filesize
7.7MB

Download
memory/2840-1227-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download
memory/2840-1226-0x0000000002AF0000-0x0000000002B00000-memory.dmp

Filesize
64KB

Download