quasar | hxxp://google[.]com

Resubmissions

02/09/2024, 13:20

240902-qk5f6s1cmm 10

02/09/2024, 13:15

240902-qhbq3s1hqe 8

02/09/2024, 13:08

240902-qdn6ls1hje 8

Analysis

max time kernel
664s
max time network
676s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2024, 13:20

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

quasar newoffice discovery motw phishing spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

newoffice

117.18.7.76:3782

Mutex

d908c8ed-ea88-484e-a3d2-dcbe66ac7cfc

Attributes

encryption_key
FD2DE574AF7E363A5304DF85B3475F93A948C103
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Client Startup
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar

Quasar payload 1 IoCs

resource	yara_rule
behavioral1/memory/3172-3145-0x0000000005B10000-0x0000000005E34000-memory.dmp	family_quasar

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3172	qNVQKFyM.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
1203	discord.com
1209	discord.com
615	discord.com
622	discord.com
1201	discord.com
1202	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
462	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\spool\PRINTERS\PPh4008q0okoo558r5e6qfi5q0b.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPsecd17m2d0zildgl0_hadhjob.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPhbz0a0ljtkads34mtm97zmdl.TMP	printfilterpipelinesvc.exe
File created	C:\Windows\system32\spool\PRINTERS\PPjx8swazcq4kmdlw08gfuom60c.TMP	printfilterpipelinesvc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	qNVQKFyM.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 56 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{144A0EE2-7922-4CEE-B29E-01FE01CDB177}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{FC805107-11C2-47D1-A31E-FD13C00377F4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	firefox.exe

NTFS ADS 10 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\media_images_kichajacyptoszek(1).jpg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_grubyptok(1).jpg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_ptakwspodniach(1).jpg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_jaczup(2).jpg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_zimowyptoszek(1).jpeg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_zlyptok.jpeg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_jaczup(1).jpg:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\media_images_kichajacyptoszek.jpg:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 159937.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 936320.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
3856	msedge.exe
3856	msedge.exe
952	identity_helper.exe
952	identity_helper.exe
2792	msedge.exe
2792	msedge.exe
4664	powershell.exe
4664	powershell.exe
2080	msedge.exe
2080	msedge.exe
1312	msedge.exe
1312	msedge.exe
4216	identity_helper.exe
4216	identity_helper.exe
2440	msedge.exe
2440	msedge.exe
6884	msedge.exe
6884	msedge.exe
6620	msedge.exe
6620	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
368	msedge.exe
368	msedge.exe
2428	msedge.exe
2428	msedge.exe
5300	msedge.exe
5300	msedge.exe
1516	msedge.exe
1516	msedge.exe
1264	msedge.exe
1264	msedge.exe
4612	msedge.exe
4612	msedge.exe
2092	msedge.exe
2092	msedge.exe
5160	msedge.exe
5160	msedge.exe
1404	msedge.exe
1404	msedge.exe
6932	msedge.exe
6932	msedge.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe
4812	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1312	msedge.exe
4812	Taskmgr.exe
2532	Taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeDebugPrivilege	4664	powershell.exe
Token: 33	3652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3652	AUDIODG.EXE
Token: SeDebugPrivilege	3172	qNVQKFyM.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: 33	6664	firefox.exe
Token: SeIncBasePriorityPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	6664	firefox.exe
Token: SeDebugPrivilege	4812	Taskmgr.exe
Token: SeSystemProfilePrivilege	4812	Taskmgr.exe
Token: SeCreateGlobalPrivilege	4812	Taskmgr.exe
Token: 33	4812	Taskmgr.exe
Token: SeIncBasePriorityPrivilege	4812	Taskmgr.exe
Token: SeDebugPrivilege	2532	Taskmgr.exe
Token: SeSystemProfilePrivilege	2532	Taskmgr.exe
Token: SeCreateGlobalPrivilege	2532	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
5348	CredentialUIBroker.exe
5468	CredentialUIBroker.exe
3172	qNVQKFyM.exe
6064	CredentialUIBroker.exe
1312	msedge.exe
1312	msedge.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe
6664	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 1164	3856	msedge.exe	83
PID 3856 wrote to memory of 1164	3856	msedge.exe	83
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 936	3856	msedge.exe	84
PID 3856 wrote to memory of 4328	3856	msedge.exe	85
PID 3856 wrote to memory of 4328	3856	msedge.exe	85
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86
PID 3856 wrote to memory of 1952	3856	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb757a46f8,0x7ffb757a4708,0x7ffb757a4718
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10982348327046047653,13494090886736787828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1192

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb757a46f8,0x7ffb757a4708,0x7ffb757a4718
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8776 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9536 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=11656 /prefetch:8
  2⤵
  PID:6864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10260 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11796 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11088 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10924 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11192 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10708 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11852 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10676 /prefetch:1
  2⤵
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12076 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12080 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10604 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10716 /prefetch:1
  2⤵
  PID:6672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10424 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8984 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1436 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10052 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12124 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12264 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12228 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=10620 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=10992 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8640 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12076 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11900 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=10944 /prefetch:6
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11908 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
  2⤵
  PID:6344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12072 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11148 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10892 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11180 /prefetch:1
  2⤵
  PID:6668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:1
  2⤵
  PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12272 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:6700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=10620 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=10608 /prefetch:6
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintingService --field-trial-handle=2000,8418302945965818474,10258047182924702196,131072 --lang=en-US --service-sandbox-type=pdf_conversion --disable-win32k-lockdown --mojo-platform-channel-handle=8548 /prefetch:8
  2⤵
  PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408 0x47c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5348

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6884

C:\Users\Admin\Desktop\qNVQKFyM.exe
"C:\Users\Admin\Desktop\qNVQKFyM.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3172

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6064

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:6284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:6664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f4a35b8-f771-42a6-aec0-4d720a0f8c15} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" gpu
    3⤵
    PID:3424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ab55870-ebbe-4df0-9290-396d1bde4731} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" socket
    3⤵
    PID:6544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3156 -prefMapHandle 3384 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87fe7ee0-15eb-445b-951a-e60d51d24ee9} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2636 -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 2676 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8b4a7dc-be81-4640-9a94-fd190a774cef} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:6856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4448 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4440 -prefMapHandle 4436 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bf7a3bc-0d5b-48e8-afa3-778409036e64} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" utility
    3⤵
    - Checks processor information in registry
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 3 -isForBrowser -prefsHandle 5520 -prefMapHandle 5516 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e869e2e8-a62c-45e7-bd3e-ba889bf3fc65} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5664 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {518e2280-8b8a-43cb-b955-0aa799f5806a} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:1804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c73b282e-a317-43c1-b9bb-a59300dd8b5d} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:6992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -childID 6 -isForBrowser -prefsHandle 3980 -prefMapHandle 3860 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {099fba6a-af43-498d-ad9f-d9a838e24b5e} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:3012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6232 -childID 7 -isForBrowser -prefsHandle 6240 -prefMapHandle 6244 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5bf99ed-9e1b-48aa-9e6a-52da37d8cbd9} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6532 -childID 8 -isForBrowser -prefsHandle 6568 -prefMapHandle 6264 -prefsLen 27401 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ebd46b7-b743-4d1b-a7da-55b15ec02ca6} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4328 -parentBuildID 20240401114208 -prefsHandle 4388 -prefMapHandle 4384 -prefsLen 29720 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {137f2ec7-4efe-45a3-b7ba-22e38c6da309} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" rdd
    3⤵
    PID:6288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6576 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 4344 -prefMapHandle 4376 -prefsLen 29720 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70bde6c6-1ea9-4d50-8d26-a32baa6ab1e6} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" utility
    3⤵
    - Checks processor information in registry
    PID:1696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 9 -isForBrowser -prefsHandle 6976 -prefMapHandle 2772 -prefsLen 27728 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06076c6a-3349-4558-96a5-797fab47c052} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:3828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7240 -childID 10 -isForBrowser -prefsHandle 7228 -prefMapHandle 7224 -prefsLen 27991 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cc10f06-d315-420c-ae3f-d5654db838fa} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7388 -childID 11 -isForBrowser -prefsHandle 5652 -prefMapHandle 5872 -prefsLen 27991 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a1e7afc-35e8-4fd4-85d8-083ac5470630} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:6136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8912 -childID 12 -isForBrowser -prefsHandle 9116 -prefMapHandle 9100 -prefsLen 28031 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a5fb586-c99c-40b7-9ecd-832182da93ab} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9316 -childID 13 -isForBrowser -prefsHandle 9324 -prefMapHandle 9332 -prefsLen 28031 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f39a59c6-5930-4dfa-8f20-469de525030c} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:6428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9604 -childID 14 -isForBrowser -prefsHandle 9692 -prefMapHandle 9680 -prefsLen 28031 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d0aa73a-75d9-4c6d-a00d-737952cdd1bd} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9892 -childID 15 -isForBrowser -prefsHandle 9872 -prefMapHandle 9868 -prefsLen 28031 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ccfe3fe-8a04-4bf8-897a-ebcbb833212e} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:6592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9900 -childID 16 -isForBrowser -prefsHandle 9884 -prefMapHandle 9880 -prefsLen 28031 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18839361-d5c9-4132-9828-62eac819a16f} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:6596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6216 -childID 17 -isForBrowser -prefsHandle 10872 -prefMapHandle 1444 -prefsLen 28031 -prefMapSize 244658 -jsInitHandle 1176 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccbe82ac-feeb-453f-ac24-1cb3852255a1} 6664 "\\.\pipe\gecko-crash-server-pipe.6664" tab
    3⤵
    PID:3976

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:2616

C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4812

C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5cda41b4a493c34eb2443e7ab8a7764d

SHA1
8ab77aea45880368419d3f5a64bfecaa0e8320de

SHA256
59faac0a36d44b33ad6d4f61aa37e68638aa29f5e2e41c4d7d20d9f42cef1fcb

SHA512
5066cdee8e155735ee16803c259ef4967c80a1eac0d3bcc78afefc3f0308862298d34d07cf3f031e84294e2e8aebdfff0248b381cca929b9a4568b77967d9335

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
511bcd525b40ae5da97da3d1ba96af7d

SHA1
bfaa535aacab222b391546ea4586381b31729632

SHA256
9b0e607a1d78b3646d8ecbdb1425b4ad6e147ba0db74ddba450de70b6b2686f1

SHA512
e326c19fecd7012d5920dbc7c9d8fa3e2e35ac8f44d058b83407657b90aa42760d4f0864471ec428e4ed0d7b229f9067ea5c2ca4a183e49cdd79257db447a00a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
55e2a68dcc546ad5f33b330c4208c451

SHA1
e7f1bf1f61d8148f6328967b74c33d7e03dcfc0a

SHA256
c1b0459f7abe53fa61ec30e746e7e2e500408520a352cad129a5f753d9922f05

SHA512
1f5da9b55e8f668d7edd4ee9158037e2039c09fe98088a2db33be44fea192799e9f0546ac4c93d0e270a7f1258cf5957aa4aa210e80d7eecad70d9bcd0c42707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36f14c6d84591a1b011119ea272806ac

SHA1
eafd311b2466e7e5550bfc99338bebbafb97e44e

SHA256
a843b7834bd9c5ecddbaca0e7e59b1dbe87bdcfef205fc612a436c8d30281046

SHA512
30c3167bed3aa166706f38d99a8e9eb803c308f7f67d744cb0a7773b656020b8a90735e18daa34a8de055cce53064f83fb9291fb4bc8e6ed1501a2bf69b73e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbe46f82a661d0ad699e8e7e742e72ee

SHA1
4dde6bc2ec575d4411eaf2fc19a13597f3cdfe87

SHA256
a9613834feb68bc16aee4ec20a98adbc19aef47e94d3af5409203cf965dc003d

SHA512
a1557deb1a906a2d82b0d821fb6a777cbba9ba87b4ca240dff8bd24aa5685d22b47b06810a103c7587e23183e985b7c5b1f83ab55fd417017da361530e69f305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0bac32e7a22eb0ba885e2e475cdfcc57

SHA1
3b50501ce473004c99a6c62aa939448694876df3

SHA256
22e2539a30099761e65d4182460f8edac235a3df0f23dbe6e25020f1dee7715e

SHA512
1dbe40a6621831790a621f9ed2df6ea287ca895326c26f7e42fb5c52f13dabc6ed9df22c0ab2ced2cea071d988a80e3c0f4d9924ab7e8921d0fcdaabd2c4191c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
ad59caef848287472d8cece2ae80daa5

SHA1
fee084e6a8422aea1613e2ff4c8d1ddfb0b28372

SHA256
a2c55ff80ed1eb5d87589ed14504f1b7332fcf0ce55bfff0aa8053f65b1f8379

SHA512
ed18aa5aba69ff502634da08a6ed3dcb5c6eccbd450e77ae17ca2b8c8b9a5339c6faf8df969cf68b94d9380049b8f752006800458e02cdd056ca548a7126b5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
97574d3bf30290d80c004ffdadb6865d

SHA1
e2a6400ddd58d3cffbe8bf7a369a90bc5ff86bf8

SHA256
0adee03351450e44b0799176b462b025e5af7bb365005e4ae2610db6350a96f6

SHA512
7945a4e0b3c64e4a43437878f10c6c0cb04adc22a5388581a8c7b87ea01377e6e179e94af75ec71c792aeec2de090eaed8bca2301060aeaa9fb9338dfcfd0a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
74374f825277d3e6bd07a2211c109330

SHA1
4f682e0e1b0e8c5eb9f288c3784fbf66b8dbd059

SHA256
46f55590a7451ffd9540867be8c6131cd94f02f01563cb041b67647377debba7

SHA512
32308f81061c041cdf46cf877276b588a79f2d7d1ad30b4c3ce9ad92c372037a3f777a3e38c4eada39db44047087e1f4f519f66aa62a899142f127cbd4905732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
150KB

MD5
2758b51b2e5f07ce44dbc5db1a038906

SHA1
cb6a2f3304feaa58425828a8ef4fc1c46587fb9c

SHA256
37cdf139debdee1ae84b70602bb96dcffa3bb231c150e15abd924afde9330bbb

SHA512
92b37d659d48ae7e8d0249db2234a54844061c30d086eb9f1ec061429b8dd25a85017ce2c7d3f5a45aa5ac6ee430356e26d17ae5baedc2698874f6dcd5d50cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
83KB

MD5
95f6245b508394da430086298ac745ca

SHA1
b148419efbb778c5ca3e3b69f1e1928524b0b0ab

SHA256
48b633504cc35bb2e36ae900058c8d42a4976f105280cab5499e833f1cd5802f

SHA512
a4d60402be2abf7e464bead787b610c2a1e2d9c9dcc76b9e701b8ec8c94ce6e1a737246eb4a13f10089f3844c7cf06ec85af7eb8d007a72bcfd827f79dfbf7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
86KB

MD5
74d63074bf8c278615b8a05e8921fbda

SHA1
944dc75cafb4133a0b734c13f4e9661177e919df

SHA256
7e2ab775e0f3a8d25fd47b394aa16fa1fa4437be39afed57f2d3d49875ad79d9

SHA512
5fe58f339bb6cf8fe6a26f3bf0e1f74502ca14faded147b6a389114031c0c0de5f028f435f6f80e744c80a26dbf7c286dea25def5c7fb973f03a506fa5d6fb4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
97KB

MD5
2e78af708e1aca43faa4675edeb3af13

SHA1
5f8ce2ca9e5c6884f992fc531c96e4596479454c

SHA256
eaee0bf80464a71f53e15eb5a0274885a3086fd919aec0de1be8a1e32f484595

SHA512
793e1321eab571a9e8f9dc7c750421609381b34e4ce8ef400ca63d07cd80ff3d5a77ef268fa4a676b8d159e8540c4d145ee6fd029d78be81e23bdb9847330656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
20KB

MD5
b697f8604edc9875b0075ed06c69fc65

SHA1
933f120dc38868d832efe962f27144ee597275bd

SHA256
48c5bf89d95ed77f2ded5cff403c849aae18c11ee5512e9056c64bd2a57be797

SHA512
430a6fbeebc338435ebd764cebe62aeba5e08a53b59e3e01a886d2c4ef12bbb4e301a991f70794b8bb3f5797e56c9c6abc0a07baed12bba6070754e8aba66a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
63KB

MD5
a2b03561cabc0d346e9a6be3f5b11b5e

SHA1
ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b

SHA256
09588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1

SHA512
3602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
20KB

MD5
7fe88b3b621156c7e2a1e41385d3423e

SHA1
48a4c83cdd9fe9a3b7feeef017f59a42d706f272

SHA256
0dcb8f6207d2aa479ff564359085ad8acf315e889d91699b4e22750e5bc634fa

SHA512
2d8f14a85d9716c226a3e24aa33e13ddb52114bf51f8972786296c18d61e4342c6699021abe23e67ddf42de80245ad13bf935eab11174d1a703b236b13676fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
20KB

MD5
d517ec714cf5a12b9dedbb94a419e40f

SHA1
dde9afb02dd9c4aa7aa902c8e464e3bb7db6139a

SHA256
d358bafe59e817c89c2cea04468ba69cab3677723fc2fad09c291e86608478c3

SHA512
2b356aa332078ab59377c96a223e69773018e5721fe313a7306bc2301dd278581f5be2be6f2bf219464acc1d5575d6502e81c0f150fcd1d5aca25938cbf5166b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
102KB

MD5
7da33a02e954fddfdf4be2aef2f69726

SHA1
dfbb23208585f6c0edfa6c07e5ac0e8684c4df10

SHA256
35f3b035023713875fd35b4c0faaf67a3c0c0a8ce8e738b64d138824e8d9d88f

SHA512
8e7b3ffc5a06b9c72a129062bcd6fc873396502ad64862ee6557b21babbba74cd58f9aa8f10ced3b23ea336919dbca92768a9cac236da7967cb7da623cab4aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
1024KB

MD5
a6a8ca84ab936814d38c05fe62804fdf

SHA1
fcddc4bf921c84b80f0e31007d8f32f2e00b2440

SHA256
ec6781985d99acd09e3a7f0ade2cf851dde52da9c136e3b2c914988b282cb3a8

SHA512
ad54f7943913b8d1890513b45f813933b9764da7283dd36cb8c5cfd837397558ba22a28d034ac6337008c41d168dbecb171f361f95ec4366cecdcdc5b2d451ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
1004KB

MD5
ce2b406377362a0bb60f5315c8e03562

SHA1
913a24494ce76864645817ab9e9a3fdd297e3bf2

SHA256
fd44bdae7c9c10142171329df11decdac8e72928adb7f342368798f3f64a58dd

SHA512
07d66a598d13c3a76b625a2fbad1b9879fdb2e14fb2dfe09e0b727c78900455074b7fcd353d0da515d8c12b8c64377ffac522f09afa808de5a868c3e503e02f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
27KB

MD5
3a1f329359c56a1d194dd75ab6e9edbc

SHA1
b1a185fe1381c2e1367ff313ae4097028bb27b01

SHA256
3b3ada68bc25c19e07c87ac1f6afad2236b5c75debb617a1fc5e9481a0b5d962

SHA512
66b27f3c30d97b69097ac2d9599684037909bcedfc88236d0580edf05b6e6ce0a9c279b827e67b3a8f19b2edc85a362d2f19415a5ebb3f0867e55fe7e10f3958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9

Filesize
27KB

MD5
76bff3718533223937b36d71d8d7b3db

SHA1
d9d717ee8e6ce18e5d88a19f5fc9302c9b264ae4

SHA256
d565bed9567bf8a1bbd6375fdd52f234935a6541a004bbe974aebe74a5a9f64f

SHA512
e6d7f6ee0066f4bd5aa5375ad01ba69199cc6969b400efe67498d8244fe22edc0b333ee3b04f857847b7298f511c40a41c74bd54dbc76edde4934255e02ca14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\18aaee5e9945a45f_0

Filesize
32KB

MD5
d6a1cf43802b64a4e6d557b2e954345d

SHA1
fe689d930174d02f06ad6eebe835e05ea9aec2d2

SHA256
8be28ae83d148e7dffcacd362d64b272b32f445c75870452f349b9d3f4396579

SHA512
1587747608f4a8aa4e461ff805626beed915d22354394e674b91ea183bd3a90a24bd065dc0d599789ab91ba289c0fc8209f08b800fe2e3e3b6d2ad189fe1db40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a18ea5200b4083c5_0

Filesize
339KB

MD5
b1501eb7402478097702232451de42fd

SHA1
67a256e902244c458c3530c48fd5bbbe800d3497

SHA256
00d3de67a5afdccf948855a41e0696de6632095cb765e320902519e652f964ee

SHA512
02c3a782abec09a67b4ce4798fbb8b6592ada75c4cade5a6e950ae90b6ae119011f27d6ae45ff082aa797d9dc8271a3384aa3eecbb7e8926d33898bc2d573749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ab690e5b0fc076a0_0

Filesize
6KB

MD5
ae80aeaf97cedcae53ae50d425b47ad9

SHA1
1eea4994576157d4a73d6dca5c61ccf908341415

SHA256
a0d37e988337107a3dbefe6cac893a386e76f51aae67a9911e1e8401463699bd

SHA512
35cc774d66f86ed5cf0765ca2d518eb630174b2b9098fa1d126528f7baff8daabc314ef516cb8b8ac4b91194b793b1a42b9ce3c3156662e94385f9f0a03c4068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c85dfd53317545c1_0

Filesize
32KB

MD5
02ecb8c052704cf46c1a6e0f40696046

SHA1
2de588f6baa29d46aa3291be97c5e59f265d6c6e

SHA256
44a695e8e453e0ee2570e5ef6fd2aac530ae51e415f9f666466e200fbbf7dfe7

SHA512
e2abedc58183ed5feac3abb3a20c14c9ad91c51131b0958bd2eaa756306b7f98bc736e5dad7dce26b2bfd97dc13427266ca4a1ca6a390c56ad600b2d12de9f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
365db707cfb4a27df04aea33930c2814

SHA1
989c40a2cb5b4864d3ecef0dd1df0ad5e2b16077

SHA256
f6b6c35d4958a3ff5d30d9eb20c047ac85a91f74f0055139065e6bcc8f2f5fde

SHA512
0a261eb0761c6d59cad7d010244472993fc516462547437ffb9d96cf7bd1b5cde6213ab6df10df3ac2a044e77a2b3d2fdc20ed911ad2b690d8ec087b177e8a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
f3918d398fea0ea01776f13aba48bf56

SHA1
e95bfb8700596020659603badccd787525dbc156

SHA256
906464538bc51ddfc8d77ac9fdf687f6d2a89be6247af7dcb42003889a7c3b75

SHA512
bf0348bf61c6824394c91781017eeb4f8d3838cbda47b34bda87b9a645d6e3df59030fd6f26738a21d0ed2888ff15383bb30a3fe47fdc4bbd38f07cfdfa51b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
432bed77557d4420b3226ea35714f887

SHA1
22d784ccdb46a1924bc3a9223564c22029d0c6ab

SHA256
29289e758f74834b99f4365aca84eab9a84ec0371c359f9829d73c676c183cbb

SHA512
cdeda1feb956a8c507e9b3ac9f1a2bdc16354dbf08feae891e942f423d96a3906d03de3a11ddf385e6698f3f7c076cc4e2a1f04180dfd69d0a9ea8dba08bcb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
eb8c1a04a7608b3c2f73e1b308771850

SHA1
ccacf5445a8d46ee6360d7d772494b0cf76fe27d

SHA256
04038e802cab9f0aa974a665d332a5f4854696362174d685b081d4d41adfe732

SHA512
0501c2c64053afcffe80c30d1a3d9ba7f715a07b6c922dab8972dc7659b4cb424f944b56467805e90717375a2ac6d5d4479c9de46fc7348139f0715f9d6e3753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
94506ae51d4614b63b0987630f12bae1

SHA1
fe18909b533cbee2d9c79c525cfe32f9a406aa00

SHA256
c8ac9999ee0fff28520a87084d66d3d694ea02b4da6f338db167240d06e3f15a

SHA512
1c6d6af00143c98e549df08a1b1b8cac194058252f0b11efa529b81e93bc501e4f89d5f1a9c8be6ebd81f75e709e82d0fb3a7341e6779170de1c3553c3dcc1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
bef30e70ff989c2456d8273a43d9c2f0

SHA1
e748fa8a09f41bc25e1f6f021a4967979c904550

SHA256
295e2f515006102bb2b9d73ecb45c59878a5894a07bf48a4cc22252122f007cf

SHA512
129ad55ce45b84b6a51ea6adb8f8a1b8ed08a7392dab271c4c46fd2d7927c234f8a2908d5eaeb75802a2cfdb08ec915fbae0e9cac658a8fe63c89f33282b9701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
7e7b5137d12d08ca618e334b94df9825

SHA1
8788896fb3e226c90c09afe9e2fea943e153e03d

SHA256
3dc6661448e8e4ae8b9aeb5b87a76289bf931eb7e260522f3c33cccb2a54bbfb

SHA512
08175930658bb962ec0097cfb9fdfcabef55c5c058eff0288bdc5ecf617d042a603221ddf06a19762a13f937644b6cd3f1e30e5f19d7e76c0024b744637766af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
2de03f4df5331ef5fe98cf670a4da69f

SHA1
8d49af0d465cc9760a10b51be3429ca4d38e6680

SHA256
45a4b7d1cec6969e98e101bf822ac1bab53bfd1d1d30e16e0fb6cd1266f1386b

SHA512
46a095ceaf9259a8b27f4c36bb73044c8ee1657ada9252dd3f7b8ae21267a016217154fb372a131c5d5132c71cd8f2748ab06aef0c1aeb17cf732dc12d3e9d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fcb08eeaa5c579922b0625c4ed7fa64a

SHA1
d3fc3f7cc4193149beb86c93e9189bea6cf990a7

SHA256
bf83d7e3e34d5e36fc9391582aa9429d6de7538e41172be3de57ade2c503b381

SHA512
7ac30005477b4959587b295f901773eeae4508bfe346fb7bd4bff010b5c87aed68e666657b5c3c5cbcb7a15e31ca6d8ffdf53df787026f81c85c8647205c7d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
a15096f6559510c7db1553fd31365b63

SHA1
81c86b091e91cbd68c28aed7915a055e537ab4cd

SHA256
8b8eb0d3696f6edbf15449cc1cb8e90d7a195c12b7c62cfd1c9921e80d26019f

SHA512
1b76d00ec1ec385e53cf940263a0e9fcfa69328c72797aeffb1139eaa49032d4cd1d5b1ffdec9a8fb8cfeea9a1c87f0c72a77f2dc38d5bdd507f9173ff066a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old

Filesize
391B

MD5
72847c741df2ab16018e0975b2c5a095

SHA1
60be4d1559f24d3bab6faef309f75995157779e0

SHA256
a0aafed68bce06d9c6cb96945c494fbf73886bf5ddd289261af3839cf7780653

SHA512
509ad0c02d2399264b5d44062badbddd087cdefc7ff4da215aa2a50f5bd7d42266ac819668c338ad57d658a17a6170a7ef3eeaf78e62c37750b150f96e72c543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old~RFe5bb274.TMP

Filesize
351B

MD5
0650bc1d6c3a1e8e39a7550689a9c52a

SHA1
d512b805723eae6a0b15270c4c5587f56733fe52

SHA256
b01a696a7567f400fe9dc99f84dbd9782a5d0df8affa392a115d2dee61fce9dc

SHA512
5ffb1ce30c5b755724ca0f626caa1cd442b07ba295810e87203f9854a7f7dcf3d00dd8ab8321bf7ec1aa73993d91829bff91ff5875c8749e90cffef26df84a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
66946297be3f1caf59d1726c4e6ac160

SHA1
9d9fa45379c81686da926c9e28198bbb3f2c56fb

SHA256
b353946c090fa3acaf5e2b3bfb2d075edbf615265624f32470e7dc4de33dd780

SHA512
4a2d1d49924c8f1e416a2b13b51c50287d8d76ba01f211e07d8d24e06cdbd10b0c9022dfe0ed1aff3e718fa0fc307e12f33382c5b8c7aa3b563f9e3ef825b0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
33da3b704434399090f1ca5b529e6f7c

SHA1
f1bfc6ff21764a47063184452a16754a87cafd8e

SHA256
75041522eb96d95b24bed66beefbc6b99dd85ae0be3bf234ed7ba0e4428eccd1

SHA512
9927d2902555896884558df2ee708848f2d9eacb5c2fb20e6b91857c286c25eb39792b8d2e9b4dbce0cd3ab032ef5f50c3f9e5b2c3a641221a5f22c156fc62e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
422711a7a8820c3f11ab2f26b61b8883

SHA1
3c89e7c0a0390a2aecf0eb4347f54b9bfc8eef80

SHA256
f1a9ab92a72fe6c48433a044a29be851dcefd0462ce10c6181893e4502078687

SHA512
ed26daefab2f36ec7359d54a959358d7c17f87c2b776da16eaab36cb1a6b3df284a1bb2b7546814a32489702a01b0e727fcd968be12e270b3c73bf57d114cad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f2082551546c063456e93ce39ec2a9d1

SHA1
772ab59a1391d9461b7d7a2727118fa5b43a2510

SHA256
63935656c83e49a920d3f3c93f7ec5ab0f578515a0208ab91ae5dc45a2bc54f7

SHA512
15e183ada1dde84c1e42d3f48ca7e182f74f6b7a811d8e042afcab24d1ef4882456752ce4dc345901af6fd614edf39589b08315723fca97361bbf743dc1df1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
33KB

MD5
51ef4466111e97348e67ddf805811f18

SHA1
65330a8a5bdea21a2d2444c0642c42387dcf7927

SHA256
9f528f82e9f09d2a8e182dbc1ede583523792317d7f0d047c846bb74612f1525

SHA512
cb56756871f7f30dc6e9c3cd084f6fc34a2933b0cf4a1ae09d88dc99e1e88aa1a88179befe637ce3d255391575263d94593a23cf653f30cd9f04785ffd6e0040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
33KB

MD5
0c6807b2c26f5d53050442f569ae4cdd

SHA1
c26c2878b7613eeffd7c0f22ee72cb830024a464

SHA256
be5c0f7af4954f8e6c2a0e0b6d94ad2c098fb47ccec1281d7df8d8fd1a3fd73c

SHA512
b070a43c9423d904e5df325dd70ab2c37f30ae993b12e169843f8574f003d6241d2fafaa80f5f3222e13cad212895f41924aace4eaf674a9b78e1e88416ad11d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
f59887db2d1e7f824dcdc7a3a8b1a8c2

SHA1
9fbebc1fa954ae5bafc636579307f39290088dbe

SHA256
fe24b80616fcfc6c97e4fd1ed16382c6981129e4d5a84e14ab98f664366a6f1c

SHA512
69fd930b08fd34e7b5987392881533df268add1268f17b87829ceddde9524e4a4869b7efd765edf77d62503a673339e791af8f4812ba2c61b767fed19fdb2ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f225317221eccab74c262ce4e378dd6f

SHA1
f23d9e9f69c796f36604ee2a76077313deca53bb

SHA256
daa51c9f5550f033596729e3e799f0bfc8001b36132d9d1849fd6c50f2b3d617

SHA512
708874747ad0dbc1fabaca6fe69b4184ca92d7783cdaf58e62e222ac3e1666dc63eaae14eada57525bbc20a59297bdba7475b410ce182edd10fdfc714a6a47bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8811c57c34b2f18b9df16863c37a21b2

SHA1
76e873a02944d47abb157482acd73773a71fa481

SHA256
600add617097985026b94452256b127592eb35996bf61e340516de2068f10349

SHA512
4f851736f520fb73e176156ed6da326a3da8284d2f5f022789302e5cf3e2af36c1d7248d08304d92b0c57dd5458d8c17c2ffc33ab1b3c73d4da7bbdc28cf579a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8c56ccc34457f571aa7c74a83e6a50b

SHA1
ec86c6acfa2e64e0a95c0b23df67f6b329f5e0fa

SHA256
d718291558b489812e57b651c6f3249be5f18967811d860775a13757be7cb175

SHA512
0a455b909bc3636db2c7a1ce201099e80d071fc5328e6b0dc2dd736210ae62b03faa6105475dc1c8bdfae832c25dfc8179a56a79fb39557686cb3789a778f1b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
59b81c094d2ec35e0edcece74c3ab361

SHA1
f870d7dcb3e6cffa305ca1d2060f6b9465fd56c6

SHA256
3b256e77ddd8db2610d3668417d80ec39d163a41ff2291a2325dbb19b2a33fd2

SHA512
e89a21e733b030bddae3d713a135c79c583c9f8f82a641f9f9646d42f98354957abc052d39259a32e2020730212e2eedfa17a28a13bf5d6cb42422ff008c7558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
02ca7dd40c197bf93268e068f660ec71

SHA1
2ca3b2a9d1b85ac41fe8605bbb39bb6861423558

SHA256
26fc46396e4ceff3c18983db1bcb6373dd1dd7bcaf301483aeabd6a292067196

SHA512
e90ce0f4336a7f9d1ca309b8f14826a3cbc6554e44c8708b29a1bfc157a6d0c2e2bb25ac4ef182e2857081e202e18eb19d9776fa965ba2df5aa7096ed8ae0510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
91767f9fc6f35a252b8eb733b7a4162d

SHA1
ab64036caa5defec36927c6efcde99ddae0287c7

SHA256
0cf1d83a186b09b028f3dcfd7f3a10ed3eea12124d2d6f3a94a3ab1cdf32db1a

SHA512
ac7ffcdbb5d2b4df4f1d29d0a1034ff9dd1b36f789bf9f488c1d43055d76dfb89cb6d86ca8496bf0aa16f90bed65870b1861066cc7e580729cf706deed7118c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
57e006b893913171439ab5263cd7f50c

SHA1
cc154a79dcf4728a329ce0e0c08994cce1b5d79b

SHA256
43736c27530392038b5caa7b9ac3e60f40a08194891766a2bdebe2035feddf96

SHA512
9e69c8cafc7231d5902e57364e677ec64cdc4f5b9746d0179468707a01f9a984ad37ace1b30dfabfa3f2bc82b8dee99c9cfca79020d1377e23565a24a8a920e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
258f2c3223cbf3849bd0c97647394d8a

SHA1
be567b44df3e5567e6599ae3e6f2c3f5c87cf005

SHA256
e3130882a1904d95706f6aed47c84ed7153aca8344ae0e6cd1a5ec37f8e21646

SHA512
26eea9748eb117b1197d5d838c2f22216070480ad0b2060eaa0036aff8f5f70c8159272f66180ba51122c94b03658307187b912f337ad818613b21e0bd886a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
d55ba9d681d315fcc3db7b7626514185

SHA1
44f40aaa4983971638ca836241ec8540cfc04c0d

SHA256
273a9cecaeb40aca765e9997f2a5d93846a0b0a416d3daed37a5c2759714d8f9

SHA512
086064e498596e44e0063066db9d98ea96ad8b496de6af9ed21831435de842f4eab1ee57e733ba86e3b7a2af7d0b16bc9fa7ec80676692c592953fb039ba82c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
96702f54f3db530957634522e9e57fa9

SHA1
0f925071bcfd925437ce46b37b13b7ae4308f9cc

SHA256
47bf97a27707cf017d00bfd511419ac6f0e664857b896f1a25e0bb1bf3b1f639

SHA512
8176e9de87bc5513efa8ce1e119e164f9cad57799dc470f70e41a54e5a9ebd055ff7bcf390e353469fec7906cd1edaa4bf99c3c011b5b8eac3181293e0f9a04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
69c12921cf6cfc6d337e462023fb2ee4

SHA1
3de66e8411b68ba75cc748e5433d3a7d9cd84074

SHA256
6d71326157dd07ba9a2c53dae35a33f5e6ccda6aa1e164e93ef296fb325142be

SHA512
986fdcebce5b021cfc50cc72b39d1e93bac8b59a6d39cd531c0e079bffe4c7dd0abe9c755b9cc66a38d5d3489fe2b80b803c147e5d90e41b82ea18b806aad820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
454628dbd2d7a85ec21ae01359989942

SHA1
90dee9d0ca77b0d81f203cf72cfa3996ab98e222

SHA256
03976d0776c0510592a1cc6d7afca86b36f45c17a6a971e802e23e6a70437ad2

SHA512
38ec258ccc1d7f44fcd3f49c034f4ab40ce7b3fa09ce0d94f453c9210ddabe5fbbc944f715eea733a0b43709b3ec6b79ab6c61eaead7aacb60b9dc7d8c3b7659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0f7c965fde0005ffa841b438cd9d16bd

SHA1
152f252805acbd50d22bd22923370bde3c7034a2

SHA256
5a6093246ff583a2d1430cf2c918a1efd6487ea0347cb67479eb1f942abb7819

SHA512
d65e7861edb806b255670860109b42c73236baf1fe36d8849b2a2659e33ba2cd63f6cbdbc900e94a3d8bc087c6264e600ac21249805f926993bb1e489076cb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
23ddaa1831a11fc724266b150d343fec

SHA1
4638eafcfd2e906c30c32d68ce93d56d7f52df3a

SHA256
122252697ac7e8882afa3f271bbd652fe7995ce6c01483d877e38e6631549f79

SHA512
b206eed7b70ee178dc5e5c9ffb47c81e13acc6cf573cb671b265dea4741398bb0dd61b6e21896e974e99c79742c832ec97e552252b8f40665717360673c031b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
99acfc2d4cb2a7af16cf3758ed5d9c05

SHA1
09f230b4fd780939167b9c54dfb433c16ff0d6b5

SHA256
6e52e5117875576cec6f03e68133f12d9ab197b49dc33db382ad33c47443da73

SHA512
cc9ad3aa8150693f2c38d8ee5098e033ada31c56eb54b4b0451830bec712797f887560db8fd441c65ce1a1958116f77fd25848f449629e2b8c12ed70051b6dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
0a67712f9b94a667cfd6b7ba44dfed40

SHA1
d4859feadaaefdafc24a822607ca23aea9dc4741

SHA256
8c8fed039cbfa027e3df74adebdc3a3c09a3e9b292fe4ad1ded17859896c604f

SHA512
fbdd3107d7e2ef6820d9beefee9dc4241bb9714d364db11ecc032475d58ddac212dfe94289ed2bd7d15925c116077048dbe2a9642f06e3eca89ea14f935fae89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
ec85036414abbb9881567bc9fd3c856d

SHA1
18e0a57f97175176ac3b83321f87430cc91bc1a3

SHA256
b788254eca56f50b7ca2c2d74c8915f5c9505caba5cf1e43cb3cb53b53c3ef2e

SHA512
ee99591564ef6fcf7682b6e338fecb017bd74631d62982d1e70a354a3e482bf14d480b4ea82abecbb03ab2487118a1b4c4c3a9b336a2eef3e73eb4561f388b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
50d51d0d53d3e3b093b27bb23a99ba9c

SHA1
050def0ab293ce9adfe5bfa9c18601d771e8bdd1

SHA256
d73575cb2bfb99bb1163d49e001fe85b61ff6b16984f24b55afb86110164f9d8

SHA512
8199ee72f1e0252d3b0b18033ff7b0430225ecec5d5d500ab3d29980b009665340f856d3d17ea1100af10976fff367bf3dda7761c4bda20fbb7f520e74129709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
9c10f467b5a74e6a4106fc29e0f87fc4

SHA1
6662c44223ea50c2bbb2a16054aa30264a87990a

SHA256
97139b3f4e78b10863f551b1abf3d6d016f3a8f880e24959c6b60dd4c0d6de83

SHA512
f8838b67ab6851f476a92b2343b2d5ce8943dcbab43ad2d94ad19757b941ef5c0ce43eb7c5a0f57e90413dedddaeeadcb6c82e338f4a23c68462f6798acd41d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
1d990eac5a231075c4fc786a32cd7076

SHA1
9a791f10701efeb13a7515d2107f13be047f3ada

SHA256
fedcea3eef669e5e10d709373fae833e841324afef4fa8dffbd66f8b16899e2a

SHA512
02a6ea40fd95de3e89392f7de5aab69dfdc58a27dabd64fdf0e78528b50ce1cb25ecf873f9405c3ba1f17f1c2d8ba11e6f7f8981032a2d29f97ffc50a6143130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
de270138a43a3a32c793e3d12ded4bbe

SHA1
affdbc14c186ae35a79c1b455632c85321bb32e4

SHA256
8f3b3399ca445aaf861ef79c90b81492f53bfd2038a3951a51945032826aa072

SHA512
109d6eb4b35c196125101de5cedef5ce155be8900c232c4a1f72128035cf50804a64e1ac93a69c0e8030b12a6ba00a698c953aadf29c3382b3339ce2659c625a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4f518d02405a0c076d489fadbaf3baa5

SHA1
040e4bca4c92d4352866270ba6fa786eaf6e0761

SHA256
450a31083d54c27a4ccc0fb2058877420969de1316bd56375e62f0e3cc54631a

SHA512
24cc2725718f567a0c7a43aa9ee8761ce93f80785c3c4b56e1c0256b89c4f4267e92682b83c2ce699bd978ac698e3497ad1439b05ea2a29fca01fb98042bf8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
f057188ec0d7cc62ce7598f05cc02dea

SHA1
71866523fcb4f438aa8cd951ddf79f595e265b40

SHA256
6868267f0a9cb8d87127411d1126046072d23cf70a206cd302c84fcb9b7c0360

SHA512
1897f7238389a11f3618421022f04832f6d8b2b0215ec1fed67a94bba495d9c3059a6a85a09a56a59aaa6bba17b721a8ce8b760a3f6851c9d52853958713d247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
5f17aa1938615a8c6c579cf904fd6f05

SHA1
1dd6d15a1104c263776280e40f32443268043a81

SHA256
9ae7dc19a3f570eff49294c47a4a8762dc747b156740e50bffa3f55bf08f8d52

SHA512
0346a17dfaa620f74aeaa9e8f3a2706eae5b259e31f45ae44c5d31ee4443f6f045fe43994c50a64ee735bf0b7fb711958c4cbebf120cefbb9cb137afb8c1be91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
f71314ae154f3143141037863d7921ab

SHA1
b81bfa1b5f13b63b883c96d0c62a8a913e55e583

SHA256
913502c53496e2d288b61dd9244ade54530d3df42cec87b1322d1bd0e6f20daf

SHA512
b805706991f8a7136121645cc592a5e751c5d1ca982005ddeac6fc5a88900322311378b083abd241ff7437d80cc48afa1632d84c8cedfe13a55a88142163784d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
f5611b83b8a85f2f7092f5fc1eebc990

SHA1
f0ba1c1d60413041cde15bdac9a754ee36245b26

SHA256
d84ee53669d8de7d8af1d64897a34fcd82b82e7fb897beaa1c21485cb99a7806

SHA512
b893e2d974e082dd1a133f298a62f315d2e770e0e3713b73199e0ae4e5d632a70a651f8e66e2c7246a2f6712acac24ff895a1c400c90c3b69edc49d66a1e1103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
41ae038ae65c86150f5f524ad56d2a4d

SHA1
31b4a8eafdd68d4679c33bfbfe668f8ad5352eca

SHA256
d145e69d84b35593272be844d530d68073f6cdd9478570d72d03bf47005cdf8a

SHA512
2d259cb1964d5556fb904d8661dbfe0a35eed3c710910c79ffafb53299b7c1dd68d8429cb69cd30a5ed0c294291d768f55aa8ba445ed613ac6deb497ae8cdd66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
38f723195738f03cbd09376aedfe68cf

SHA1
905b1b41a0024384a008e02ab586674d85399a42

SHA256
a994e610130763dc34f878150a4b11949998d86d9816c54bb9032c4109577c72

SHA512
2fc5f7c199be8d6de53a1dde7e17b936db13cb91fed4555f09bcaba62f445e234ec9502b6fcd39fdf63e1aad5eeb1307a26d19d06ec6f95a8dcec8698c812005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a66284cda1fd0cd82f2f94a0dd895ba5

SHA1
d3cd52f50567743bc0e62325c567620df16e1b78

SHA256
a4717f6aeef00c57c0e495d69a4b3bf2b496d653693c82087bb24ae8e1fd290b

SHA512
b33061e14691be13685b9d4d38c40da6b5606c5e64c56c0a1881a2a1c3d43a760ecde575d10656faead0a8e63e40196d43c326d03a08405998a8620d95981e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5adfa3.TMP

Filesize
48B

MD5
257b03ad361f57f93718c9267e20a51b

SHA1
d80ce1b655d999ca22a8d514dbfc0b8bf7cb570a

SHA256
a47a6ce6dba591c079e548072e3ff355c974745a2b48de1e9b872c18c14150a9

SHA512
e9117eac82803fd5bd8ddab1baaef52d4a725ac0486ebe986da408d550c30377fc9bc4e7c909111bd5caded5a2a3478fe1874e9e5d64affab6b47e474103856f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
8dbb6ca3b7c81cd1cf39e963278586dd

SHA1
0cac39d6dd15069161a230ee30c87a2f16d896cb

SHA256
e62eeb0110d97253c229c0b04e719061a9774bafbffec12278e8ce63dd45445f

SHA512
ce2a57b06de1f6f9fc72e4c8b9773ed3a959caad06759e82b45c63dbcf355f9ebfdff7babd08cfc725faec0165aff570711ddd42bb1970aa0b86d7a8f558ee58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
501c48c2d1c30d5817942511037c4fa1

SHA1
cca3f430a6edf6bb2a7a9149ad921b569dcd399d

SHA256
e98cf098b9a2f29200afdc938a4a368a4033a8078fd75df7c4741da172d07b2c

SHA512
c0d363eed070e0931517e8c0463581f6d9a85eebb07d9cb7eb364376227d38fca862f89c14f4e3cf047d6fdf8d776dd800c6a63aaa59075284e38ff2489c6650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369756821421291

Filesize
18KB

MD5
308851b3d9b8b585c00efee4fb706f7c

SHA1
958e66e8d939db2cedcf93eb1c71f21bfb07b5e2

SHA256
e74444bdfa6fe6c494d0d5604e1096f3ed778e9f2727cad95aaac6534bc8accf

SHA512
1cf866689dadb66594a79de80ce001e66bf86db63b0921903350109cfe346f8c7a4d1e9d5bbfeba35e58ef9c6e1e3e032dc5e63a080408879002f1e6199aadb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
0ba7c7d0dc793aeaac3f138da43eb543

SHA1
271bc1471832d93705392242f1622d8571e127fb

SHA256
e791363a1412075fd2e6feec568685d1f637b3e99606515d3e518cb0d1907eaa

SHA512
fcbfb65b6f25c4f82876d67d21a9585d089861eebd8173b5766a44cf69afec2c601bbfa6e4ef4e05d79f3e8c1880debf61dbdc42948eb5898cb1f7f6706a5fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f2833f6a089c62f124447bd9e6f378ee

SHA1
f81a83befd808dd70882bde712c3b0c251fe1443

SHA256
fdc41613dc0995ab677a8f956b10615dc4a84dac4a5cf0681bd46cbf95d151b4

SHA512
2035cc1bb68e21a14ef9024497ac44795038bcf882eade336c0a041964034a755f050d75ac8ca0bdb7387806315a9003d4bb18e43d8b201ca81c1107f9393ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1002682ddb21ee94d27734ef709a328f

SHA1
3d1a12e87f1dc2978c54c9917a6d535f0dca760e

SHA256
6ae8d90edc759f63374d6ee90468ea89176b889738a773fcfc30271f9db7a25d

SHA512
5df2c2614d62819ee08fe23898db2425dea4576462f9b7f6a8e2b59e0b0cf1b86273dc89f07217e6c4a2843961420e815805bc4f1f4a696549a6d9ae3b2d50bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
95e15feda9114d56a6ff3b1c2fa5637c

SHA1
f529b4fb45a5bd6c1c0151055dc2e9e310c71a7f

SHA256
97ce3c1c289a13885d5d163305913c279a43a3f4a693d289ff20198655f77122

SHA512
3a8c05c34dabac67ae5d39fb7b961fe063c6d73a6dd29a32fe96628f21705d1067eee6af687a7cac98c445aa96405622e80aed4bde3a1ff26eedf06ad6f0ad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
66c4867abcfb33b0a72e2d479e0544cd

SHA1
abaa4940d1fdd936c6744c237de5088bad78911d

SHA256
dba191eee9a8ab4efa26898e32b66bda65ec07e671d3f604e7afad8255ccb1cc

SHA512
25ed41c4a35d98340f94675c28e7b2458b87363fe7b04963409ab9c6914e20d613225c392ec3da06f2d888a0f194296bc1ae271fe2de0163b71524b90ed69f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
55db73e15d8c80ce32cd8e70ab2d6ee9

SHA1
91219498780c960b20b936c2d88817aa196a0783

SHA256
022af85b6136c6af2750cb49435c488653671cc9008190771a9f5df798ffed18

SHA512
b41dadc76b650e57c3a5c2dc76b370790f1d734cb736c726213df39fd65019d6612b5104fcd15344c22f7866eda45589ce0e9d5dad036080b38a4ab49982deef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d795ad4fc22f279cfe9bd7d59a595a3

SHA1
e4b349414838693792218a59c0ae4b1859a6022d

SHA256
6f809193bade70f0e687d4ddfc8b265141cd259dbcd8ecd0098704981d530090

SHA512
262b292f07a46b633cd9a2ad6169e9ba5e629458ac1e948f131d8b828e98359da6f36895de7a04eb57f028de8873a1806003004d2b8ed2aee046e11c0498c5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
0acffee89b94f39c715815955c901ae9

SHA1
c19e8d8179a8d18d3184e6ce885248bb81fa031c

SHA256
6552f5c9f4187b539fd4a2dd0ed893c4a0751b25b82ba55669e2ade5281183ca

SHA512
551a97303cd376aacff69770391dc3d2b0144b4113ab7a4ec21de22e42ef0357706dd701d0cba901877cbea41e7aa68e824696405d81076e87e51182419310e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
989f1e4f63dedcbfb3f6ce094d1e9e0a

SHA1
6f05fa9991dbfb0b0a2d74d47bc10b7e5ecfe1cf

SHA256
3802fca7244b678a3b0a563aec9d28ef3d60cfa5960b4a43e5cf5ee8f1416587

SHA512
191aacfaee59ec07fbe1b9aa9fe6190f899948ec052023a67c9bf3adddeaed7172c70a26e0c889efe4df206a40494e07ef18de16f9abc191e3b121bc70ff72ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99fd732ad21b23878a9af64973cd0ba8

SHA1
abd18e208379808869d48a49dbbb8e538f5a018f

SHA256
b19bf95818b9cd5a043426254cfb2387039dc5bc4fdf42055d906884aa1e9ba7

SHA512
4ac896d4e3a34ecad4acf431c0bd40bdeb9102cced235b72e56a218d3b35648a3351872a75ffeecfeee379f04d797b46e513b51a014b8a1cb411c37b41545c01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f07a.TMP

Filesize
1KB

MD5
d926cc99c22f87f54304c6c96fdb3479

SHA1
ce803875f4d5b3393904f4b7b75bd5e476e192f4

SHA256
be0d3a18c3df9b7606967b440bf30e3bced5e3c7c78a60b3d97eff7c8d676c4f

SHA512
37866418ad4e4d9a7446e93aaf07447c62432f9024488a065915be4b1e0ba4a66c062fc69664ef7c313132a997e2e50c27ea0c33754588ac362775f37e55ca36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
89ec908f1e10072d3a0ea074f503d002

SHA1
494a8190c18df962128fa13877586fb9d0e73ad7

SHA256
47acc0bc8d1eb5a7a70acf0a76f37fa20e5cc7c093926941ba4df8627c462b3a

SHA512
f9b08bc2dec9f698c996a43d2228266640ca882307f64ec376f8d003def4a1b1409b884e7c20ac3c451aca465387bfcd359a076bc762b9ce64a5325e3eecf7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
0d47126fe9262ae9a391877f6ae2a601

SHA1
e0165727fbf3b1465785f9ec87d178fe38be1325

SHA256
25bd93cfece2d82f9f99dfeda7e5de9ffabfc3ffd739426550ef049c508c718c

SHA512
0a5cda55f976cef71963b002433afb949704d7f3040a011b47b8fb95161c7144f45156b38a7bbaec9ec509c9c94d57fff960ab8f55f8fd2b2ed90f92edeb7482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
da24a761baf39ac8f4bda106866785dc

SHA1
29b2e8a2bdd16d21848875419ad207bb49a98587

SHA256
bd5d92c9c87acc21c6c130778546d5b88b3b9757a7fe047bca5cd90ab5492fc5

SHA512
04dcd73f52cb862b4843b170c5a9d8b35a49a179e081e7e9305094314578d14a518cc2713f418c882a3b21941bf50fb3b449198fc7f8fc81da0682bc16441f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
7f1f1b90fde7f40d1bdc010c4a89ec75

SHA1
54801304f32e815ca551ee16c2130de6440063b5

SHA256
f8416b455f3547ded63d225f364e1aa7bf71ca2929422d20d2f0d12147daaea6

SHA512
17ec57c058fdc36f9bd1554ccb27ec54bd6acca62cc43a0b4b49a5e5301774debc61ed073dbc867b855d2c0ff58b873c8db865cd5bae2cabde731068a0240e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
c2548218373a32a8bde16280230c360e

SHA1
39a083349b1b433ddb362a9df5001350fe8d5687

SHA256
76d8e0c4d5a2cb90eb0a7b30234c37f5cd39b7f4195595171f98aac169a5674c

SHA512
b128c5fe00f3f86cdc8e25cef884725d5a066eefcacbe0fded8d9d72eff498bebfc77de59df675c9c084fbc633108efa5a5dee5dec5bf740d2f3eeb70b0d2da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
f888ddc173b2d4773fee7feef6358d23

SHA1
a3208ffdd6414da7f851d155db161544d8579e71

SHA256
706749751820e5f3439242d6f0d2a75ccb5d161de28259a7ff60587f95c57ff8

SHA512
1190317d7f15659a0baa0b103983529d94f2e00715eb930d340728965e35eb7e53e128b3dab044789faa7da427f1483dd8857a2d2d64066b045db74bc0f2e3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8de8905b63a240d47fa302495b1b6b91

SHA1
bc52600ce6369fb6983898e944a5cc05236171bc

SHA256
5e33cfaf3fe6e13da98112860119d5e691877c774b391e3c68d7d71565c65996

SHA512
ea9026d58b806499765ed9ff4faf5e2e17e1535b9736fb09f2e0956cdb4bc51f23e75395b63b71d0dae71a96784416fe0ed0b4fdaac7b99fcf1507185e85ee34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9230ebfad234edf9c5bf8aeaa439896d

SHA1
28be13a27045f9dce412ebe47b50e2741bf3fd58

SHA256
e315c68da3e5dc0224cd9b460c6a7e36bce8e1fc9a2fc79eec0c67ff052619e1

SHA512
4c69a6f8de745e2e78635a4967cbda5a90f0dea2cc1e0c2b5a0b7ba322a616138f248be7867c3d33fbc81b87ba96da39cb03e8a245c17d359e9d4a0ce8557fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5fd48d22280fb92d6634b417e4c0c5a

SHA1
debc626c2cd0a40407b54babc1a662703fb2528f

SHA256
8b77367e157b063de73407f7c6708b42c747f426a747a73e883520eac130d5e7

SHA512
732316915f23610ae5ae1db291658d6a0e256e397de947a20fd03fc1dce9d3c47af379daff1d560277fcba0fc95a1a27788b3ea904aa377542ac4b0e3ed66e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
382fcc33a0fe8b760642a90edf5d1a53

SHA1
9b16f345130df5d2f1000643a52a916cf5bec9bf

SHA256
62eaa68193dad22a640130eb2c615efbef5c2af1f674c6e8e94e6587fcede951

SHA512
e21d80c46bead53696ed3bb77cfd2cfa3e25e9e583d59672b3b8578e279e5bc9804ce1d14e64fdf812892e14ecf5de6006ca36b6c4a4d63362f9e9e2805c7706

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
32KB

MD5
c8161bd053d0ddfd4a10409144ace0f8

SHA1
92024ea96dd70e24fbdad984108fa2ce5a51955f

SHA256
16f5431e49add3f8e7a68b92855835db98606bb841404aff9a5942ba0b9d8ff8

SHA512
4c12a56d3dfa82e37b2a61f5a0e2c6ef75dfb022c7905143d59839e3c5090eda5dc72d49f28c41fcbf8da1dcfbf0b72147dc9a5e998c1c6adb9a3d7d33d6860d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\1A957A0511EC1D1E645201A60B30D06BD17398C8

Filesize
20KB

MD5
4c59e54cc106b478e97ab150a54bcb69

SHA1
ac85b819c454bab21daea0c36e68e6f8865670cb

SHA256
8abbc1546b290ffdd147ca1ecd89ce2d372abafcf932159ea53fe26210dc293c

SHA512
23b38bc402380e1675d46d17a634956b64f7cc5ec4ca2a0251cb29ec4383b3df3bef2161510abea0feae6a88f383a35804bfd91adce5d982b72a049e0fd9dfc6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\3DB3ED954F3BD4F5913B6EFF344C4EB7DD43C790

Filesize
100KB

MD5
f540290b3a35c3962d53b51dcc959a62

SHA1
edb0a8f2d3807ad8f10cad525a19922ce9ca89cf

SHA256
c5590d1db4d109362b9492a5d9c76126ab0266043e53f6f00f0c1c825571cc61

SHA512
2ea24ed37f2ed18116faf8b22eaf70696bbf02574dcd2d8855127fcd68ef49dc49b76af3fbd89e2184c34b7d8a4b6e21be60150c4dcb8f6860cd9c3b4f8299e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\46C1433199E71D042B064E64AE19C148E76738B0

Filesize
2.1MB

MD5
a56d5ea34f34212af70e6c45af166657

SHA1
a1d9a3ae923d2f52ffc364721bf1531bb0c8561c

SHA256
d7145ec194158d2cfc22cfec76c9512fb6f56436216ed3f26f1617dc60c0b363

SHA512
547847d60b04d80ecfdb8986999697c023c22e38010d4f83a1dd45e7df8a51db3aba881f054904fa9842f30310a549f3ec915083ec05997add62b6d4d208dac9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\AD24A016027A3A4CFAE29F741C3C3B93771B1985

Filesize
25KB

MD5
27f4786344e9251e2686cf57d9774e86

SHA1
78c22e72b7db503e904f19578e2f2c486683363b

SHA256
a71563de6acad38f79e2b9679c0bb51a273e65c54e3fe784627885a58c3d31eb

SHA512
bab94cdbc6c5f31dc04edeca748a2b85297ee905fdb7c9d36ef8d9bcba897ff4399425ab2cb8ae4bb16617baf6d8517532a28af3faf6c8de0fcc344452dd9c65

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E5DE0C3B91809430F05BD3E153BE509C08DE07E0

Filesize
111KB

MD5
1ef501acb397b0ec47a4d83f445edbb0

SHA1
e7d27289eb42e6c59b32452a9e8b778cb3cd5699

SHA256
05a2d31026d9cd2bdd3d8e24a70baabe4cfb862f0683ba8126a784227d8ea2a7

SHA512
2ba35d1f014dbd1bee28f8beafa71bb4c694e90fa2b17a8367f2a870ee1096dea3c0f8f59fad2f85e3c96a130a7e723175472260430d90b7056437c3488ee022

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\EC192743BDEF96C32B16FFD4FF0E12C1B2015851

Filesize
1.4MB

MD5
5ae2455fa703c2545ec340cb1d9707cc

SHA1
12c5cfafd9d95f4ffb7640875a53761bd824791a

SHA256
640bdf2c0570fb33bdebd89e70f571e37534e93852d4e8fdc213df7585b1874a

SHA512
401be45367c43b575367c27dd492c92f86721eb85b322f765d2f4752acfb51d60c7f8e0bdf7db000eca151c94cc014383f63ff5b69fd568f360d376b7beea22a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1x1urte0.h4e.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_2894FDAF5B574BE09F84FE2C5CBA5820.dat

Filesize
940B

MD5
656bafd11a63ae2214e287a52b51aa3e

SHA1
3efc6f251b2200ed5c828dd2150ceb15057e723c

SHA256
e2c25d648a83f11a8e9ee7dc363486bdc201fbdf99e21852620f0b2c114b0f18

SHA512
33a69cc3d4563b9b92acae4de46134053dd579e4ad2b08d31e57b584dd7eb0f0ebcfc2ce294ad042df07e273d323ef939fe07d8a0c3579cb43d70c88987d0366

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
f6849a7c467ea734d96b9466ba6e51e5

SHA1
4af460779663a9bd89326dd3232b1814ec73bdfc

SHA256
fe57947c3f8d05764e4175c0e48c74f18936abdab155881d4671374e354ae80a

SHA512
e789325b0a42b88668ebfd9eff9fb0efbfec65ef195036853c197992ee10ba054dfa538f4eeb13cce190920428ac9a29ede1735fd1350888e728041fa4cf3229

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
95673e9500ed5c531823f44cba44dc51

SHA1
431fb9156ce8c91c826bf08407d62b8dd8f102b3

SHA256
75923189288410ee5c2b331532e8333b91611bb90364219b450b707317fedf6a

SHA512
982e20dc871f10b9e5880a0325ed5ef3edf45012cd95e5dabc14f8b53297b17b4a6ce014e9dd0b9cb6c58da48cc5e658b3067d95c2364a6f92a2425db2a3f8e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
11KB

MD5
39eca57045c2003e8dba5ca71dc75a78

SHA1
43f6527112a111c132d15ecf866084f737159ee2

SHA256
8312318637bf366e0eafdc922d8675179f3f877e86944c25e583a11fde2dfcd3

SHA512
94d59bde21b142f866c05a9907491801cd92bc2f018e4422031d2049ebf43af947ef011b51adc5c6790de2d6570b8ffc72b8dc5dbc02577ce9f2c3ca51d62025

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
15KB

MD5
8daf9c52ba9881515e0efbcc58821f58

SHA1
bcb7f5c52417dfcf6142aeaf007591e0ab850dcd

SHA256
77fbfb77b50a376725ce58ce445a926a7688e67d2eb608c93334cd924d51d67a

SHA512
f971d0d02883092fac5e4da5b099e13b505017f42a6641b061b10586debf662d5b410eb9f2b9bf407cb9daf23b7135d678b90fe78290135b2910f2b5464e24a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
22KB

MD5
2d32a74ce3c5818466b8f330c4bc9c5c

SHA1
93c83ac61e889b8eff3596236239df3f7041cb8c

SHA256
03afd8d35f5b67cf65e21db76e6acc003f00855e9e41c4241d92efe6a814c872

SHA512
ca5dc250f2b556b418f35310f716360580328b76cf69438acb2cf993f9320da9f6c5ce66844f8262324ed3bda336d804dbea34b9b8343b90afa8552fadc60f35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
25KB

MD5
7face95599111cf15155e5eb429d09e2

SHA1
b2dbf59eaecf58596b67899c846dc30380fe3f17

SHA256
6618c173bf3756201b77bb9d0ededff76a570ebf5d99dbd9a96296bb788706e1

SHA512
25a3c3815573b9884443e4436b940b797d3aefc7656ab9fdca82943ce02b5c2cb29ff70709fdc57156fc402005dbcb4eed0659c2ece00971e15553837d4382f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
25KB

MD5
1cabfc520b727724129b67181d404a6b

SHA1
587e842b1451376758cbd6c8bc9f6104aa8f1bd2

SHA256
365207132f1df17219554956235e10f48b50feeb4022ede8a98511d6755583f3

SHA512
8280ee7f31764b27e432cd23ec647b190d0a5eeeaa8ee473f45603e9b8f03f62607f9da17b0d0cb545b7643a131a2ea676bbcc87f04f7f8651a61d937066a572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\cert9.db

Filesize
288KB

MD5
6ebbca7e61dbed5d416b261a6b93f555

SHA1
f12934e70f06c7ab6b052b9f4b9b8bc9e0d3637e

SHA256
9d13c5b4482f4bb3d4a6a8975ae1c01066671f9fdc275385ce7c22de87e94190

SHA512
569ccf74e6753eb49b6d3ac700937ee49466badbc1133b9edfa0d16c6039fa343ae62bec48e42eab93ce27e1f0fc0b4c57e5340df5405309993ce7d135a629a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
aa77fc11c8f86a163648426769202a83

SHA1
c01e344d0829218ee71c5961291bbff30569ffb8

SHA256
4f5f1c2d57234b8e25086206adb44583be6bcc8d21ffdc2d2a93fc1f12abcbd5

SHA512
1987c5ed7729af8b9ad55064bf06a772a3fd7c69cf37a4693e7f0eb7359333250a1473bbb6a04e301235cce6c2eed269beffd2a9c2b6ecf2e8428b393ec268b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
c9f71b546e0cf8cbf7d06377f379f5ec

SHA1
c04e2b4cbb6b25616526e6906b5eba63cfd983e5

SHA256
840caceb042e86ff3815c560758775c6d9ea6df9cf5a891eb15d398f16ed4508

SHA512
d2a63355c00dc92b7eefde2fa24ddedb18292d3064b9eae5627e3443abea68a38ab3236e8956b4c45d0a173f3dfb48c4789e565d44e39e75c5fcd37d34dcebca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
e2139e8ec89df8492754082f23df688e

SHA1
0b185be9778158785e62fc97cf4e3c14b00f3151

SHA256
31f619e06ccd52e562e1ca6adffa8a3ca9b90db769b362eaacfc460a5839ed35

SHA512
5f12b6994c0af040bc8cfa3f69bfb8e1cf130c42df4fbb1f43a2c942f63fe1ab7e26073dca8f79f759963e22ebe46052dc0c97eca963ec28dc5d240f37bab485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\39df6c1b-fb2a-42f5-956a-c71ba963c6ee

Filesize
26KB

MD5
7b282de948aa01c335a76a7aeb3d31f9

SHA1
f8b57f381a3dce5f7f28baf35ca67bdc9afd74f9

SHA256
d4506f826fe4e67a03eb86c62597c9b20444b85cb5fc05ad3ef84b94df3bc2c0

SHA512
6b3ebd2d7b0f4584ccc2e6a7c1f250e287f4141d367ecf81ed8a9c87db2aef295ba3706bfec3d566db7e02cbd15fd98d854013b8d0f4a961be3e1ec5328a0b28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\ac6766d9-e0d2-48dd-8bdf-3eb8fa73b245

Filesize
982B

MD5
036795899a10878eca4e4dfc34065e31

SHA1
390d17fb584da5b3793525afffc8748d0471e02c

SHA256
3196c1264831ea91062bc99a328be2018efb103fedbd7e8074bbef6fd7f2d536

SHA512
63bd8454024ca8f159e1dfd9178666d541c65a1faa96d7e376f87a62d24ce24e0ee3faa6e00fc6bd216d693bb425d62fb7c2bfa56d70f0efd5eb266602060544

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\b23623cd-0026-4120-a191-7cc1541e777a

Filesize
671B

MD5
60f958fd800195fe9c6a26cfe388aaa8

SHA1
6f239979dbf57538e568cede7224e29d17710046

SHA256
53033d7648fa586c1481dd9dbaa8f78413faaea3a43bcd75c43f3e41bf2ed6d0

SHA512
6141e271200228c77ed9a5cb1448a898c2fa35adf625f0d8cd38070460eee052a573955e1716721a35add63cbd1725c4edfa40f00d8153052a04afd35a793d30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
11KB

MD5
903fb3acc967c2fc14a97c4838ebfee5

SHA1
a8e6d2587a3e1a7cd405cda688519ceea697cc8b

SHA256
2cab007cba213881a8f7e2782fe7d8338727ce712268305a27cadb0aa4ac69dd

SHA512
12dad7a13ef7d8a48f6ff1b7a274ef15a78e212b4169216723419b068faf408f9018afa44a7a435c993c2d3a3a72ee6e4c04d4aaad74cc24214ab2eee4a8d776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
12KB

MD5
e1b836af4082578403bc014531bb6071

SHA1
c9b7fdca8eb79e94dc7dd69b98b1f0006e636e21

SHA256
107ae76de4f59b6bdc8e06aa5404a91c22ceb438443142bf5785f631d9c4b485

SHA512
3390be792ad502e275412f1a22351d3e85bfca65b5c29cbb33fde7117d6b16e6574e6d98fac1e1db3549cc3793437f58c6f97993a30d17155c4c34e33a5ba2e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
12KB

MD5
3bfd2c409b05d55ce817cfc09792a972

SHA1
c70e69eaa4efdec4825377f0307c2ab0d2666774

SHA256
0a6d4f92f63f48b53f3b5da0759da6ff67a493d53b2307361505de791407db65

SHA512
92fa5104bafac2b76e066e9ffca45c1853292d959e0baeb61018a50b93053afbb0d1b3c8b85279628ea28a1df9c8dc72bbd8b4bc403f56376ea9ff3608974a30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
5544acddbdf4ab34419551ccf517f2e0

SHA1
5eea834aef9fec99da08c3ad19adcb85421b9eb3

SHA256
984ef01bc87e1f6e4dbc0a89fe89af33bbe8e3ff2fe3ac7ada6bd2fe4233d83f

SHA512
70aa8c64b1b54d03348655ea5061e5145849e766eba611939f0ad7bc61316d1da2affc3be02e37ec08f882ea18d0ba2f6a18ace03ce2693aa76988a97ea81a0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
5d7293b3c1837f4f0aca4f338e632324

SHA1
802636549c61c082246c6f2081174730e4263cd2

SHA256
6b40d939b93e9e8f5630a079b04c8d31754f976f6816d201fa00cb1159184ebf

SHA512
7ac90b0d866dae89e9521bd6a5ebcc552f84a711aec87aa1d7bb82da8bf17bbfdecea4d2b66e8e844640bc2f561087c23cdb35f2324549c50a3194fe3be9d7a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
59cdd97e89e7bf5d77c2c1938d09a6d6

SHA1
35ce683e592a47e38f5a9c764178340a82eed633

SHA256
8bde7ac9738c3696593994792eafc4b69037034422b854d7d1b537ab4cb86593

SHA512
f59b74f0abe50da3a56d203ae5058de7468cefe4607d754ac4f359fb2c524c5f7d13f75656105d0459c77bf4e47d0c6d10187578d8dc0087a672382bd9349003

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
67d840314bceef1bd37d88f91e48c2a5

SHA1
bcfa6cf0062769a6b1411c0f0644f29657db8993

SHA256
fc41652b037180f4d0e29b1baf26b7fe4676fade9aacb4514b181daadad4d2b6

SHA512
a58a11415c8249e97b3978c268aec8378463bd470da22cbe491f3fe3864f1aee8c177ef63b9a45500a6458160f736498335e466399e78efac0a0a801be2853b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
297061fd57a945b2729b5cb1331726a2

SHA1
38d6155a9d336311fa2dba343fe70165b78e79f3

SHA256
b339079549f9002b1317554834dc1983f2443e52081dc8f1f9f0ea35d560f73c

SHA512
cd1febfe8f59d3b526d3badfa6472866f7e4b930bfe45a603cff95463ad52af8e4166a5786e6140160d933efe7db71e8500f84ffaeab600e1ba52ff74c494164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
835a3c4500856754dce68bad82da4c0e

SHA1
7d8697b723e3544de4331d04c9747a32789698f4

SHA256
83ae9c227ceccef8aeee337b6e781a2576de07685e2669eb02f2b48138fa3d14

SHA512
1264c23ec9fc30d7a226e01f03b51cf4b1f04b243a567cb47f8b48f808075a5b4223dc411552e5bb758922e4e0715ee3459209c5e521c1e61602de9948d46040

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
370b873dddcdeabeeefb103d9c174ef8

SHA1
a8cc0536b22697b46ab47cb6ec6b02370329f669

SHA256
c4245cb68366d5f340e20f61ec737a45d84346701d1741a675f67a45a731904a

SHA512
917e211dba8ec71def9eb2b69f5583296373aecd03abbc914a55f69f80fa77c04bcf754d9a20f7d7a7c669b35ca8e495037e327f4c6df2a477a2dd11aadee575

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
8a09535d0b9ef0bb39b5d16d226970f4

SHA1
f71732d6b2816d62f32191e74e8bdeed5b444d3d

SHA256
0dbfd9d243a9ae62ac99caaa20f52c1a422203469f9e3469d7675b1b4e06d941

SHA512
e34dcd0dfcba6fd8416b21168561724a4431eb726e280b1619cde6afd1454e272d41842abb798ce326de1a93d358ee14c9be99192974668e142a8d292459ac5a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 159937.crdownload

Filesize
3.8MB

MD5
e3a6a985899b7b14de0e539045fa8856

SHA1
1fdfc2ea75c2f52526dfa96834ec2f383d0c02f8

SHA256
30ab8dea3f9af09e931fe9c72cc52c5a1a69ab6de752f20d13e465c7a4bda6d4

SHA512
7e5f43999a1c4e46134446a259604fe9ea8d3c5688751baa83c33fa3d104e8ef2a35e2ac3c437d6ab98bf8f74696508ab643ac6030ba63c9aec7c219441ce451

Download Submit
C:\Users\Admin\Downloads\eBWzDIYH.jpg.part

Filesize
8KB

MD5
abcd67add008164a9e8a6fdda7c44110

SHA1
9dd2e268b07b080a6c18df73d5313e4b8ca1ef0e

SHA256
f31abee6629248b05f89c5b8d40f3180f207c0b5263a1dccdbcb5a9b65f27a8f

SHA512
d3d55e8cbd198bd3c5c7d76e47774aaa347413ddae78e1f17cfccb2c99ce6ce1392a9747b551d526fe272a12ba6c7a5819d6edb5df9f7c3643bcc0cc70e1c23c

Download Submit
C:\Users\Admin\Downloads\media_images_grubyptok (1).jpg.crdownload

Filesize
149KB

MD5
26a2c7b4bddada15f52a82e4b8a1a4a1

SHA1
12d0ffae14529df8e771db4fff4e13b6ba56008d

SHA256
f9197ec99fb6cfccca9b5ad6af20c455f7e0b5cf15c9baf197164b2e6f7bfe78

SHA512
b99c657f18d79b8154752d4c995d8c768bffd6a0358eb5be7c2cff9d26dd2946c59c64fd91d70fe8cb3417dd129d288c474626bebceb6b54d8566cb0c5d469c5

Download Submit
C:\Users\Admin\Downloads\media_images_jaczup (1).jpg.crdownload

Filesize
63KB

MD5
7625ec198fa4f96f2eb3f48a9792ca98

SHA1
e1b255e4029ecdca97489d39102113fe6fcd6cf1

SHA256
25539eb30a24e86165f9611f8c658617a3ab337e6c683ac788d14e7172152ef1

SHA512
598dfeccd4293990061cdc6117e96ac5d133ad60766fa81431341caa255ef3ac620bc32b7579e9a67eecf78d92d04b11015b3f37aedd1f540a246d066279ff44

Download Submit
C:\Users\Admin\Downloads\media_images_kichajacyptoszek.M1q5DcG5.jpg.part

Filesize
17KB

MD5
c29bd8b386bba1a7e8ed0da79f102dbe

SHA1
136679532c19ca2214caf7e9a47d50333da89f76

SHA256
de9cb9fb63a1639aac155c472ebdbdf4be2adc405624390759f621ecceb71d24

SHA512
219261fb1b5ff29c559e12fb7a21174474cb0db35f954dd5bc87aa3303c9627ad29c63be38081883a696b4e00cbbebf14aedaf9a035717a5559380bdd1794b39

Download Submit
C:\Users\Admin\Downloads\media_images_ptakwspodniach(1).l5fNcfXn.jpg.part

Filesize
46KB

MD5
9987455160273726f5894678429d5abe

SHA1
5291675ba62eb06953ea2543d139eb8d8ba1dd4f

SHA256
1480e09300dde94453bbf45950edbd2bcee237629c59c4930ae3dffa675ca75b

SHA512
75086a0cd7c6768c1a004871ce73e2da80a4b8b55134a881729b81067610e5fc61b5db5d9f4c1840a55f7fa74a782a8d3e33df10cb37c3d50eb6d6a560e1ae1d

Download Submit
C:\Users\Admin\Downloads\media_images_ptok (1).jpg.crdownload

Filesize
4KB

MD5
0d9406f22c33746ab08f2ae809c4e029

SHA1
f85811fbeeb303d78ed6e029593fd80ab0c15ce4

SHA256
7b4efa4e224f9a9befa780cab54fc03cdc1bc6d90d78dda68856c1b91e26b9b4

SHA512
5d047ce63a638fa81cc526be6feb755a53a168ffe03abf602d5ab084bd3b89c93e05bbe9edf4bb42c0f960765d264272a29bdd44d1b4b1b7778171ce9fe4edf2

Download Submit
C:\Users\Admin\Downloads\media_images_zimowyptoszek (1).jpeg.crdownload

Filesize
221KB

MD5
d022efd45e61d3834c4c04d1592ad8ed

SHA1
d021d763e742b2e859d5ae2a6be10615bc65c198

SHA256
8925047466d708bf7bae0b1ddf70c302790f4388b2c747a03fe769e8eb8da39f

SHA512
c80b5b7f29eaf1c7c9a78661cd055b54316ca70bef6737e11468bbc66bcca1eb7fc05ead65b238094aa026e854f16fd12f3384818342586c3cc2f6814804e917

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
1b99e9c0b18a8ff11628c78ae7ec8b22

SHA1
1c7498935760542ffb55042b1107b187366ab867

SHA256
16a6a0ee84ea6ec319455a8cbdc0a07d9cc6611e82990f9409693540e33e4cb2

SHA512
4971dc65ef122cfe0f2f692bc9e51a1155528b54de464a70803166e55e3c36901615e8d56a73a7628f5ad2e805c0f352a93ff6a8bbd86ff4a9f06573a8f994c8

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
4942c4c797eed6534d0792598d08fbe7

SHA1
66be92c5edc30be7c9788f62396db6b5e64dda6f

SHA256
bc26b6153689daf93433103e32a3cf4bbcc4db3e9fb86a6fc04e6d6b81377fda

SHA512
db4d5f96662252219459b35e26e0ed21bab96369062db35bc98c320d1222ce4fc6ff46fe780c80ff17545cbdae791a5b336aa2dfab9f494a365a15af64cfe6da

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
6a8ef17f2fe9cacfe23e81d7409a3abb

SHA1
7c13152fecc4bcb0a87a7b74295cd76e79c66025

SHA256
a8136f466aab7ae5ec676bff17c64a081ae5fe68de080f9f1cc07a1e902e7d0f

SHA512
a0a2112f7b71cb71b7476aec1535b5d3f4505e426e7484ce413a7a123b58aa4dd164fa6f2565bba7a4a11ee27c3252e9b06b7c6851f999e5164153cb0a736821

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
134ef290d60394e43e872257422568bf

SHA1
51bc930c102728866e0782014e29a117d07467d4

SHA256
59ceb15e1204242d95ccf8774e928507c8ca0f7ef390c03a07b0fbcfa85459bc

SHA512
ad2b62d2920cd50a6fc170c15bacfd58e817e8f8b868245fe9e478cf2bdc985ceb745c7f237eb0bc39ccbbe2aac9197dcd9643b30aa618d658f6df417e983a88

Download Submit
memory/3172-3151-0x0000000006FB0000-0x00000000075C8000-memory.dmp

Filesize
6.1MB

Download
memory/3172-3145-0x0000000005B10000-0x0000000005E34000-memory.dmp

Filesize
3.1MB

Download
memory/3172-3350-0x0000000007E40000-0x000000000836C000-memory.dmp

Filesize
5.2MB

Download
memory/3172-3152-0x00000000062E0000-0x0000000006330000-memory.dmp

Filesize
320KB

Download
memory/3172-3153-0x0000000006B00000-0x0000000006BB2000-memory.dmp

Filesize
712KB

Download
memory/3172-3148-0x0000000005A10000-0x0000000005A1A000-memory.dmp

Filesize
40KB

Download
memory/3172-3146-0x00000000063E0000-0x0000000006984000-memory.dmp

Filesize
5.6MB

Download
memory/3172-4987-0x0000000001040000-0x0000000001362000-memory.dmp

Filesize
3.1MB

Download
memory/3172-3147-0x0000000005880000-0x0000000005912000-memory.dmp

Filesize
584KB

Download
memory/3172-3144-0x0000000001040000-0x0000000001362000-memory.dmp

Filesize
3.1MB

Download
memory/4664-700-0x000001C449670000-0x000001C449692000-memory.dmp

Filesize
136KB

Download
memory/4664-711-0x000001C449C20000-0x000001C449C96000-memory.dmp

Filesize
472KB

Download
memory/4664-710-0x000001C449B50000-0x000001C449B94000-memory.dmp

Filesize
272KB

Download
memory/4812-4974-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4973-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4972-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4984-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4983-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4982-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4981-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4980-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4979-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download
memory/4812-4978-0x00000210CEB90000-0x00000210CEB91000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads