hxxp://steam unlocked

Resubmissions

29-04-2024 18:02

240429-wmma9sgg78 1

29-04-2024 17:45

240429-wbp8sagh5x 4

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steam unlocked

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
3620	msedge.exe
3620	msedge.exe
2820	identity_helper.exe
2820	identity_helper.exe
768	msedge.exe
768	msedge.exe
5096	msedge.exe
5096	msedge.exe
3292	identity_helper.exe
3292	identity_helper.exe
4848	msedge.exe
4848	msedge.exe
2908	msedge.exe
2908	msedge.exe
6008	identity_helper.exe
6008	identity_helper.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
456	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 1468	3620	msedge.exe	83
PID 3620 wrote to memory of 1468	3620	msedge.exe	83
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 2764	3620	msedge.exe	84
PID 3620 wrote to memory of 1156	3620	msedge.exe	85
PID 3620 wrote to memory of 1156	3620	msedge.exe	85
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86
PID 3620 wrote to memory of 428	3620	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steam unlocked
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1a0546f8,0x7ffd1a054708,0x7ffd1a054718
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,18301174872590963935,17474628363287697750,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1a0546f8,0x7ffd1a054708,0x7ffd1a054718
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1236488854765667092,9351646047471571321,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2880
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2044 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f2162f5-cc04-4fe0-9516-564de8f4b5e0} 456 "\\.\pipe\gecko-crash-server-pipe.456" gpu
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d1b756-6ff6-4701-8c8b-ace28858041a} 456 "\\.\pipe\gecko-crash-server-pipe.456" socket
    3⤵
    - Checks processor information in registry
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1656 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3016 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b206f3d-7680-4b19-ac92-c9d2fd11f034} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e11a2db1-5fcf-40c0-a83e-a930744df522} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4464 -prefMapHandle 4508 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3ac9548-005b-4131-9ca2-0a2f907fb555} 456 "\\.\pipe\gecko-crash-server-pipe.456" utility
    3⤵
    - Checks processor information in registry
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -childID 3 -isForBrowser -prefsHandle 4800 -prefMapHandle 4808 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e0d3801-6e94-43f5-ac96-5af62dc9515f} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:5372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 4 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac8b8cdc-2a26-4140-883e-17a469580fb5} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 5 -isForBrowser -prefsHandle 5416 -prefMapHandle 5424 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c166551-a23e-4c05-ba55-5d93acf5fff7} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:5396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4196 -childID 6 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75e343d8-8243-4397-8475-157bfe405460} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd1a0546f8,0x7ffd1a054708,0x7ffd1a054718
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,813119919142383404,2798257515988067734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d892a830fe0926c552be780c2c696777

SHA1
d86f34855433e18c92aa3bdbcf7bea263de97f13

SHA256
bd01d39a3406b601c92f9e4af7b27188a70e4d2e6897daa01382c436eb0aa29a

SHA512
be72b40b9905c143baa12896a6c5c4dc202681bb6633c640e3fd3b7dc93e37062d77b6a977411a92fb147223711a553ad23793d9c820e1fcb147bfd9b12a8c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e7f3f14a0e4adaafbfd646ff4cd02faa

SHA1
033aee17099d03f90a14888f0e0593002b6a2772

SHA256
06ec431a64e779152791c3aeca2697bbdfe05d245fed7011b861863737ab63f4

SHA512
ccb5acbf8e3a422480306cd9a73cb65292a795a7f9a27757ddba0e413772cd6c78a334138a7304ff441f272aab9f1d5cf5fb16cefde9cf2a54d61ea3909e8883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
73042b54caa04766f401cb0f7fe2934f

SHA1
0afa5d0a27fe5c6fdc2714daa72764b8c81465e2

SHA256
abc51d43507dda104963e3aabd6796cc5d914760a773b8533771d13163ae4f57

SHA512
2668c36b9a2b21a01c06026da0d072bed3664aa1a1f2c5081bdb23259046e3b2cdf10b30fb46b8713ec08adff0e1d1acd0b7ac88ca85860a9cb50ff957c5d655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d45c23913585724ceee12e0d1540baed

SHA1
fb3447d02b041352b97aaaeec8db491d23d7621b

SHA256
cdf01e786ef81e27d131c3c52aee62be569b6e3f2508249c12c0f0fa64c0db70

SHA512
3dfc6f42e31833d3c028ffdbe0f2e3786eb4da8040f4fc12c09290f8899cac6d63c5cd122855b7dc12434685c2a7b685aa6cc5660a9d4a338f7db69068edcfed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
5b4bbba36dfa16d474261e9bee0817ab

SHA1
8ad03825377422a51184f6d387626f75d5a03350

SHA256
993f04c3bb695f97c3fd8f8e96c3139a3c53084ea2df22cc652edc26f851acc4

SHA512
21b6302be4a9e6e5b9ad9b7e5d707c025a4b554fdf19ee169f19da36c816edf66a8d619d2da5ffcca6e57459b838687f229ea02e75ccf4868b9669b5903f7cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
9fe38035e3da07146159c1a0d328e89f

SHA1
4fe843653bbdcc5dc63a653926157429e6ccc6c2

SHA256
76d35f75912be8215f281f4ff5d79baae32317f7d01959c4227ff1529d86873c

SHA512
18f1d4df14367b7fba736c7eb5e6a08368ee399365d137c0d70dff977b7a406b2d0fbe61a0a98ceaa3bf231cafda6b1fd043e9987e5dd6a4bc2f4aade18c5911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
55d611b5ad99a167561bc374ae54f5e2

SHA1
5d6fff9a4c3ecd4882dada961cd5e6107dbd963f

SHA256
6b7ab513e36900d445919bbb86c39f272f560b04a44470f17925c25d94fe5b3e

SHA512
03227c1a1b1d15b669b1cefad4d05f6db16a069ee4f96b24f31e8f5bc129a92cf0b5dfbbb2cece713a9cdb58e3f58e35fde43c950f9005ad667004895590d92d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aef569c1deb5d4f0c5854b5c7687c35b

SHA1
7c21df664a9c34008668c03e44b0bb5136405fbe

SHA256
0cc5bd85abdfcf54c60a42566060f401df75681af8d65052114412e1ed1598f1

SHA512
bc4a3aeac0fec05703e7cb8bedd133eec45ad7f358dfd698485822c7c0c590885df2367e6f02e36213237889f0b3d272d1fe5d5a92339bf7794fa2d22c0af206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2187dcf576af9d667436c42eaacd7802

SHA1
14176998769fe8b7d8032aeb636ca76e91e89aae

SHA256
27bc8b9f43a4aa039f29aae8674c8c1b7d5afd401e26a6d3d1c21f8b044a4576

SHA512
a619afb343fcb12b7aa66dfcb64a848c07c5ecf5b7b2f159d7afc8b88f8309ee805b9c81ab3c0a14b14efa0c255b606bd229c8800db00f812eaff47cb60e176c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5a6595dea743df7faf014a336d9ab70

SHA1
7c8757b196dab68de2a762bd517dbe4ea49528fb

SHA256
aeaad79d1e48666bac5d74e3d4f2e46f87c54be80fae38b5e6604b20c80e2f75

SHA512
f4bcb78889c8c46b6c7d6f9300cd40823f29825754c10c19c2c2dc6b9b699f9ea853bcf147a7787176fa3fb9e0648942b583a64b5f07604a0295f0945523affe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb7b2f7b1a66139d0e100facda4951fa

SHA1
d5653b3e16a051a245e5245634be41a803e82502

SHA256
4fee1aad8e2591c8f564cea28b39087a15c99c66c556be767430b8198094259d

SHA512
7ac2c78f766a8b22372f8d138b8e9bb14dfb21916e4d6e7698d3f4a337df64e9db847579198c0a6eba0eb377bf421573b927df37312ad9f9e4a90bcf9bbe5805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13dfcd5fb87d35c4358ed2baeec82a22

SHA1
fae8ea864c13d96a81c788447fd7f98eac1569bd

SHA256
bbaf1ead2fbf8794115c9b41804e112d232ee65fe1495a917003cf56e6b8d782

SHA512
012bed89e6dcca342643d3b654f29eb0dd6e91a3a7bd9b95b405d7cd98405d6c1e1d3ab7104387a1d2d1d17c4a9f1937784cb4eb50fbbc3ef0e5519e041561a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab8f5e99bd3cb92b2b523a7139335ac7

SHA1
fcfa11b6b1bdc1eb986b537cd335285ab0d8adc2

SHA256
905c0ecbf33b947d931f86ea258bd3afbd78c6909188f02b78882c333bbfd6ad

SHA512
60db6e22e24ec57c13d00ef46460c1415f91fb3520e8f5d16915b1cd6b3828669f0d65aedfce6102acb24b336c087bb09c80c9daf2423ebe5f91d343048e2544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
8d63c3bbb55a94e77ee8eb0ffdfb2260

SHA1
54e48d5cbffcaac2ab38d3ba9cf7a18b03a7c0f8

SHA256
9cc4fd54ab1e18f0ceab6bff4fd405b9fb55e164c0bfccc6620e335629664f17

SHA512
ba8cd4eb84850ce012afe958a0ae77f2f22570f586a3dd99223983aadf04d626c48d8be8a1eb2803b743155db17cdb53006fc0a0e931db4d300363cedffa826b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358887359153351

Filesize
3KB

MD5
4527800df7efabad36e2dc943973f893

SHA1
877f9192af9d991efeb20b757d1f2baf62f10db9

SHA256
b3b5ac23fda6081f2fa1bd58ce291522b2eee668c3a79a91a1a1f71a45fec78d

SHA512
b94ed9e0d15b1a51eacbe97554d8bb535c60f3c57d5edfc5685dab33c7a136cca8b27563d3b9bf5a2bf36487b92fa56c2df06b2aedec8faa6e74d72bab45d6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358887359355351

Filesize
3KB

MD5
d9551aad87d78258eec288edc914cb77

SHA1
1833c049cc334566bc249bdd24981329fb7baac2

SHA256
b458d04a6faa5ddc6221e78dedde762e6aecd3114a2817990e8a5d4da69730b9

SHA512
e6602b2d8c2e80f0e7aeb9f23ea35b1873bc52a5af5723b9e2f1ae0b6bdcc7c5dba155e331b9332f256af46cfba9eb7e23db2e762e11c05ec2584224da6848f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

Filesize
20KB

MD5
fca621466ede4c2499ecb9f3728e63ab

SHA1
3d5d4cd0fa702371f9d1a40e72e1fe19d194a3c4

SHA256
c6dde84fb40fb69d1a6637fe6bf781de51a4c24e45b616e8f97afd3c6fe200b8

SHA512
aa12ed8c1ff85af4375ac80d7fe494d6f8a70ddb3357c186a0c1ade9bbcc3efc3de5fb0ad4b81eb2ab9bc916b6adf8b76c30203f78e38cd00af5fa4ccf3e3760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
f7505c42df3eb3d4de7c175252a64a03

SHA1
db119558ab66a2c2c0fea2c295ab1ef1b20130a0

SHA256
f2f9e1b70cd48624f2e618886d3c608a71877c67b5e70e054635cc1918479177

SHA512
58664c92e732d8f87138927684bb52c2a329a192394094afdf219cfa7da5fffb26dad4bb076cca2c7e3f243770067940a42b0130d390678c19d97cfe219529de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ecae21c2b7ccae41070cf504a6314958

SHA1
da0240656a813635952c502b56a0950abf2e0fd1

SHA256
c07bd6ad3c704eef2f31b099eefd409828ede57b2fab584379b8be214646a882

SHA512
23a5950ee0a7f9cbd42615fb730f5d686ac593155f27177ab613f8821160862d0486bbde9ba3540a383a61c77546fcdee5c335a5bd1e76ae5285e2a1cb8153e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
9598cd503f09c6999412fe423f438a84

SHA1
251a85f6029b6257726025707b7c03f6ef1a1041

SHA256
e2beb7697c015ce33cd133a51b598aa2249a9a5c627f4bd03a13cdcf98a8a464

SHA512
72e942a6488723cb67fd4f03829823b47799c0d04d8dbd934b1eb863b687c7cbb48cacd8a3a316c41a039b2c8af62f546452352b011e3fd502b428b24e0f511e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b649a2de-ad0c-4f19-9d89-0ec2cdf65eab.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
0c63f67c9d59eee6dd10219ce7a97683

SHA1
854b9521764e98ea52ca3ff037ee146ee210b6f5

SHA256
0a3e9897c5dceaec6675be4f54f70ae808687bdb0007383db5e76980ad2fe418

SHA512
0d8d822d0d4bf2673b72539a684a31b285f8898238696558bc95909c503ba6ed6b8479c5aeb0e30a0bb17440c48664bbcf63eab8d0e193ddc7b6cd0e18431f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
0150675b4480814a8272706df38afbfc

SHA1
85eeb9a068294638e283f0f932c6e45d3afabee4

SHA256
a80e6510c43e22b810169ec4849cb3665c12761cdff1c76faa9cca5349169de6

SHA512
24afe6fe5d68071ec1518b4767935306b7d9b53c52e1eec73dce2f12a5b98e025abeca711315eb7bcb33e13cfbbc1ab07af13c08996fcbad36b486ca547e556c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
3538f8056f9ddde9891b99896e06cd12

SHA1
315a65ed0fd948176ca1e83d15558df417b13019

SHA256
3ec98fd9b8a6f426ddd97a02dff1cf9935c6430aa434228587f02cfb8efae571

SHA512
d187df3e969a06df06c598bd35ae79d2107659218e7a9c4c8d78c66aebc9f543b55a61bf8465c42d9ac6458f7d49ca78b89527382b73f17530b60d4e6dc83e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
7539fdf69af704d495ca031e1c946c35

SHA1
9dc1ab225e3b8523d944f8a10520f69e1cf3223e

SHA256
1cbccf6363b8e963c912208a3f2331e512a00a183e615bae75fa1b9e1c0bedd6

SHA512
a167bb8f5ee0eca0f1b2ee7431efe68e0c8e30e3d2a3e5ff9ed22a8bd23ee6105e147008db3ba4ab438f1a720db4dca2880074d0a2badf0571c2cc4623ae029e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
a91a8ecd4141a8d22fe341e3883f64e3

SHA1
cfe59d4d06a3ca5da12945d14bca66cab4a02a3f

SHA256
a1b5420a7d7adead6cdfdeaa0ecb5ff43d28be79c1a9d410d6a00d38d8dbc683

SHA512
b34644614a1e93b5e7118b84338496fad56970e89bb2815082460aac72fed6e331fb0fa704cb8ab54ebfded951f455249f4ad5c105248ba31a1ea9e337c3a732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
77f59544c4a23e3027226cebc334719c

SHA1
57c94c73224eb6316e698c2cd46325883a6e6e99

SHA256
90e8be6154f8bfcd03e66edd6e67a36443ca85dbfb24cc3236e8e912f780b513

SHA512
fb6baa3e8e3e814e049611669b5288f07f7af37ffc96cc46a33fd53689296875fecdd3e78833dd0e41ab80b8d495d88a364a7df060aab9db1c593a534672bf5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
bdcb33e83c9845e4e7c2cd6f65d1cddb

SHA1
fb9d29f2c2cf38d7cb3e7ffe415215ae0503c78b

SHA256
abba58cadc638b44aa374eeb9ba086977706bce2e1ea6004d567d05f8dedd4e7

SHA512
a473394b0a488f07cdd1ef46d71e84c2d5ee11b1e049d79a9b28fb3e88ec7657a2f30711656a73095f440ab8704b9e7b34f9ebf56ef7f9427bb81159c94a5215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
73961c682141139653e89a4caf9719e7

SHA1
30214866a60c2aa834b5d23905bd84d0e8397cc3

SHA256
725fe00b16e12de83371efc3ac019e6d596a4cd5f6b809fb358c9d0bd2fd53a9

SHA512
33bd9ad8c8753cb35a8ca57dd4ea84dcb0058cefd3be3dd8b33c6f46daf2b68de333645676a2688dddefc06f75e91953aa9526a418557ab42631585f49f10be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6103eca53ff8ee9565d404822cca9e01

SHA1
bf210dffb3b8dba301256ed462b9fed30f9db6e4

SHA256
27612191c8d11222f80f6ca0632b1a6213beb2fc06b931acb3739954ce135224

SHA512
0fb8a0935ebf45893e37c63d20034bbd02eaf1e30faf95de984a880f82eb74bf74271378219ab372f64e7f225cf63399266f2be8db7d222530a909927e24cb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
2ac0e9550a06af37db2959aabfc084e2

SHA1
1949433519c9d587f66d317018a2fb2538973df9

SHA256
f077596d48d72f781d8dec4803c6b360e0a6d193758952e70a8a42f309595d91

SHA512
cc943996eb97d1f64408d9c66290e65d7ca499d318cde1492afe46e461964fba97b3c01bd884e23b63870e3808682f981345de7eced62025ca2be58d5d82a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fa265ee3b43b6c777cf58411df6bad5f

SHA1
8e625c77d10960f01d2a37a1606438c0e142775e

SHA256
f52e97280593d142295f2b81b156b4c20e74a3a43526fdb4808abac2858e4e4d

SHA512
788eb6f7563fde319d039918276aac9dfdbfe6375b8e1e1dba8f7aafa4a55d10c8fb4d3fc58a8f07cab956150028b1a9c64a1ad4e7a708f563f162073712d076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6f40cb972534c7219cf3daad33f6f874

SHA1
df68fe0c35e0ff3babd92828a37225040c1a6611

SHA256
0fe8ac39cc5c60c81d84c6a6217e2db75479b3976248acb9da52ada2dfb717c4

SHA512
a809e593d2cc6e5c852173ea8f3d056fff8e0ef7d13f595a7ffcc6589b7e3ffa27cc16f1e64cc81a078c35ab6877f5b091767a1f64cc2b58f05df333b109a1a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e5be49535a77b4e9886b111bb4a2f059

SHA1
1b4589ad92ec7e35ff1f31f4bcbf4901e01406c9

SHA256
36817b37c63ed27c7428058d0fa6fb6a0792dc49584708e45f953cb0f66ac80f

SHA512
163222c4068d9199fbae868d3a9e9cd59e8490145a449b53613858e64323021269aa696e31a570127de4c56b1125a9875bd8603ee5c57709bd823df94c356e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
fe10f28457ebc2271b8d3859083ba37c

SHA1
6e3dd7a3aafef6a82952fd87564bb03f3e2fa1d6

SHA256
dfcb5891b38121688508b7a4f1cc320a75fd9619aee8ad67cf70f5900a081db2

SHA512
7549dca489a243d8d7e6c63049de07d59e9b8beda1cce70ab105c70056dc749300a6529c23e25a098fdbbd45c1507b24742b5782644a37d0d2d01bc8776fbe9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
1b6a090501244196630049b0d7459e77

SHA1
61c8c959ac7d02be1d313b1a9f36fdc7c90247b9

SHA256
3ddbfeb7a6442e20554764a50e2400b1479a3909dfb36ef783d098a46bc946bf

SHA512
a3c758c55d4b5ff7889f6b46db296ca9916e4c2576a7d978cc06efb98570c37991c37411adb66808a9d001a53d13bdfdc5ad6dc7340cf566807f8a470c415c3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l594d31n.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
e75a697656dce353ee7b7d979761323c

SHA1
3a6590067e4ad3a0cdc85dd21162aca8fef63d9f

SHA256
b77eb80be3b473e05c965d45e7c9df528cad24db82770a348747c6e9804b7b98

SHA512
f34c5a55a0548d9f0ef3bbea4dcb956af36742693b9a9a765bc7756e5cfb6a9c4505a049d2db259198eff3f20bfbed5acd80d526d0ae7077a9bdb8902716a518

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
3e8cac36859dbc1b654c565cb4188ae2

SHA1
ac6949db67d196eff2521a85a994abaf7ddd0144

SHA256
af938a094eb76d201eb79d60b40173915e8897e7360f2ce7a327ebfdad64025e

SHA512
3f840fa99cd415db2e9c6236d9de4e16408a3bf09663765116d38ba7624c1555a23e4a15f5b9c528c6567488353aa009bfb44b9669e0e7aa4d7dce4a8e7984b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2bcec1a53b018c42da44ee32d33418f8

SHA1
0158327264dfdd3ddd6ebe1a8076ce0cafa8dc57

SHA256
2c2efeb5a81127131e41558a11e5a499e6197c965e61a04942f03b698362f3dc

SHA512
284334dbd1f7fbd834cf78e61aa5f61c2362d2fff6a3eb4de9d236c24ca84bc2182d785d1764c97c41de95f1c44d0d39ce3a5142a8470c23de0800ebbd7784d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7286440ed89c7e91003fe2d48c7d7cc4

SHA1
064647d07fb8240f4577a47517f6562138d6459e

SHA256
acd13e3ec525f9bd929c3a079c01a617cd58b05e17f154f96f6a8fade6b14fbb

SHA512
5bb76821d29d11fa8d17e35ed21f4ae2177ea344f85600de68bcb163f7c6e65a383e7008799e5c4c95a4a3c1bac13f98f01e76ee055db0573a307c6369997fe3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\282d5e90-51d8-4a7a-a214-6a5626d6ce4a

Filesize
671B

MD5
fca93d4f5134fb267ab8585e3a920580

SHA1
0dbbc8db5e9be9d82dd8cbbd55c375b316d6d6f6

SHA256
fc803d546fdf07d67306bf485dce1dfac1f139e229658dad3ae6a3f0cb420b3e

SHA512
63bf7f52c1cb3c958f60525be8ed02ba458193d84a68d99cfbce698f4d0e1ded6c5bcbb4586a1f785abd4e7ff4aeb55ac3d7e4824ce6e7deb21326a80438a4ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\d66375ef-b9ca-49e4-84e4-63e428871170

Filesize
982B

MD5
b3a1bd29fc854dcecc95eb5485af1591

SHA1
d71ae36e69038050a62dfecf0ee605fe59160c13

SHA256
d3364f6b478187827e495971de973f0c96f6bf87684dbb1fad31b6a5613b0fc2

SHA512
a319060ee456a64a0e074a99a342c2cd12ffa89ea86d01b7b5efb183cdc5df088b1822225307269495001fcd0333e992d5ebc116cec46f7491182c85bad67697

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\f46b23c5-e1aa-4e56-924f-2a9b019b1712

Filesize
25KB

MD5
0bf321f24a7fd82d69e01a0d60a41c7b

SHA1
76f47b92fb7d71e02d5da535c4ecf21ec7b5f6d2

SHA256
f0d5d7cc18f87e1335d7cf710402ffd5a21960e743f478c1b5fc6e2767120a4d

SHA512
6d4a320d844df4e20dcf95bae61771c3f4ff21ae7f628b7bd00909ead8bc06fbf860fe97683f5ebcf10c9a0b86e4738877dc3c3e7cb287d97f619ad7215c84f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs-1.js

Filesize
8KB

MD5
2c85ef281b15e7828a82b306848e9696

SHA1
6664f6e9cfcdcec0a5fd3374fb06742179a8aea1

SHA256
7a252c41543b416bbd48ab2129b222c20daa56622ccfddb0c64f6be85dffe16d

SHA512
d53e821b5260c165302ed5226281302748ee19e6b72d50edf0214f0ebd95b59b096bed31e4a640ed9105d12e652be49a3f77db797a21454638fd5c6a61886ee3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
31ad6c5ae3ba9daccb53926ce186b20b

SHA1
8da7b7ca8a15203d3597b8f4eea67a9bba41dfa6

SHA256
c3cd9a93d3395ba5f57657a6dc9b2d61a3023e4aaac83eaab115434a342ec49c

SHA512
bb998b8af449985c5bf6ac576febac59032aa4769d304ed3744f3cb205bb0929c323c123b492dd6c95c616a1fd1c78f3a21280a79b2e1e7e9d5e77a877ab3c2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
6471d78ee686d7d68dcae7b2f3c88176

SHA1
5d0eba23a6e6738f93f943f283538af00fb24377

SHA256
09fdb554765ac644bdae8e35eed996c21cb60471729bed7275f033b42d5d557c

SHA512
124d8f80e9556067b962e7c05b67e99d0726d6fe67494acde928c82b3d1dc9d9161658856b76acf38387f3415fd72223e01be2b34b8dc9073c754ba787cb27a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
363370808961e84c2627cd0074f6e72b

SHA1
0a41c05864efef9a78727b6f5556ed28ea3231a8

SHA256
cf1ad2db38dc4b03fe3fac060e8222f4f3f84c575e103b0118f71f124ee93289

SHA512
ddd03a3549e6b0a97fcd24cb861298de230f8cc19b29f10e361e1d27a1c6854c359288d512139518121146b3f7d407c2db07073af3c73fb5cd8f1da9718c1d21

Download Submit