dc1c89c243d002a2dacf10050cd9f6f401cb5ad949867b86c5f378ceadedb51a

Analysis

max time kernel
419s
max time network
417s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
12/03/2024, 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

playlists.html
Size

10KB
MD5

cd63b84e29b84470cc4721cea4a16b9a
SHA1

76c0e90d5003057814c2f3d5fe8a415b25bf45ee
SHA256

dc1c89c243d002a2dacf10050cd9f6f401cb5ad949867b86c5f378ceadedb51a
SHA512

828cbc9a6d8c6c0d01965a18807c036df3775703e306ec5196a7bf7685abab8da380548917d0e8a148ddf482cf6a274d187a6fc06a05741a1cf1c891591e6bad
SSDEEP

192:A+Hfj0rMeq4p6lNOVv6O+f5E7zQ+0Zlk38rewzDNv+SHp5GGH/z1eEgNEg:A+22pZlI+Vv+mH/Mtv

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133546935717158404"	chrome.exe

Modifies registry class 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\Registry\User\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\NotificationData	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000b4d348af7f5fda0110d88bb7825fda01648fff9b3b74da0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2567984660-2719943099-2683635618-1000\{D438E7B0-D7F9-42A9-BE45-11486E33C7AD}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
3912	msedge.exe
3912	msedge.exe
4864	msedge.exe
4864	msedge.exe
580	identity_helper.exe
580	identity_helper.exe
4472	chrome.exe
4472	chrome.exe
2192	msedge.exe
2192	msedge.exe
1240	msedge.exe
1240	msedge.exe
4888	msedge.exe
4888	msedge.exe
3192	identity_helper.exe
3192	identity_helper.exe
1360	msedge.exe
1360	msedge.exe
3580	msedge.exe
3580	msedge.exe
4680	msedge.exe
4680	msedge.exe
5544	identity_helper.exe
5544	identity_helper.exe
5968	msedge.exe
5968	msedge.exe
5508	msedge.exe
5508	msedge.exe
5508	msedge.exe
5508	msedge.exe
5644	msedge.exe
5644	msedge.exe
3716	msedge.exe
3716	msedge.exe
2272	msedge.exe
2272	msedge.exe
5752	msedge.exe
5752	msedge.exe
2652	msedge.exe
2652	msedge.exe
3556	identity_helper.exe
3556	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
5752	msedge.exe
5752	msedge.exe
5752	msedge.exe
5752	msedge.exe
5752	msedge.exe
5752	msedge.exe
5752	msedge.exe
5752	msedge.exe

Suspicious use of AdjustPrivilegeToken 55 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeShutdownPrivilege	4472	chrome.exe
Token: SeCreatePagefilePrivilege	4472	chrome.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
3912	msedge.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
4472	chrome.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
2192	msedge.exe
1324	firefox.exe
1324	firefox.exe
1324	firefox.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2888	MiniSearchHost.exe
1324	firefox.exe
5644	msedge.exe
3716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 4768	3912	msedge.exe	79
PID 3912 wrote to memory of 4768	3912	msedge.exe	79
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 2872	3912	msedge.exe	80
PID 3912 wrote to memory of 4436	3912	msedge.exe	81
PID 3912 wrote to memory of 4436	3912	msedge.exe	81
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82
PID 3912 wrote to memory of 2448	3912	msedge.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\playlists.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,15133542549859150055,16637795912763182046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9944b9758,0x7ff9944b9768,0x7ff9944b9778
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1576 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:2
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:8
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:2300
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff708bf7688,0x7ff708bf7698,0x7ff708bf76a8
    3⤵
    PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=1592 --field-trial-handle=1820,i,16319397621094861101,7497241452952284969,131072 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4120
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff708bf7688,0x7ff708bf7698,0x7ff708bf76a8
    3⤵
    PID:2576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4296 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,15311691814574527756,1627384887860515991,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2108

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.0.922168333\1171912921" -parentBuildID 20221007134813 -prefsHandle 1784 -prefMapHandle 1780 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0113a52-9361-4d38-8a9e-b49aa534f146} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 1856 2caa3fd9d58 gpu
    3⤵
    PID:800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.1.1180368410\1536636190" -parentBuildID 20221007134813 -prefsHandle 2204 -prefMapHandle 2140 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20a408e6-3b33-4c06-bcb5-15f646c000d1} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 2232 2caa3930e58 socket
    3⤵
    - Checks processor information in registry
    PID:3824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.2.1153935680\296915001" -childID 1 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b58128e3-b236-482d-be29-1d7344209898} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 3480 2caa90b7a58 tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.3.2051919006\1190899169" -childID 2 -isForBrowser -prefsHandle 2836 -prefMapHandle 3016 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3661afa1-7ad5-4a41-a9a0-a41c206afb21} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 2956 2caa692ce58 tab
    3⤵
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.4.2141785588\1177992890" -childID 3 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e0e9c8c-3020-4ea1-876c-f94ade47e0ad} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 3728 2caa67fa358 tab
    3⤵
    PID:676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.5.1030947532\171228345" -childID 4 -isForBrowser -prefsHandle 4996 -prefMapHandle 5040 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e09c12-0a24-43b7-b3df-5feb1a0deda2} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5072 2caab1e4758 tab
    3⤵
    PID:280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.6.131828189\947348963" -childID 5 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed0e048f-1623-479f-ad2a-3330e559d221} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5168 2caab1e4458 tab
    3⤵
    PID:2348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.7.578590383\600972893" -childID 6 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae3343f8-c549-44f1-933e-863ee8d514d7} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5268 2caab1e6558 tab
    3⤵
    PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1936,2564784934403587705,10541040202665422201,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=4888 /prefetch:6
  2⤵
  PID:6036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,13829327547376547516,4406931958693478649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a5f73cb8,0x7ff9a5f73cc8,0x7ff9a5f73cd8
  2⤵
  PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
010644b48625bd2f60aa43eaed4add6b

SHA1
a81624845577d05fe90991f0fff0b3d69a243b43

SHA256
3b7c275ce5be8418ee77f552e3eb8fd161c523eb1c15ebebe60c4c5bb5b51016

SHA512
556fc0f980a69242c14a501013f9892f28ad601cb7911db569da0ed814b7a180b0200a4ffddb08519f171004ecdecd77b7d2c5aecee92a183b0b5571b2714c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2d80812de04c69a57f5f2f7dea3769c1

SHA1
ee6202e3c039b737f56fce090bedd66d4b137d29

SHA256
14d670964672aba87f7ae608ff3b4f59cf61c847de6a2d8b13e4bede393e7136

SHA512
98eebf8568734dfb3c65f6d4245e1ff72d512b19b84542f4925829cebe7e820df48fb2b655d5777258e789979cf5905a8f44abe97fa3e406cf1bfe9e87c0d44c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
043634cc6d789bf0a80fbd51a3543867

SHA1
440c8453dfaa55a56a80613be9527af246ccb2a0

SHA256
33ce538ccdb66e12b0fb1248850d2c61b0fb225ddba4db3a7e89b011c9eb7498

SHA512
e50eb079433949eceb130c609d67bf475635193e06a822aec26d7da4272fd8d5efadbfc82c9bfb242a34a84bcca6f1abf6b75210d37fe672eec20a818dd31839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d9716048492f04daa0a1ba991d61751

SHA1
b9b6bb44e99a1faa739317582db9af9af34b6e38

SHA256
351ffb9588c8d3c72ad35132068ae7537c357bd617328667805cb10cdc5b6b86

SHA512
43c9d8f946a5f33bd197a47e58b6bfd71d413a8c98e8f4c546677744bf9e8e0eb616a24491025e4a5cb41dd0ffc7dbd13c93fdfb1ca002e1f8b169352b78820b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
92e553e8ad9ac696f635feeb0e904b38

SHA1
206243506921168884deec96e42a52b404192cac

SHA256
76e8f703115aeedbcaeec9be98857bc8d061904418741391aaebb36e786867f0

SHA512
0212cf2a9c7ea01eeb13310db340ea9648dbf3578677f9e2bbf8a39c90a1284300d99ac15602fe8345dc7f961277cca94d450fb4c443c4160df6c0a8ec58931d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fd26fd3ec175cf3cb29a6f07ef6c8326

SHA1
9b38258616ae8eafb0eedbb99c6dd8d51ce9581b

SHA256
22e97834ed2f2b87166b19aedd1cdadb8bde68018fec38d3a5af8a4b7283fa86

SHA512
fb756454123c3f6234d66c77b8a823190dfb528cc7a761bad92ab31c85743f2ef24183ff2ba1f6c3490b1c1eb76117c9b15b98de825143802a3d4b3b453effab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
f6399f1e2f544e861df313d3fcda1e6d

SHA1
fa2bf4f844e5c00de22a7ddbd458e44612391b72

SHA256
f985a575592d8e9e76dcd974aafb5d32cf8d6bc5a0f97da9fa889ae0cec47086

SHA512
bb634bdb0bfa9d6da55410ec7fd3e235cc9df31a94b3a7cba608207769ff4298094cb1dc880b370e3b025a1b13b280a99044e4e8806e0fbdb83b5382e32fbf52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
aee7771d2ee5e5cb5d37877f5047339b

SHA1
8fc513a0dd87cfeca787471670d44d9217ca03f1

SHA256
7de352b16797f12dcbf8c5551ab4f89bc59ff82bfe533643a6a5bc640a36cac4

SHA512
50a13a35f71f06184928692eb155ce653982722f8a58f6fcc7ea3b9dd212d7c29c70c7c542542a289fca077237c62aa5e1696c1f02aacb7a3c83eee8962cb742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\59cbfbcb-44a6-4d52-99e1-e8637e69dd89.tmp

Filesize
10KB

MD5
0be484f4ec8e5564630d58e99585fc99

SHA1
cc533faf63e756207cb188113384a4517d5b26cd

SHA256
60a9cce159f0f2c2bc2baf952139234e7c1cf5a3cee48d44e04cca81de383cb8

SHA512
90b7027596a2b6786ea3dbd8c625a16bca69cafe4ca9fb149f53a4f9a446b04ad4338234abb16f9acf1d37639a0cb4815698ac755e0c5314079b3e2a7593c56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
664265d0fff9b3c0a97db12025a0559e

SHA1
573d7738ea3cb1736e8db3d8a8f230cbcc4f1570

SHA256
e9b826a511a3e14fabd0d37728aea48afbcfa61cfc870402230c99dc37c0ac5a

SHA512
fa03ec555e5c43302265e5cc3288d1590e93fbaac79a34eaef46a820e4dc85e40fd8c561e0b1423f619945e8215adb30d7cbc63fbbcd7dd5ca133d8235d4236b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
41da3c8fd41524a1ef8447012ab48fe3

SHA1
8f02d5e880030db7dca1f471aa69380d3dafd4c5

SHA256
273d27858cbbae805662e233f9744ebb5757e5994f99f68310b47174f11f8a36

SHA512
804762549f7466541dbc4b0efcb84d383015b96b032b0a5a0954338e208180d9abdb1102daf8e150464f68d55f7ed1b9eea46209ca986f536015b207f44dcddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84e49396f4455ce20453e415e3830fb4

SHA1
d2aab986911cfd47c4f4e1b0fdc4cb78187c5739

SHA256
ba1fe1830b6531673d94577450af4179ff9b3226f9f7ffdf3ca5ebf4a91266ed

SHA512
85b758b30bd06c90a75c66853b565cccf075f1e3ea4d9ccc93f6a43c716145a458df91177d40a288493820e4a0c1e04d9d2b56317029131e7c1df5ff28f6ff11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23a159cac37eb44e2f0acf96e08a45d0

SHA1
e702ce6609abd50e65fef21115ef67430992c0bd

SHA256
ee878756ce15f31200a9d0590ffaf5e019c5e19726717561789083b3564d5245

SHA512
76b9fb359fbf140012921d315308071693b96019f13a8f148fbcce34c143ca00dc8b21577577ec50527415fc4caf88a5dbf984ecf9cb13d247e4a61a8cdec2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0ab03636-64c7-4833-b11a-8ce434bf9225.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3aa3aaf1decedeb44f2c432d32614322

SHA1
a32ba69c4497071da6c67548453983cb33da6e52

SHA256
6cbe4c6141ccffdb89d6a08ce9e895197a2f6e5f77bb2b7ab625354254d94315

SHA512
373426d2faeaedcbdf377a79281327bf581b799d87880cc0759f1f81050e0399f4e73c4f88af06ab465fba664ce57ea57759a3d3e85742f88d28f4bc45df49a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a638c7b7bab6373373d19ad0f8f82af6

SHA1
a438c56323d4a70f64e3c55dfd46e1279bf9368c

SHA256
d43422ac6f5d56bb86a24d05274a6b9fecb5191f1e4458b7ec2d355b9299f5e6

SHA512
2c4a7bcd14a9bde9089ff26d0fd7539597d95e605fa9f80ad5c0287d670b91b718c6bd7fcf749b231591b97ca16be5ecd2e25d20cda8c0d5767a48c5d5e8d95e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
d4ffe47aa981bd582ee600dfd93e63a2

SHA1
10c93d8db3d492e521c156ca152d5751026b447a

SHA256
5b37a145d98b103dd4161831d9bb6b40315b8edc63e3624c98c361bd61854a14

SHA512
15cab1ffce5f34d8e6f8645732a2ce2dfa7d77f2c2e67b416b51b5b3694efb4b291137d33b46926dd965e8d1f171861d57731eb7995fbe623b46f64d26680234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
ead66f5ed2dbafbf1d61d01b28a309c3

SHA1
94c6d7bd489f84e260c362330a61a55920c37613

SHA256
d83a0c05e60524be84b97391b320eca3b0ff8a4f10efd5fb0f4b9af4dea92f31

SHA512
1f223b8acad27ae97827e9d40b77993fe9281dbfca81c36eefc5f08752476b51252f37faceb2a09e863ffb03d9cafc9a419df84a7cfcd1b0f72a3627e9e28695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
2fc80fa0e19d6e67122c43ec18fe0952

SHA1
569ec230463742e9a20a222187f30b2009826552

SHA256
1670aca8610e16d70b59a03062f8bfcd51ea47b7271f0596c6549272eee096f5

SHA512
37aca5076c75c5884a305dd4fa994e15d893dfc480f0d07d4ab9e888b9d06039a1bd1730a030c4463756104806f36d68251776cbecc2a407aabf7e181009f712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5ed21df00f8e94b7211fa3eb0bb7555b

SHA1
22781d72dda6327ff0e252d08362f55763837c68

SHA256
fd5b49aed1119af5e8a7f9edf2797fb841a1b926c3996234a3cd49820d094381

SHA512
fb4378190dca998fc02574640b7c49f0aa4f9be9592c76dd9046e2c05d37d844061d06c7dc163712773e429aade5afb084107e6c07993ac87fd164f464ec12e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ed688256727cf33174c6a7cfc40b8fcf

SHA1
d23b23db76eb40ddbc1209fb8df1a6a2090f4d78

SHA256
dcaf003a527603d36f909724ffc8b29501f3c6d4e39c08b98a9460808b961da7

SHA512
85b797b2476ce85dad6aca0c34ccc4544e44556bbf4d393d0e510c9e2957a36e9070e53411a2bccc69ad25182892f122ae2c841af51f32b8883110a6b4b814b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
6fc318466c2076d10dd5202a5bdf28e8

SHA1
53176e7a22c2389240d4e0be7beb3cc5e818ab28

SHA256
2246b28025158ced5d370f17786af0306a59a210773239cfcc7a3818d5064c32

SHA512
28412009fc283ba450a72d1056e5d1e4153b39aec46a51d55f32ccde7573f17402226424b76b0ea57725c61e5bd7a420ba1493e6dc4c355631e0072c7880dc80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
328e52423e996084c9cdc72adb04f78f

SHA1
80e4a0541876fec9ca69aa01d8ab9603c2772412

SHA256
cb3e2ff1ca0d487a5ad3fb803145d677baa743d052ca4af6e3f140f73f6915e2

SHA512
8268a286ca248b1fe6cd9cc8cbdb194cf903a6b2ffba006d7e84ac08f9f6fce138a7a5996898f025734c47e4a92dbda7d4c88e936ba84897723401f218d6c6c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
59f773d96c04319d65f0847686f9572b

SHA1
5f9e667d847e2c4d03f360bdc8ba2445f63c7e6a

SHA256
ca63f21490625d07a89ddfbfde7782a98ed6a8d1bceba7ffd442543f2f488265

SHA512
64b39cec2604d2e8e19fef2e8f770f3b77d8c04119e89837c6891c371244a2665589229b941d3f4063e634a77d1c7bc9c10e22ad3484e19192ac686e54c7eede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
697B

MD5
1b20e931a7d71d2eae7dd9348ff279cb

SHA1
841fae5a3ed560b522363543f69a74888bb81b0c

SHA256
e1a590348fbacec8ce4e2fa6ba135e9dca04f9940a9e2bf5fb19a02e7555cc36

SHA512
75620ecf56e617257f2c8c9100a25ae4fee23a731ee07df68f7507f20634eaa6bb0a41b7cea63ac1d14dd737b82782baec6cd68b96efb9c02f5e5f9d85583334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
82B

MD5
06d7c2091734942d9d20c94db1dbda56

SHA1
57a7e2936ea3899fdac3bbd9018cf4cc95fc597c

SHA256
ec0e73a7e0b7503e7d96045c31a11c7d0ebe109d65d8635e919f2e7ce986554a

SHA512
463be10e4cc0ba1004c6b207a0d264a01a03cc1232851b9b8a97d82477fd532537a8cc07c702517cf831ac92e88165150dc862439200aaebdb026ce77da12219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
6e251c6609b56ec92ec249957902e721

SHA1
d55c6b00fcda9ff3e376107a15ea2e097c9835cf

SHA256
262fac574d6928d49384bdc708abb1aadf23c37a1cbfc3d7c5a9ca362702c3d1

SHA512
4df821ba992dcbef621c32645783801d2200b46583e481184dd497e00c3365e5b26a8f3936965e6f6f07afd1a688ff522e9620b3d96456210acd44bf2b08ae82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
744507109c19f5923be4b15fdec05563

SHA1
5f197173236627689268583c753fc3bb6b7b2327

SHA256
b865818d9fc6c87f6a77391a92d18d3bb47d7027a508690f6db1d64269f49ab5

SHA512
bdac8a156fb004c7e3b9e91ea2588eff34280e4c3c20a5d1029e0f9c3d157bf5643997deeec23f6f45999fed9b3a0b379aa7c44ccc64bb76065af3d667e49d4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9246cb538dd8e02df4b72c93d19e6263

SHA1
9fdbd584632ed4e70a546966a2078c4aa18f1635

SHA256
48d8ec7b0b110cf1410e1b988a7f0b384b6a85deedbf7ed6b8b36262001b9887

SHA512
453eedd7fa9f9f009f516980f76f4ecbfee1d20830c4911963e6c6430ca8d2ac6150e8f0f5a1b97fbc1815c4ebb284099ba8d292fc766cdaadd90b7ab0111af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f16c2b5328382612cca6ce47c4f3ea35

SHA1
1bb758dce9e7b41f9b7541c84ef3f226a2a85e8e

SHA256
1cc5a7b46e8988c6af43103c341b406d91eac8e1d3bcae9129197f3470c9cf39

SHA512
6b53f976dc0540b69e87435cdf7a2ec6902d94e1bacce6c8ae5a4c51b155c21e6a4f61fbbada435b6af4748a1991cada429e2261f214368a5bc4bf91fd55af99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d88ce1afdb32c554167c236fcec9ff0b

SHA1
e6b743c68950ddd6c2f2db3748cdb5290877bbc8

SHA256
36ec45db8cf5b5ef80de577d76d8d082f23d35d811ce1369abf79a6e32bdabc4

SHA512
c6edf5441b05d2ea0a728eef7be3603a95fdcef90968175e6cd0e5c0baa713ce649243b54d2e2eab55462d36b36a2e9403b3d75a5201d9021314241f04fc6aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6911bb999bb41f420a0ea1a3d518f368

SHA1
231401198e40b85b68540c87e1a7a1cfed9b7faf

SHA256
72070bf8626df6c4b9f026fe068746747d409b01ebe6381d235d4c14cd25e39e

SHA512
dc210a05a136f25d2aee48dd32089e52ab433ff2efefebb2ab097181859464e9622857d711d1d0f1760c35ef9429c868c4aa1353395e5bef434c64bb57d89d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
7c7add98b2138a48d0e5b330a4dd0957

SHA1
40069f88f1cb7f04d9f4ff88fc325245a3768d82

SHA256
23e7c99feab8549a190fcf36056d948b5a6e8fe108691bf98c8af861f9d87cfc

SHA512
82c3373335720476f3e71f351f4c7e234a5c3321a245fe90ff54095f572b475b3cb0a5b610bc600094c2da52bf049925b85816c303525e4d5a89287edb0832c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dcb9fe29db4dfc40f98b44f18f62f16d

SHA1
4d822f36d35df3a8bd5b697b0bc39987732f521a

SHA256
e92d247596b8f8a1e20363bb9edd776a090130fc08156e19e67ff038efa188cd

SHA512
4fcf2db5bd85aa6c550e4c35a57092921ee27abf9cc4baa7a8a2b39c24c5f0443e95fdfc92b1ab3921f818680cdac755201006e422f3ecf81c7a68734f614978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf7cf72cdb50b9c1a1b9df3635a1125e

SHA1
9114a196ed00fa7b95a12018c99191ce3e4eaeed

SHA256
00b9da79a3fd2aa93e54f59952c8407899b0ef202381f0866b60adb637e573c0

SHA512
4eba87b9ff70ee3bd99959001ca5003926f7f5e64a3f78c1c586b1a5ab077940ca651e0f83f38a1b97f7746823cdf1e484642fa0c20955238304425ceaaeda5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
75ba4005315b75fa6709b577f969adef

SHA1
6fa1b699858aaf493f80385bc4f0decf0d389f14

SHA256
9f16bfc0db9c1470eef9d4405c2e95d5e38eda42855dc95d12068b81236cd670

SHA512
a6fc73e2172564ccceb6da71ce19b71bdeb885fb811ecc07bc586254adfa1c183dc3cf4adca83602736af24dc9601159a7df304b88ea3f9beb3d74a7519af6e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa1906790a1314b9b209d081b0eeab8a

SHA1
3f224945fe557320dd3f892e67ffeb35973fdd43

SHA256
80656c320e0d1f564ce9118695884303823b3686e36f152ca0e740903b6c46e5

SHA512
b059956a5be5e133c3ff0fff9a3a3f7037b4b3a5211d2b6c7775415ee53ce09a68838bfc163d4730481023050beaded054d4f99d643aaab7b9fe915f0b3a6d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bdb9f3b756920fa2da8e9e699691c87f

SHA1
43f33b6cd3477dca44b48a5ea183519c7eaab5f7

SHA256
a0b0016c751fa445ec9c979384e7362f48b33e3a054b361210e989dfe8fe3eb4

SHA512
3d5ab57d1e083613b3deb4e793192c5bbb47321760c23908cd6f2bdc9c63099621610e70cefb1be1651f79f1a1dc50cf458d5b938d2e11da57d60895679480c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b4545ec3821f5f532968862bb1d10ff

SHA1
69ef5e5b4a95620ba66abc4626dc242282782745

SHA256
8ebbc441b608718680268ee0f8560629c2250672ed8f60a48adfc04fda5f2fd7

SHA512
f39aa6f0ce70161d6e7995b9f5131479a505afcf342ce237ec52828280821d46949d6c72afce16df635b933e11a73fda0b015cff8a0452ed14bc5776b776d2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0337cc5f42489ef1da37a750958e7136

SHA1
6f14095f1e3326f6c139ce6a568c8b2a5c09f8be

SHA256
e69a358b66c814814377d3fcf90e7927adc0b7af6d20dd6c1b005f70360404e1

SHA512
2b980507c2af103297921333cbb6f7fc69a51c55e578811ab10b40c8b1ca3137ce1c0bde52702a6e375d659beea7e1a0ddc119531170a94b866133e028e9913c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67d4ad6400897feec6b31c7f5f3cf50b

SHA1
f3c84b5ad74be913a5c39521d1c496ec1245d487

SHA256
f52d51276d63f7837ef1f320d2b7c59ef9bf70e8c6c2b02f230b4c3e78c6afc1

SHA512
8308278e3ee7c0555842d87dc278ec2054fa3ef1f982fedda6c22ac4e4881a137350b0b63b71dc3d8a8dd868f44c61710dced6e4dfdef9923760c019263c18cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
528e51e538b7b44e75ae08baed964e43

SHA1
08ed14744c2e89ed92dd8ae3a3d1928575aa2241

SHA256
5e765f22756e80749de99177cb2f8b2fb70d5cac83fd27a430d3e1f0b946a7c8

SHA512
af3260334c6135005aa242f3fa499d66e888ddf5a95810c0a5141f43e65ea75d6850a22846da01baa2ad4279898ff67dc3316b9ba755149f417d1ed553e984cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b329dead07b3236a9bddff989adef403

SHA1
71bcd69d444a0430687f94c8363a81f4fc4d46a2

SHA256
74cf34ad35fac9d9373acc2a16a09f59de53c05e7f326b067dbc4d50c2d39055

SHA512
0c58cb26129f04bbfcd27531f39550105c33e63f1108820610437c9267e15ce0507f5eff729dd2e6b1c1974b6a7913831728fb9c27aeb876b0799ebcd13fd59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c7229b4935ffa2a752465be4d543cab

SHA1
cddfef76c8db77a70de1e7f6b0eab30536b12153

SHA256
37e036c8807449aa7f13054440f475c4e6ddd29ac919792915d0015833fe944b

SHA512
64a6860ee143a29853017fcde93d1efdd1b0370737249783908d45aef699812f45adbad915a31fba6f376b02ab3261ab11f070f68cf2e8bd3cb89aeca4b3ead5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
51de1d8cb7fb2536264690913efb973a

SHA1
6a2a5609f913989d3ce0d48e008a7f6a141bc262

SHA256
73b6be7307860e35294cc00112ecd7d4c5fafab44df0eb1471132234477e0587

SHA512
6d567d909dd0c31ab629c67ed1dce56287ac54ccb5f0555eee435f61a68127646d3c58b99f19cbbf0e6749e79fa7c6ffa353bbc5b85f62cb603b98a0d78ce130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2878830e21c93d155a247c0d8afe673a

SHA1
9e64b401cffb6109ab67984304fd0636d66de0c2

SHA256
3a368f46b5c0dccf093d2e1f3afe3a940e2f97c7d7ba7e63f2ca1266a2f67edc

SHA512
f8b1becaf41bb273530efb0101f68491be1888da3032b627788593b7fdb621d40f93f5001e972ea93dde25720763f6b5e4ccdcd506fb1d5e3458ce681ae55224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b7c371bc0d4475b5865bd148fec16ae

SHA1
8a4c80ac5862199f70e8f7ee4d7826bda3999a10

SHA256
2f2cade6bd899e27a841dd412788340496aac0539384adbf95d856b62a980ce9

SHA512
febad5a6ae7b7cc74fe357494c7c01122c10561dc68fabd30b2d54715ccbe86dd1260e82bdf18bf84f48bdce19036bf6e04fc8bc6c81bf1425ebc2b4671d11a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
503faf01374b49f0eed902377884c57a

SHA1
a5235ca251b89ae4df6a0f332bac87bf2ed9d734

SHA256
d7195013b976f0455b93678859259c073f70fe2ddb1fa600d830591bef0e7991

SHA512
8aa8a9a290afbef839db103a1b718f4fc6573da34628aef7ca60043100abc8561ba59e6ce1a84bd458e2e09fdd03e380fb2296de7dc92e5c52a75f9d55638898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
39c98bf83d511c94f084df1e3a5d04db

SHA1
57d199d47aa40ee60ef48f9fa91ad8698fb6c831

SHA256
361644ca87abe0b248b801752ff1fbaf9047b5603d362e40ec637065a80558e0

SHA512
18d64616c660454217ac5521464d6c1fdba5a29bfe891a17f871db171cfb518f267848f7b08c5e6ce1dd4a8267142bc945f4b4ec9f3c7026041b40f5e7769142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
39b56d00bc075fed6f8a79c389494c77

SHA1
7be02dd5ec487726c1120abee4a77cbf457837cd

SHA256
6f65fd16cf093991ae0c250f220c8c0c82fdb5aeb6bf7b8464c1117733553582

SHA512
eaec7219bbeedef99d57f073ef25964f060f34abc646bfd02749a7a1c57bf8de386925f4637a945ba4367d047f8acb706f23bf329e5ea5a818ce2c3e5362616a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
a1c47aa8dc34db83e2463cf7fef67c2f

SHA1
5a0c62983f89f5397a32645fd53633af31bdd59b

SHA256
69ce53123ec5f719fb68dedef909c9326db38afb9622bc592432a7f49b9a0e12

SHA512
cbe0542bb394f9ce5656f024539c7b1674e122220537d53c0c6d4da245bea95cf6e83fd83ced94b3f15eb1f39daee5faf87af3cc69c46bac756665d5e739bfd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6e79a0bdd23e9b16951f0a4a1e98136e

SHA1
f18b9f17e45d7f52d1dd24b92f3c9658a516d4cd

SHA256
2535338fc6e913849f4ed57215f689a43b3749b522864228a7a35e0009949224

SHA512
6ce910819ad87554eee1ab474614c16538546a8aac4e1996f2806ee7f2ea36caf36a59a1fdab78aaaaf204e3afd5f27903863aaa1e569c26b1d7803276d2d1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59834f.TMP

Filesize
48B

MD5
4a3b74edd394520316a42ae863102165

SHA1
c25bf29433d17975a23be4a2cb034a3fcc52bb63

SHA256
61654813111102cc86b9ffb24004b6183f9c6395a954b1981f791ebcb3e5527e

SHA512
91b98859f60b31fc992896e5d79d8f41b3e3eb6483c50f91575309ec8630365108a31889fe7c8f496b8f0271ad8743d580173be288b3114e9d402cd7cccb299f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
647d0f3701a6bce936cef83a5926639e

SHA1
67f8e9184ccb791c7ecc499fab8c1672a92dfe51

SHA256
090892f7ee5da7838f5348fd5fe48dac6dbe1925b7a2376d316efc752e2b3fcb

SHA512
00b7a6254a6bec7adcb79eb20ea91be8eacd1890e6dcc8de653d569a9f80037c062d60ab388f3ea6d5c99e705a9199b8b7ee630c214ac789fd05821daef77e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13354693542055107

Filesize
3KB

MD5
309a138fca955fe47ed74c698be5b794

SHA1
0f007008d4f7bef0b56f0e7ebe48fc2ea71c5c7e

SHA256
daef0f7b5602c2c345614092b556ec755ae2f198f100316932e03a4ea263aa1a

SHA512
f98ace02dd5140b62ab7ec57816979f40f44a8a86d965aa632f342ace6bfb3ba1a35523eab8ead5f01e7230a5443b50aa80501a073f3b3f501390481325de0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354693542234107

Filesize
2KB

MD5
6a0d6a7b3763d77f6798a8b878ca4e35

SHA1
62afcbe8458aa148fe5ed56007ff71674f92a3c8

SHA256
fa9ce60c6e03ec046f00a3fcc462301816fec16ce440df833e0ba05018017733

SHA512
963ef067df5aa68008efda797e2c6541ec95815590c7c1e03186d3cfc230b16a863beb508e1a8a15384e8be02a20b3d2678d2b9686d6281b60ad1aadcf34db34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
74e47a558db41fcca0d3c36cd1d2d9bc

SHA1
821554e09e7dacbd63d5136bc232659cd7987fb0

SHA256
61024dfc18bc5126b5ecaad51f144b940519d73f00314b0c194dc82627c75983

SHA512
c214616a635d182b3b09760d742831a69c57b142258ffbf4ede561a9e74d8ec3ff9cfb35124a46df63e22fac4d103fb4081c1e151e40e8ad26c6df8e0aabf1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7757a82efadfe923c9f692ceb7a0f771

SHA1
31b5014b15ea68f541a3e6090aa803709f0c291c

SHA256
1cb2715e34eb92ef4f6dc124158db5aed96bbd78f2feb28127896a5fa653b6ce

SHA512
4ce7f679c556a31d46cfb2d06c0cb7300c0e7dea0bb9dc80cbf147546c9be73f1bdc177a1335a58995b7622b33ae61a33e2c638b7cc9483266f2ec14883e33b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
834f5796ea01a33e1c4d5471ac864832

SHA1
5e54f2398c58b06a4917431c87c46ca210b33ac9

SHA256
33996588703870391b376e5b1f9d73ae5407030596e2843e245bcf83281a8edc

SHA512
e0ef045dead8ab159bf30c7720f739f9a83b251ad4d8e46489a994bd186e1f3da24d25199e1290dcc2e9718bd1003642efad2dff578e7a0795bbad575e2897a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46fda27f7ed48278611ebaa44aec0015

SHA1
9a4e18aae53fa59b954bc73876f0b26c5ac2913a

SHA256
58ad40c5df31aee2bed0d260933f1d873be380b218c92f09893de7a9ab8a6d18

SHA512
9845559b3cf1cc3fe39f59a3802664714b1aa13f090ab3081e68d4b5be49d0d4672199ec400b1cca12d98e0a0556b162660e683057938a3eb50000b3ce63573c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b27826e89db333b282871e177eb1b03

SHA1
7035c900909bf4359b4e16e56148a9254657e46a

SHA256
11f4ca96f765fc2405522dec013dbee49101ad23c2e572b037dfda39e5c17e82

SHA512
2153ef30490b0bb3c46252141d6b12d5e43d84f2bdb2484d13383487ee56bc40e07f9c60e34cbfaa6ba07903167fbb30fe574e3f8b930c50876dcea7fcb69b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab2f06e31bf4a6b36d7023dab1504486

SHA1
a9948b71b52898bc14164e2d622f00f8a4007cfc

SHA256
779517e32fe82f337a6f38e8562f1193cc3bf33b49bccb97b9be32de96a9286d

SHA512
9ef443d04cb00601990d8d999bae14b47f6f07796ff9b2469db0624d45507f92233d092b5e279f40405be5b3f2b767df078cefe599dce0d99c8da1c7306d08f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
e2430138c4bac28067a0eb0fc4f49c17

SHA1
69f707d01d454f7d210dbcce8193a940d28ca39d

SHA256
83b239cec793f5cc4f82ae3b42099e6615287dfe541fd61bd4de9fc4409057aa

SHA512
92a6346868b8c51a40d788c5fbda909ed75938964007e092e824eb4bb87bbe5a2913de4f8dd68fd842d87bf210585ffa6c052be1fd47b22e04aba7d330f2e483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
567KB

MD5
40ceef7a594ec21f1034d9ca43fb41e2

SHA1
6721bd0769707efdae2ad3d5a0106b1e2f3a077d

SHA256
e9e6700d4f14dbbbc334c973b8d679c3dbb11b052cb040d87fe19fac2f02199a

SHA512
113b2a6ad92ffcb999fe0a79168abeb88b1058b0b161271b63c75f3a273f6e092333d1c876aeb8aa8538814b4fec95fb29af4d74b2296178d28bee5729b39a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
0c29e43936eaf9109e4678878c5ac33b

SHA1
85f5179f975b9dd72272adbbbbce4ca0527df92b

SHA256
cdd1f5a6b9cbe64bc7c6e3fdcb93b2159398e178dfd71e9ad5cd615db83d5980

SHA512
fb227e1eef9a03253456220227c5c8556be2b766b157465fe4d06a1a50d8b5ddf0439548647e12aa2e2529b0529bc9d8d8e54351a723c2d7fb9849a3d71ad71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
27503bd960de01dbfd71969b1f851c86

SHA1
1be693dbbe69ebe519d566d57d40c8897c479126

SHA256
7fe9a16a524e9571ffa83bd0e77b5a628f685f4692c20cea583f7906ea4a05d2

SHA512
4b79eba9fb40b07bfc3d70e9aac0c5ddb0491cf483b1280fb255eb455698571314d55b8b5e3da5bc401e3c48683af9f9ad1184fe46cd35846ab33db4e728c623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4eb1ea7b4aef19823dbfc8c19c4abd0d

SHA1
7569076f1a20a81d4fd52515cfbba478099a46f7

SHA256
0079473f869ad9d4af84f9c0ad5aa5527b2cb54ef89619609871db6665475e44

SHA512
cfe132b80a15f61d321e826ded56cf31dbfd337369710b1c1d69cac32d075bb48211d38eeb85d65d353cf1e7d595d9960223614e5225403647e717269d723c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
882457a8b5228ede429588ba3439dd50

SHA1
891564fb4d43f84236adb51c1f1b38895049cca0

SHA256
8bc1be447b24e0921c1acef1fb977650da54bae8d1b58f107ed13978c4fae1f2

SHA512
f0dc3f2977ae73c0677a629c52e95409d516f7d0cfbf9dc337b7538b3134d2d1143d1a67df32e5f495946b5e4f9c562094b66df8c3d2c2b7c4da8a5785e9ee9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
7e282da81e40ab000f8d7eddcbe5bb13

SHA1
e5dcae29d8a264c9b180610089a165282276cf28

SHA256
ad6316a074547cadf6e3acff8801757d89b8ce86a368c14f76716698bd864fe5

SHA512
99bd7185b1434370a79b51f5faf5b5344c8959addc1e7d6eb361ed7f0222ec9f0199017ba406ac4349860b442323f7adf167e78f9338fe9115f7a94b14ec9b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
65385435e80941e867925d7c86cd1ce2

SHA1
71e304779ebb5ba08b50cdd3643b412cbf464220

SHA256
01838c501a452d19df74f818cb997f0553e18ba77980408d1e9b2b1c44d845c3

SHA512
7bd7c644287453bcf5b0095da5fff4621915e1a13aca07e577b95b655f90bea6f4c2ca3e0803eb245a7e42e03c0af435ec71997c6bde4461e50983c8e62b5045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b92d14545902b75a26a44696d929d66a

SHA1
dddb2e9b4ee05f1d2f4544f23699a8c3af3bbdbd

SHA256
5f77394df053f8bb279a78eca3dfc40e7a5fab440ab59289b0df053db5b1fdc8

SHA512
6829d34c9964517126523f17ee2a36ea7792e2125302981f682a428aa84a3eae994eee4da0a3fb56344bd402f5d40ba4d78b02967d582107e61e2a3d4fe251a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8ce7ea441aefb561c8239e84d6dae57

SHA1
28b62c8bb0fe0e0b1bfee31f693679c6b9f63598

SHA256
046011e966d0a8d6555dab0c2877c0c6d0af281f3a5e1ac83cc1b10e60fa2f10

SHA512
02acf70ac2e085bf0e0dc864fefa64eb50c216e2ec3c5df873401cf8fca9ff8f7b645d6887e31bf7305543a38c694bd729924252aa67175e5bcdc3218d521b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f74f663ac9333cee6adee31cc9cd07e8

SHA1
1fc5467a444ea9814549fdc48dd52f40dae5c111

SHA256
8fd847c030d0aad6b22ceb9ff5856ea7532389d9beedd760bc0a3fbecbae0af1

SHA512
e7f22926ba18d9f798da4ee9f42a7fb7d0db9a0d02726955774f1bce03a6ebe2bbea139e646a0db863d8ace50abab3c4cdafd028b395c09eddfb04b24a8bac21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
a62da6a32eaa347db510d28d410bbd6b

SHA1
a0c7e5495a4e38e17333e053daf0011b7d6c44ef

SHA256
e36f14eba1303ad6d9657960a2db76e5cf6b89a023e3722342c57bbf5735f684

SHA512
c7bc06e223cd1cb6b73f17843fd1bce83cb28c4ad7e7b77e0fd6b544db34d8448ce645e9609c015082c640b4b0eec8a6c8c258c2d5499d6e057c723a40cdd4fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
c2d283230e39e60cca1e8f57de021459

SHA1
8602341428c8c4475a8fa6d824af7992c336be18

SHA256
8cd99a27d3f6f9130a1478c746155106a4f0b3600a468f95a119d817355e7c06

SHA512
82e47e399bab25e4034c7cf227cd0315d82654f4daeb206b801c163aa186504c32141897a9108c933b2a6d692b236ac280fe292c0591171efb2f0176b9fbf8e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
e3b6a0110df2c31bfea0b9c962b5931d

SHA1
dd63409db214a27374a41e3e5966e3768e991488

SHA256
a32cf451972383871afd3a27103036c96f29848612e39436441e023fdd22c28d

SHA512
9e55495ac0c179cf30cc0b563958bda98e15dde4eeeb61f600a59a09ef3fbc8eec959bc7792f876bce43ac0e252f9b3a83360e503c1cf012d795243a21134161

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
3c0b1b1f6326a3e62d45ca5721f8ff7d

SHA1
7eb8620130617d3efaab96ee505d1cfa3252e4b6

SHA256
f5dad65983772d2e7732adf38262d3ebd1ec0bc0fa8b284fc37c0be671496d69

SHA512
802b390c1888f9192a6256c399aef5602c0b7eed264355ee302206ec51c64d5d1bd60743f213572c2f946cc03ed873fe614988f4e583c0ba563ca705f75399dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
192KB

MD5
dcb398f1aa5e0f6c710a5ebf413b6a8a

SHA1
5e2a3080bb00f4fc962cd38239282c871195c578

SHA256
39f50d11731b2c3a64a55cc0cb3b7ca0b4cf67f46b99eacc91242a69027c5a8e

SHA512
d3890f41b2d6a6ec2c600493475d4b60006e1ba0fe665b55d5dbc4b5e5ab0e2486e4c4ccfb83b108ef6cf60e4328a31afce26102a8726376d796b35a1f866635

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ac57583a85ae2158e9b36a5149c67a15

SHA1
f1313133f77afe81b5928bdc26ce2d1c52052307

SHA256
5e98c644c268268655f63c3d758067666dca3072b9b2110805804c53019966d4

SHA512
2c5222c1287a03aeb004cc608ccae1bccab8ec9678fb7080c11dd5da4503fb297160d5f2984596b4060cc6b06b8ca1dbd63a81171bd2e135c68f8988b6741a96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
53a8e8dcb871e5d80121ca346e44bb61

SHA1
e308ecdc4462942b038d666933585d742bf54838

SHA256
da45ce29eec59913c86d236acbc8ddbdd4aa9ad1a163f7bdb11e0b2e3a12db9b

SHA512
7644e67ced0d22ee264465d54adbf84d2efaad9198b884e42377a1e3c6abde69eec7385ffc266ddba9e4ee6b1f144f520f126a72ca65629c9a11f49ed7e0049d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\datareporting\glean\pending_pings\472a8454-3f5d-4355-82af-aea66eab7fd0

Filesize
10KB

MD5
251f33408dd6c5f5a0bd7d50507ed4a9

SHA1
db14a57771f7a4c0682adf50d6ae6cbd5353fe5c

SHA256
7c990aa265f67db12d200de735dddec58bdc1445d31248f28357f9757b941ad0

SHA512
3fe15d5de6703821465d60bc4cd74365e4a8d1f441fd537f7cb7c00fec7fa0d413e89ec272483f2d009654aa775946718965646ad79f8d3aa9b570eee4de5226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\datareporting\glean\pending_pings\b7dedbf9-2aad-4225-9fcf-08900b1b4b39

Filesize
746B

MD5
2415feb2b934f09e66ae4f25eb732106

SHA1
eab9cc489c65f5049388cfb75142aac3b1d7964b

SHA256
26a568feddaaf3d0bc9d5f0aa1ed378acfbdff726bbc5fcc70d89b5b8ec787b6

SHA512
cc5d5a2281a1db781efa19ed55feea283380fb3a6afbfffcbec0fe0d76a0114fa21dba39064bc3afefd0d857489ca86eb33f4e8907eb9fc5cd24add35e0fedea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js

Filesize
9KB

MD5
85346ce6bba372f7c33ffbba21a06217

SHA1
ca7b5091384a023b367475b5cd9645269df9a26b

SHA256
921f37d2f4fc68ac4f23766d297662ba3e3e10a33ae3627f65a7d0b63eaf996d

SHA512
ab999eb1247f8551d1d452e513c28472c5e607cc38639b14f2aac0abef975d5046b042ab40f8905a896cf1940316dfe7c31cb629df0b9adc53e4e6c6840400dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js

Filesize
6KB

MD5
97378b11c2898f4d310a2761ed4fbc33

SHA1
8e6381700e446e656966b0dcf1000fb17a4561b8

SHA256
f10d9a74d76165a8fc873840317f9d210d5389ebc0c16f33351182017e673bd4

SHA512
f054470703ae9f4a0326a34975217df7b630d185005e75f28bac910da32a1cf9ec6e7076ca72b1d7e0392f6540cd4c982fc69ec65dd4e6b351278efe945652b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs-1.js

Filesize
6KB

MD5
8b1d2a11c7c7a5e8dec96f1f4826453a

SHA1
c9316f10033d76fb22ad2c492117cec015c10029

SHA256
f71620212d0d8aa8dedf5b313aa556c8edcdd9a04401820bbfa2611a9f6b76e8

SHA512
73fca46496418eeb9ddcec4c99d06fb29f7fe0d14cebbb534a7119a977db5acdb6f9a2d49e06387ad7aa5daa78a0c45625f6c21f5364af5eae60a5ce8fd721c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\prefs.js

Filesize
6KB

MD5
189a11adc5cbaeb6625034eb7b1b05fa

SHA1
0004dd613454c2d635ffcde277abb9f0fbc70895

SHA256
de861f1fe4bbd78a68068163057c036f345b97ad5e4650d100bdaaa2244373a2

SHA512
d02a47c67c01f16873f3cd626543c927e8880a431e170739e038d6b1de539654a2ae310389c7c388865951adcbdb917283fbe5834c510518827322af5e8f95c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2ebc34960420763d194acbf000f3cdb9

SHA1
516cc37be70c6f3cfa1f4e37f66084eea23db180

SHA256
7ad2cda747917b1465ba3e00eae258e82865ddc69cf3b999ffc7e5d103c9495a

SHA512
9110d45378c42bc6104573d78820a045b6cea2ffdd6c0c303db8cbedc36949dc70be39e29b19eee6e14758873541e4bad530754a8a3390ee98ab4b47bd29c55e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4lkuyr4n.default-release\sessionstore.jsonlz4

Filesize
894B

MD5
0bda3368a196d0e544f36e98c063b94d

SHA1
baa471a5cf2dc80081d65943e385f5a3b7d57e83

SHA256
c40177ba064b1a4f4f5bec2a3bffb466fe553f0e06955d350004482789b3ddbe

SHA512
a2c5dd3f46517cd5fd4c9fbf778aeab9f7dd1e06f2ce123e97bd2dbebf2f2cb14f1772327be4c5e864ad60a5a2250e3a58beb801c9fb5140258342430b4e3e60

Download Submit
C:\Windows\TEMP\Crashpad\settings.dat

Filesize
40B

MD5
5764f72356d4f82c74b0c4fcc6519dee

SHA1
8a204382a9e8189f4ec6f4871054e54f9b789621

SHA256
501d06ab55369b473be158ab562f052685414b8be79856ad162d3a18866a258c

SHA512
57b748d995132f96bbc74eecdd31c8ea9bb862323b5918ff4dba2a2696d8969950ef1a76adaba3536c5da769e9482545f028de59b0133ed0c00f8d7249f0d1bc

Download Submit