e04bdafc01429711c069136a2caa54cf8b20d2cee700e576569de57f09a2f3c6

Resubmissions

17/06/2024, 15:23

240617-ssg2ysvekg 1

14/06/2024, 14:59

14/06/2024, 14:57

14/06/2024, 14:38

14/06/2024, 14:35

14/06/2024, 14:33

12/06/2024, 15:02

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Run desktop apps online.html
Size

704KB
MD5

635f65de088d30a34365421858161354
SHA1

c974e333c2851cc4e54132f0d5f4b133e1d2f468
SHA256

e04bdafc01429711c069136a2caa54cf8b20d2cee700e576569de57f09a2f3c6
SHA512

1d5dcfe9478960a6ac174c1b9d0c304f4f6dfbb725aaa94e737fc5155db061881c4c887d82cf8c327f32edd53af943b38dcb251e4eaac964b535a338b01656ef
SSDEEP

6144:BwG+iY07vK2VAB671FszYJT1oj8lEKHZ98eROPx0yFTpM3vn0VuFs16DFktUAY5C:BwG+iY0ZR8OyFTIu7oGt

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{B891053B-3D3F-4229-A00E-FF55CB432587}	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 598869.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 890165.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 496942.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4492	msedge.exe
4492	msedge.exe
2692	msedge.exe
2692	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe
2880	msedge.exe
2880	msedge.exe
1576	msedge.exe
1576	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
1028	msedge.exe
2328	chrome.exe
2328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of AdjustPrivilegeToken 56 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe
Token: SeShutdownPrivilege	2328	chrome.exe
Token: SeCreatePagefilePrivilege	2328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2692	msedge.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe
2328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3440	2692	msedge.exe	88
PID 2692 wrote to memory of 3440	2692	msedge.exe	88
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4112	2692	msedge.exe	89
PID 2692 wrote to memory of 4492	2692	msedge.exe	90
PID 2692 wrote to memory of 4492	2692	msedge.exe	90
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91
PID 2692 wrote to memory of 1136	2692	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Run desktop apps online.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb08546f8,0x7ffbb0854708,0x7ffbb0854718
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3584 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1908 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7191910654444499138,15676949113834986807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:5948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffba588ab58,0x7ffba588ab68,0x7ffba588ab78
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:2
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:8
  2⤵
  PID:3560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:1
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3996 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1880,i,9865130792488061395,949656413378589163,131072 /prefetch:8
  2⤵
  PID:5300

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
714ed6c6c6d43b2173ad8a4f053e777f

SHA1
6beb8b953b195be1778784c0a467a8271cb1eb9f

SHA256
7cc01d0fc6ed0749c9940f53369d226570d624c8b1d50ac9f627cde22014f31a

SHA512
c1f0f9ec610158b4302a62d9d2b9195dd075ac19d736ee98d4ed7b56c565ad04586c57172d47639d935773d26a8f5352034e8c287d911cb3d5c88ce000246765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d13a0682f449a334f1d10e4e95bc87f0

SHA1
7ceb7d60e20d258798e307902b74ca284a09ae25

SHA256
78f84b79eb3fcbe4c43f664a22aa7286c77b9bd8c3dc738ea1dfeec464482617

SHA512
170833252db3138604e1d808c238227f6962b0ac5b5f0e1ac846b1ad3da03567382bf8ccc1eed35f740a823f33ad17ccda33ef1d72095e0e43f1948c2dbc27d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
970e7bd0ee0cbfb0716939af66031e93

SHA1
5e185ef283e338f6e989d81ead2393c052dd9daf

SHA256
9f9013d97d0f3d4de30ad7c71be8b0961fa58dbcf653c63bcad2fa5928207040

SHA512
56168db98805b8ef59baa8275339c5f6f680bfd9f327bc5908a770c37e201f6cd267a070380c4a6360fea1dabd68f20b3cf76a7377a64888c0810c43c549471e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\570c8f96-277e-4327-9174-cfb1f74b8d9d.tmp

Filesize
5KB

MD5
730a30a0e05583795bcea4ecc9a45944

SHA1
a1c986303bb06bbfd3e20e02de6ff45844b3bc0b

SHA256
9b30ab7b1c88e37305a58b1684a21f9698f465feb3ee1e3d0886b19337601dc4

SHA512
decf999a7df78792c9ce10cd67152fcf540948329c538845d7875818771186733611bba87c1e14eaccaf8c99f276e5f0de1e47f2ea82ab599958d594802a2dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
2c5d4af27f0e230c62198ade697d92d9

SHA1
325d8f28b44c70726baa862fbb4ede8180589eb8

SHA256
ec6a2d5277ff4de593b08873db1cd9d5b87793e1d6c7d579842255f29285f978

SHA512
ec8b16f9020211bebeab1a4cd10df2735525586859e6bebcb34144012d4c64b3985e291a4a142bb9d18b7fa7a0d3f2d3b0fcbfb2935c8454afc134ce987d3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
2fa413749c8fc80fd915111a499ea6b0

SHA1
cf9dacf2451cfa462d573c454c24b9b209b31faa

SHA256
411ccb79eca67e7f61ee68ff2d0160771ed049590c35a747d2e6341eae05099b

SHA512
e4de0203a3680d9d694b76379e5c82549739ff51bf783624ac73bf4b622c69d08c0473de7f7d85a33c80354bc507d5ddc87cc8b0643e22cc661c4537711a705b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
57b0be737bcc15c1db1fe1930d6c4616

SHA1
d917e5c80c307ea8e77f0ff33fc0550ee939f471

SHA256
3f333be09c028ccb2b4d6a6a994f6f55000c220aa164000b8257084693cdc5f9

SHA512
5100834421de2327292e0f84a6494796e67d4894507299c48b1585d8fbdef2ea0e30e1cd866d9992aab3ba0fb5dc6eeb20f3543841b194ea3ef23d2f69afaa4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
92KB

MD5
374d993efeef5b1ed7b0954004b9d867

SHA1
06b9091f7efdb8d302f44d113e56ac23e0acb366

SHA256
07cf27f60c573e412d4cfe404efbf27050f1cb323ff605cc831ec678fa705c0f

SHA512
4aeea75dac1d6ebbf2509d5fb5c2730a77829e343f569ca42f56272c8733bb2af65fefaf014748240fea717865a90d36aa6b7dd2a6646ead36e3b6df7c38cd6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
19KB

MD5
f0c0412e4f7e8ebf6e1c8738622abdf4

SHA1
7e5433f4d55ff103426fde504031eea535b3d55d

SHA256
a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de

SHA512
5d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
19KB

MD5
bb30ea3b46964f49ba85f475efd1fb6f

SHA1
1bb4aae7781af8b933e1dd4dee56879a3ef92d38

SHA256
7a5bfdc2463dfde6b169ca4555ce9f5a0fb21c15c3ac807967590df27dd800e6

SHA512
bc52e8de4712d416aebf1d403d6ee8dcb6386a93dfc6727613af487f73de69db90913a9e9781660d8dec121d720ceec9c84b260c76f0f6f565ae80967eee7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8a5f9dea5e7fb45007ee10d4a8f617b4

SHA1
408df2b87c76e567413a2baa4f0b9876aef60ae7

SHA256
a61cd41e8c7ce511ffd40faaf5c9f13abfcfb203a93505892b911f715c69f618

SHA512
eacaf9f6fc9fd102613ab811e6bcd2ff44ad9f112a1f270ff8feabdde09df2e5bc2e302fda98040730ca47fe7845ac8b55837532739b61e91c106eb8cc7c2dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
208ccfdcf23ed87d6a10ebbb0c7e5342

SHA1
06eabc486954d32b82338de5eef35335dab2c2f6

SHA256
863315083797da528a92ba833b3d020a77d64a9cac23906726009a25488234e7

SHA512
951a838f520b05db045cd5e1ae59f9589c88fc4270a7568f441199fbb4c9d5e6095ebf62e6127d36d8c35932943cb6f1bfe1cf13dca5dbdcd749c21fed600d1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c29bfb299f27074e9e3539ced804f326

SHA1
cadc43a7326501d87cd2bc1f6a91e65948db9de8

SHA256
5ac479cd2c96a72532904a298007fc667f67849588f07e543e612181a7501118

SHA512
721ce7479787d3548c35b022196ce250f2af8e04331e6519e67b6d3ada6ef22f583c27554d16d7d053305a8bf29009c4271d97872b722c403988b4e5be6bed23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
eedb1b7d432e2835e1f6815c75dbe531

SHA1
455f85f2055e52eb6159ad3a637a1e73ccf93dc9

SHA256
bd6eaa971b7383bf9708c7dea4833bb9c6891f642ef59c018d926b3d2c3cc308

SHA512
81a95fa35952897e2833fc94de6b38b3072644b267a73aa3a9b1883ba45fcbf8fe8429907e62ea9f11950ff5dde13a481cafb636b9d4d6b0ce508c02387bf49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f76bc27f50e44b4072e81817615a3ee7

SHA1
abafe20bdd371fb6adf25d843d51f8794dbde3d1

SHA256
8d4cfd1324da4c30bde95ada82fa5a24148f9432ff0bd951bdea38cb3cc2e8b3

SHA512
44d4483f9bfef5bd4d050ff6a65f7a53252bd4d7476b00484699a7bb895cfafaf8b341f1cfca976918beefa1da5f5156503700ac14cd9d3ac05377607870ae2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
10ad5fe81710fe491eda3351eadef60c

SHA1
f2d0a3a7502c73201730eb7fbd77ba665a499583

SHA256
ceed54bdcc24b2c12054884fe7e806fc3fd0eb88e1c6e0bb02981c005f4e3abc

SHA512
862cdfe3d6659b3dc84a78c91012cc4f28c9c9d8324031dfcf2c67fc4c736e8af515da390a6c18af41d95e548798137d4f9acb3df6ac5377cd026a5a202539e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ced54d4cca88aefd86c1d8267bb664ae

SHA1
e42441481f7ae925eac8385dcdd5518e71a83085

SHA256
211344fb138e3bd8615c50c3dd2f48a5bce675be3d050d6e0a4f165d8299881f

SHA512
dfc8c556a39665e4bbcb3e9bd61672f7b520d3d45f8f3fa6da3c13d169196a1c62c0a5d8b44a7d75fe2a1dde4f5e888a7c234140a8c54e3504f69138b92d5c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
39a066ca97f4ca14266a300a10a957d3

SHA1
4da54c9b7f150ef707788a264aa2ad615b537a76

SHA256
ae8f1d303e1f633f60070d46fc3ad489c2ba578a1391146d84caef926352a6a1

SHA512
949b7d5169bffccc0b7623e074fb46f3b77e21443f503c292674c3c407c83b51f7daa79e0abba00d4a2dbebe2094e591f08bacfcc6dfc798af6df32d61583fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11d1e1c67838e10c1e3ac19056072c7c

SHA1
152213fb45e14b723c1c41acb77fae228316e7ca

SHA256
a5df4fb264602435a0b2e64c54138f8a7a98c20eec500545de9ee97879f3dc1a

SHA512
2f5e8b8bb34634d7af48ee8798a311e10b98aea23ea7ef94b236a9a60f62d78b7358eaeeb118346c09426a510fabfbe5a59576893d13fc16b792b1355cbd9dc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b17891d0ddb437bb5705968a33f740d9

SHA1
1421842ce4a1f24dbc9dbd3a8269add8312a751d

SHA256
4b6ba5e47449f28c91580765635ce00176cad6225250d1ab29ac532597a83e98

SHA512
2a1b40565bbb6d840765c49106ac36a72eda3652aef9d08284664e7250630740a33750bd43d1297d6b149186148d7cce2b83f20303b61dbe8ba7a09acef3fae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58b9c4c3023134e2cd1db74d3c16e050

SHA1
7aeca6c2732ec5be930889f0733ca38e5130093b

SHA256
a3dd163a6a594447f435e4e1708299539db5069c1ca330c5265c40f9ad9c53d2

SHA512
df4473819cee8e7298d7bc672f890ef32bb7496b0bbd40ae39fd075675b5d26256c30416992457f6aab4f19233e3a7c0c210eeeafe5e15e45a5858382706403c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f051485667fa51e8e6b46131791cde4

SHA1
250ee1f536cc0beeeb209daab43b719a782fa6aa

SHA256
a07812ed668aadcd9a5cf836e43ba2ebc550918448e52be45a51a3ce1d3e6e07

SHA512
7f725f82d6daf1022a7edcdbd60af4bced44333c4b5d6b3d365ad43614b65e447a3e6ade01650e4958b878979a8f17fc8c25af8a4828afc5a29670f111d232a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9e03f71a6e1d42bb337447f4fac7793

SHA1
59960bf45d6537fffaa0cc554fbbd5a3f60304f9

SHA256
1ccc42062c6927cf3ec19b80647de8805dbe0f8a538546161ba8008280b0b04d

SHA512
e2992d7d409b05d18105b4f25bacef82709f3ba28387b4f765420ca7ff67ca6298c9247e4e59de07b397f8719210ba6651e3642d8216aa3094cc27ff9ddb7e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b5e6927556376dcf4c4e4a02a2390ab

SHA1
7717853408dbc1f9e1103a62d4dbf74774ac05e6

SHA256
02ba2fb87da78a052597efcb11abc94dbbaaea08febca548bc3af447e7ea025d

SHA512
3e3bed25d44fd63fa182595019bfdb594f2ee9b64c9c89124ac2e1a820a6568efad02f62395260873f478f728910e54e6419a7ab45e9006e9aaec5f6c07250a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
1baeff70c5a0673c01bdaa2e0ef65780

SHA1
e46a130a3768a11405b24a343c746606a3beb819

SHA256
b63c2a28ccb8398d84e54dee0ba48520c0dfd19426876ca9dee9a32b88dd4c63

SHA512
67a2be913231ce6414ee2450913108860363cd972935cfbd2fcb28666e10128c8eda746cfc4ec87ae356ac637829f1fc254769654acf01fa009a8d19b68e7b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1baa2a66f10ce33b4bf5fcc32562911a

SHA1
eb15f3418e0df3b01cdd531d2aafd7ef8c66bab1

SHA256
2cf678578c38a11190cf6cc47dcc24edfe353a2f2072a678b322838b5f20e391

SHA512
5d209f7d8f2be24fe3699885e00ac579f10e809b60902eb8fddda2b4d63d530ba83ae7311e5b6157141c53ac1ee27bb49c09351cdd3f2516ae1e1aed22c79bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e9002e27422f73bfa92ca4a10e1e4a06

SHA1
b841fa6cf63ea7d1f0ddaa6e512349d1a5df837b

SHA256
b75dd283a2c348fe374ebf14f19f035bc2cdcfbc7360c6ba70d47e08be92643b

SHA512
9bf29731a4c28ecfb32cf91524f795162f65120dfe8eb451eb2871a3b0abff0618ee18babb522cc4ee6ab5edee092fd85def1e7870ab7dfd1215d853857c2cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
744928d8b2a1b9e7b8eabe7eb807f8fe

SHA1
5dc6c7f78e0b1549a0bf6f008b28b62aa490879a

SHA256
1d5e56bdf7106ec680377c0d6ff6f00925605f50a6f5a660cbeb2eac51854760

SHA512
3ad3d107bef37eaf4df4f48a2d8252a6ffa9e5877f383049e07a987f935f2a70c667d4e1c80381f17643eb8da04121e139fba3bb073beca1ee81208b68cd2ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57db3d.TMP

Filesize
203B

MD5
4e25c864454da4042326385102690c68

SHA1
d013377d51b3672f0b3a540084a8cb714a3e23dc

SHA256
afb48b1e9ed7da3cf9747e86862762c31ff16d76962563629e1b0e763bccc3dd

SHA512
040ff0e4b08e6b945d9144d65c285a77b4c2baba271e67179b9a89c0a6e0e8a3dfa178208a699a3a6fd5fe20d48459cabf9e76f65eca42d8ab8934e23ad13fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8d26569da0588a43679921bd3a603c1c

SHA1
1760b421abaec1825ed8a4b8de37a40bbdc19762

SHA256
2ab115cbc2aae81918ae90960f90415742b213a55965fba1b451e55368bd2f4d

SHA512
d62bd4cc33d8e583b5f120ce7ef1560cadab412f7c3042a7fdbcf27026941fe0b6f3796705ac314417ff0d22231b1c3cc3462eadf78055971c17c54100bfa603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ba8f399d2656dff38be1fea1e398407

SHA1
c841234ff086b2232d84df1ac2685f749b9bf587

SHA256
ff246afcf566564975add12770a054e51a3e1bed5379005191be36e20d3120f6

SHA512
57a0a10b7d990972fbda4ebd0295095f6a9e1edb76e8cc5a6d3be899dbccb0e739f176b6b25cc586eb2db3271bb53070a69c589f506958972fe6a9a87bdc0636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8cc3a064278303ea24f6a8f7f309e94c

SHA1
9f412aaa5594e20341c650feb6c70f4a2b520458

SHA256
9b36971d0ec815f3aa8aad54eaa28942133b441959f8658d4a59783080c307f6

SHA512
632d0629faa02bf85d42b1553c3ec501b9261cea228be2d19a5baa00fd449744ebdeac8b29be65f4041cb8a0b5757d6edac85b6102274bfdf292d54b4c673f40

Download Submit
C:\Users\Admin\Downloads\0a1fedea-a64c-4eae-bd42-5180c3ccb479.tmp

Filesize
5.3MB

MD5
ad47dfa7e98fe5a5be2d71648bf1068c

SHA1
dfdd94ae3d336d10743df41561a7f379d78108b4

SHA256
12c0535ca682c05b1a4a8ed9390493f1bb205b8d7a0f00c055bafeedff3ea26b

SHA512
00db8d6bb1ce427910786b7a596b5369f830ad35c8131a7589d5f9c85173bbf06b07d6e5b517c04f6fe85881a9fe0e13668c9203ff7928d0513e5d0c77a3e2fb

Download Submit
C:\Users\Admin\Downloads\Desktop Goose v0.31.zip

Filesize
4.1MB

MD5
eaad0961b52b14d9a323f092ef307d8a

SHA1
feb3aedf16432b063ff93c90623a865a1fd5214a

SHA256
e66264065923676807fd6d7b36f7c9dc52db9ef1c5399b2811738eb5e22a30f6

SHA512
fc42d2ed6a8a8efee0898236526dbe46218dbec657caa5e70bcb18433345d56a010903c155c726a5c9e117e1759cae42560e18da49d5bbfe4e99048fbd326330

Download Submit