hxxps://drive[.]google[.]com/file/d/1DyPQBgOXdxqnRUSgciJhcZBzcII4cWjn/view

Analysis

max time kernel
626s
max time network
631s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-09-2024 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1DyPQBgOXdxqnRUSgciJhcZBzcII4cWjn/view

Score

8^/10

defense_evasion discovery evasion motw persistence phishing privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4316	netsh.exe
4408	netsh.exe

Executes dropped EXE 7 IoCs

pid	Process
936	MonkeModManager.exe
1420	MentalMentor.exe
5480	MentalMentor.tmp
3576	7z.exe
5720	7z.exe
1620	7z.exe
1180	7z.exe

Loads dropped DLL 6 IoCs

pid	Process
5480	MentalMentor.tmp
5480	MentalMentor.tmp
3576	7z.exe
5720	7z.exe
1620	7z.exe
1180	7z.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
5	drive.google.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
232	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MonkeModManager.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MentalMentor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MentalMentor.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	MonkeModManager.exe
Key created	\Registry\User\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\NotificationData	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	MonkeModManager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	MonkeModManager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	MonkeModManager.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{4EFE344E-A8BC-4132-BAC0-78FCFBE6E19F}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	MonkeModManager.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	MonkeModManager.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	MonkeModManager.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	MonkeModManager.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	MonkeModManager.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	MonkeModManager.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MonkeModManager.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 516081.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 354059.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WalkSim (1).dll:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 585838.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
2272	msedge.exe
2272	msedge.exe
4176	msedge.exe
4176	msedge.exe
744	identity_helper.exe
744	identity_helper.exe
3664	msedge.exe
3664	msedge.exe
844	msedge.exe
844	msedge.exe
4996	msedge.exe
4996	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2308	msedge.exe
2308	msedge.exe
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp
5480	MentalMentor.tmp

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	936	MonkeModManager.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
936	MonkeModManager.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1988	2272	msedge.exe	80
PID 2272 wrote to memory of 1988	2272	msedge.exe	80
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1432	2272	msedge.exe	82
PID 2272 wrote to memory of 1136	2272	msedge.exe	83
PID 2272 wrote to memory of 1136	2272	msedge.exe	83
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84
PID 2272 wrote to memory of 2704	2272	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1DyPQBgOXdxqnRUSgciJhcZBzcII4cWjn/view
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffed58d3cb8,0x7ffed58d3cc8,0x7ffed58d3cd8
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1976 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Users\Admin\Downloads\MonkeModManager.exe
  "C:\Users\Admin\Downloads\MonkeModManager.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3524 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9696 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,532961091398858844,5451186400693405994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Users\Admin\Downloads\MentalMentor.exe
  "C:\Users\Admin\Downloads\MentalMentor.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1420
- - C:\Users\Admin\AppData\Local\Temp\is-AVPVT.tmp\MentalMentor.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-AVPVT.tmp\MentalMentor.tmp" /SL5="$190222,2487297,845312,C:\Users\Admin\Downloads\MentalMentor.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\zip_libs.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\zip_bin.7z" -o"C:\Users\Admin\mentalmentor\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5720
  - - C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\zip_lum.7z" -o"C:\Users\Admin\mentalmentor\luminati\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe
      "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\is-RHCI2.tmp\zip_html.7z" -o"C:\Users\Admin\mentalmentor\settings\temp\inst_gui\" * -r -aoa
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1180
  - - C:\Windows\SysWOW64\netsh.exe
      "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\mentalmentor.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:4316
  - - C:\Windows\SysWOW64\netsh.exe
      "netsh" advfirewall firewall add rule name="Mental Mentor" dir=in action=allow program="C:\Users\Admin\mentalmentor\QtWebEngineProcess.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      System Location Discovery: System Language Discovery
      PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
43KB

MD5
edf3b94d12feda9fec733db26bcfee48

SHA1
b8a381a326bbdcff3e6cfca8c4e2951bc75e3084

SHA256
1402cb49197f078fc86b8522c42006091fb0c091922f420f78c6e1728e005adb

SHA512
7f8fb7d5de19adf67a504d81fe504430aa8a9da1909e12ae15b0f02aedd0ec732e6225742cd1afb054e29a3f6819605b1ddc0835729e176fdd4975fc71feb17a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1.2MB

MD5
c764a116bb5f3b348177ed1b293a515f

SHA1
10bdbd5398f0e8bb180bc2773a778345529a0a85

SHA256
63cea794b8bda830d5c18a6ced98cd2ae4f6b27be723af8de0b3fd30bc56e5ba

SHA512
b33bc90182b1b40163abe370a4da6fb81a169bf11a2235c46d350a66afd0daff29a1e6959dbaf9fb969f4d32bbfd2de5ee084e6f8b8f3d3c175b6d3058306585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
19KB

MD5
be7311af4d9cdd2cd6f6eca3c85392fd

SHA1
59d952850799a78ac8c7c8624b4edad114442331

SHA256
97c43e1389ed10f4b75eba83a0d9ef09f87c9e0435eca56925b34037029820f5

SHA512
a1049203b757150e76f11fc1a91ba144a6feda1e0e694abd54ffbbe9e3ed9929d2b794fb1cfe919e09a33aea3fb85da7a11cb8431bb996951e517d8c947d8d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
104KB

MD5
7651b1187bb58ac4c7be625337b35e5b

SHA1
307d969ef4137a66fe2793737dc1c546587c7f43

SHA256
0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968

SHA512
a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
31KB

MD5
97bc6cce78624fafb336149102ff05d8

SHA1
8e2bc2f17f66ba2306f06359a4a0e0418c8f93f4

SHA256
1cc09631299956a2d14d375fe0ffba3a17922fb48ef3853b3ec927b9b80ea322

SHA512
d10d312a7485df5d8e7bb5afc746dc1fc60c9aa031445d8d1603e3db7cddf88d6890a2742ed9cfee905cf6644ec135d0773871be02bc9f72d1f347a6b4419a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
135KB

MD5
a67344072f269c36916e76873742b923

SHA1
bd618d34b5b09c9b6a2590ae1f043275d9bc29e1

SHA256
d9baced4ce7700bbf1f67c668f0f41b357484eb0432c1fb1f640a5e17ebb4c4a

SHA512
d99f43f800ec15934d69c4a50c93e046e3c872ef0fdb9078a9b82f08a82f848997b3746bc518f94d4e97045acedeb06d6a53b6a55f56eb43cb3cab72bf45adf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
da0e2c5614bc4d65baa44fa5ef2d5429

SHA1
9cb12bb3fc6f29c7583ea5d2e1c7676c752127d4

SHA256
d74e8edeb6f4ac85e33ebb440c60fec73dda048d15e869ad443242a8a946b2b1

SHA512
33deb99c76f87a941ee1d0dc1e94fbc77a321e877bbf3a4e88627dd64665093ea4de83dc9bc98029cf0dacc3758d04ca44e5e2407f6418a750300eaaecc8c22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
98KB

MD5
1288c4ce2ae5e9ff0e59ba227b64dabc

SHA1
ff6c4f1e57d73ca9086eaa2ac269a9752b69dab6

SHA256
b048df24a5d7aa7299831b072e3d0541433bfe08ed6c05b884efa1830489974d

SHA512
ec84a43954c236922ea31f9f09713439b6d04e9adb8131c5a1f04f11838c20f707bf2cfda9957af8f4ff7042659736ae93b5e46a0dd47323f53691e5e2d399e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
26KB

MD5
97a3bed6457d042c94c28ed74ec2d887

SHA1
02ce7a6171fb1261fde13a8c7cbb58992e9d5299

SHA256
ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67

SHA512
6c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
135KB

MD5
6edccab20315fe0efbf9a1e98120b88d

SHA1
82a6602bbf926ca69035f04e7d3100796ca826bb

SHA256
8d8ab21adce57b1e1b0c449dba3a176057aa95a80d40a703f622d2e2a43618d3

SHA512
7abd100b9d9e869e76a80e1ebcaf442e0530de6ec7cde65d1966c774412ceae0d779a730f4946700f93f2e862f3679693936202bcb036786c0198d9239a860fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
149KB

MD5
a2eaf012b39e663d78796aabdc2746c1

SHA1
05dd766bd1f4f0d94be217131735301b4a138d9b

SHA256
0d070a9b85b46309f2686e6a0882c4dac07fb6848a22bb7985b2d3fad2ee0c64

SHA512
eaa0cffd4ce4b9213d31a883b821da3d2ab1cba62ef280ff843e20e11e6e36bc9713d783b5c39a9d5a79b28289674037b6bf3e196a611122255893052ca7c532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
83KB

MD5
452967eafc8c5b4a311e8d9782df4e7b

SHA1
dc2ecce444d45054174705476e25ad04c798b612

SHA256
9d2f92f1b7d724df8d0ebaf817f9197a4e76e0307530394e43ef1e5f061d384e

SHA512
ea0d9b684a5f5bdc1a4eadac1f57aae98e0b20eadb16b78f859041b8f88a5837aa243b70ed2cfa165e8a2b3a9673dee0b9c1e9c5094ad2e6b604231b1e604ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
47KB

MD5
22c1cd214fab875f74037c48cf170296

SHA1
8765fa0bfe7679f200fde367120a3d47f4cc4885

SHA256
50bec4b725377f767e06664abf5a136f36f52280de9fa68b4da8122ae7d5b24e

SHA512
a74662ffc49b8ef99b5e34a5518179e146bc6d1651a923525c005b7f86495477984959cef74742030d322a620054f3761b943ddecde259cc6938c4a16d6244a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
79KB

MD5
16f17e18b12e5256761dae88ea050404

SHA1
0e0abb17b0dccaee017a4f4346f47a64a3edbfc6

SHA256
916a1be0a004de903725e3f0dafab82c573e851482530e85aeca8e2d658dc9e4

SHA512
eb484c38b88772ede493392cd45a61522819430a7355682de0261e38c8908f66ee624b22d71455f92404b27d3b6b877e47d502cfd1f761fdc704b9f9b7746671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
27KB

MD5
ac4c4890fa7b92d5f076e94b226f42af

SHA1
15af973f75d3440b01f9b849d8a2ab7de4dd7bc4

SHA256
a2f3c4f186f667d67c725d82bf27ccdcb0f760447fb3ec2abed61f2107105051

SHA512
cd38b78aab26318c948e583ed3db13c21c76c9d83141f3ce5c45a3c74733e6e9e1329ca5afd4fd8910bc9f9536143ef491e74c04e10a5a38734d4c56d26e5c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
18KB

MD5
696c8ece47e15e302554fe086e330c04

SHA1
5d0412341c4c7a2bab32c7ac356bb27de2a9b495

SHA256
99c025a793675e623694e4049cc05f7cdd12a6f457de08750b550b933050e55a

SHA512
d8f9252679ff39d8be3d0e596c661ca23a5ae304b91739f96127fa010f701ae9cce68f3ca6d007d27fd3dfe3bcd1ef1834021b3813d312a0afb9b056ca7e20cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
63KB

MD5
a2b03561cabc0d346e9a6be3f5b11b5e

SHA1
ba0aea2acc1c20700c4c09c5b2b8d0bfbd33ce6b

SHA256
09588f4db755d8d88d9e521f5189d97c2ac781ee7ad782bb0c644eb9f69feef1

SHA512
3602c58bf569bbf22d2a559f0a62c4ac8d6c9868dd956cf0d75d694d104eaf2f82d22c9427636a46ec82cc24e758ad1eaad75fab771ce843308c1b2fe57c6ddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
27KB

MD5
9e331ce0047e1ddce1a5fde4d1ab4beb

SHA1
e95e030df85245dd5522c3549f6e70a0ad98d953

SHA256
9f9a8ac5aec6be1b9011ca8eb7824aec91f1e48bc412b9e5cde3e54f2135e250

SHA512
605b38d8f827c057cb4024a6c60315d96b4526c7df8726ec88895961d9c408114e4d25abab7c1ac686cffdf3b297ccce39507db35ba809bbecdbd77c59a9085b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
20KB

MD5
8108e5126bb1b9aaa660a7e5257e914a

SHA1
bb5749f62f3005fb718f7c1105a747343a47b78f

SHA256
e4c1b8044c9ac5c2de3c108408d50e218a4a7a649e1f28ab172fc70953fe8108

SHA512
c8ff92765d692ebe176676fb4a7dcecd29963d4770096270b7fd6820b91bd5b8b5e61a643c7fcb045b80b036b2e1d69d9929876a42e2d9b1669a7376384613be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
41934fcd3bffae9798a9c9943bdbe576

SHA1
e37c2fc730fec57aa12281b32cadc1f927dbda42

SHA256
da2e26b8d1d7d38c988e478c7ac2094cba219bfb4da059fffbad82f49bd090f4

SHA512
5554931325691ab7051a4cf394d26b8340f32bd4fe03b1d256d35bda3c9a60c23d4f5e70fc8f59185838e597265b3664657a3e7f9ae9b1e02045bf2f71d15129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
4KB

MD5
bc8c2d7f72efa5f462417ec922f3d175

SHA1
05e99fc667785306028e43a39547e1d63d6f2ece

SHA256
ad4bc3a4adbe774055f3335c443d1b00bd1a89a1a39452937566789bd960dbdd

SHA512
9cf46f783f08ee12723c83552eaaa465b25cf8003001460536e8193f261ccaba6c6bd3bd10f7305ef827f42298ca00c98f4d1cbc36d3206269914c93d4382261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
e35f03d1eb54682196f02b32694a0501

SHA1
4de858b84337f89653460768060f9599826c0528

SHA256
f52e32d364eae9b90c107af5d7595a88b8dcccdc3a4dc7f18350c0b2101eb6aa

SHA512
64972b3d8b2ef22abfd1b5b9c0ffe1e3b75418e57d56bfc085f4d2439b869555d66d9c05a8c73ee0c276a174ac7ea09f7ae6880041d5b37b04162ad798652e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
d20deb5f885883b8dbea3e7cab0c914e

SHA1
5c909c0f8e92f62780a46aad06ee8243d8fc9355

SHA256
e590bfe713f2860eb2a5e7bf62f267f0aac79064784f5d516bf4a24cde90af4d

SHA512
c75348983afbe9084fe19a170a06ae78bc491dbbaab2d3d0233f27f9cf507ba81e1d5a256802949215e8d9d2efc9284c591fa73de021ff29396cb30c1e3d2bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4545010b9c4b344_0

Filesize
7KB

MD5
82603d00a710ee234c61241ca215be31

SHA1
277f39f13ec9789099db15258ba3c3b781fbdc05

SHA256
bd8c2428f8e071298ca1276fbf31a365d25dabbcbe42c4ab2b43f612fd4caee4

SHA512
5062b6376faa6430537d45365591a7997bf8aaf1799112990048c5e94bb8fca59e0e18d9221fc38987e82d356258046cbb6ec2ff4ebb3d3e1ab2680866a02008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
8ee32fcb3cb888049af8385c56b633ab

SHA1
ed5d5631b996367225f9a788ad998f991ab1283b

SHA256
f396aa3027f583a6aac5cc55b382258425216cf69ed918f6dff163f5b03e3474

SHA512
c16e45220104259467ec358a5e08cfe9c26b5bb49e7bda84811d5fda40462ca828f0e7e8613ed5ece73a605ee5d604c1b1fafc3cc5bd88425327bec90416ec1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

Filesize
7KB

MD5
227a1fcb19b1f84d677fcda21d564a91

SHA1
6f14e836a908aefa6eafa417a1da6de7e4e269a5

SHA256
df8416318d24a389a38775c4834b062fb7f475d13ba56c5c95bda74dbe0a2924

SHA512
b25755b38f2c3c0eaf4ef40363d2095938510954924af058ecdcd164fa0b2df371a5d5cfec923c95abf75f7429cb83bc91247ac59b4b4a01fbe3a393b43f13c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e5b182ea7ee1d07ced266053e5f302df

SHA1
fde466c08bae118dd9a311025256874d6d6fb4bc

SHA256
c07dd612a843d4912aa6c112115b8c9956330e1d144a891957856b1768c0f28c

SHA512
12b225d97d774d612e11facb14ac41a030a6f60afb985e088c89880c94a5bf577218491b576e4c26302f5f50264f64af7700300da3b8de8a1cde61fc26e11b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
4088ea24780afd88a6add8845e9e7f59

SHA1
67b5f98e96c1a5782c0f80d989f0e76f52f6dcc0

SHA256
730b63b02ef2e16362cb5304b649b784ad38c33e95a67042c804b4b37b7856c9

SHA512
36d797fbd4cbd443742f784af30b43813da26364ac14070ebcba7788331d0076097a0046f429cfacc30ff38c22300da4a61b95b57db5e5de179028e800faff2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
334366990bedb2aba708833506c74e8a

SHA1
3235c510eda68d44b61e37eb3d8ae90052829408

SHA256
af1952f6754970b4133b22ee036160adb2e7bb36c6fc3d36271149c505b663e5

SHA512
061f42dfcd5cfe9e28bf20d15f6034164d690fd96d620222e870678a1ac79432b7cc9f8c4b0f9e1ede59a2754f411e79ab93eb9954a445528d6e2c137c1fca9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
80381c200466c35cf0de191df341467c

SHA1
6a7bc71cf0eb7663dfafd470eb84d4751978ba24

SHA256
9261d12dc2455fa051b25dc1a02f949d12b214270fea6c99d74de59f6f9f435e

SHA512
8b5aa7bcc8a6cc39b4cb02794b4f652cbca797274b58947faa19894238c4d998fa0026c50af4f61c1b17d505245e0238c7f858584ec459f1807b1f62e2d26fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
7694c8891ad7b3c69fbd0f3b321452ab

SHA1
27ab61b2fdd8013b4c9c849c2e473fef2996b21f

SHA256
b2893286d6d165de4406178fa71631b0a5a0a124932fa117fc06a8c716dac93e

SHA512
3203d2c9bd1113a60c28782505964082c9b64717f741e60640f25159abcdaa98cb20d888ace7608512aa8a587b9376b2087dc6a8f320db964d994ef5a4f91434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
f659bde646575b61f97169de7b245b56

SHA1
cad0b771b9eb86f407c2934e7e7d3eb09e82d109

SHA256
b164c891f7508af7055acf83f4abc17607f71eeede92f988980a5a687024ae9e

SHA512
02a242112b56ca0ab9b3c2c193130b6558bfcabc9dd2dab8fd4f148afaa843f423fdd812a0e6dbd4ff6b172bb107cd8b42cf871398e010c29a2854413b2c54c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
333f4d3bba0e465063d6474c3176a777

SHA1
0859df8fecc0edbc86670ec000f35461d4f4f382

SHA256
aae0857044c701674b5a0f84482031c878cbe70b43a4e44ea07c40d78051b4f0

SHA512
eb4947209c779bb228e1bcc7904727fb5b09d3240b8b0ba510decd989b3bd2800ae4d86649f2f1605b70421e7a108948e897f2a841168b6ab60e2332a5428520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
346bc4556bd2cee1c05ed4340d0b3834

SHA1
157478811935cd056e98a3f1893c882576a4b47e

SHA256
d5f388a35bb5dbc346063b30015b827ad2d32d48f2732581adc5d167c21053cb

SHA512
64ecb0130d3c2f4c644d1c53a26ab8b6ad241b328e680f2ced20b6abc81fa8df9dd00baae13942b07db8b1581f6b360ff07ebdc7b213b7d2867b4e84c7b5d068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
bc426aefebf0adc8e59b738300fc3ee3

SHA1
8caa4ab349faa5c35d437d3781c21309de1a7f15

SHA256
eb1d02e4aad64fc5718005d033d97d0fddb7a78efbe4eb5f705b68effc89bbe4

SHA512
0f57c06bec11f3633d8e3c8a48e654dbdbc7b063cf3dc1369d16bd13754bc900aefa55ca81147af376f2c5fc45fc163f370c1442ed5e3042aac2f52632e12094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb3f876655c7b899071f5a1346b7280c

SHA1
c302b8c434bf7a711d37dfd13ad6b6b1f6074149

SHA256
708827a8fb74a1cc128e4cbcb7cf21286caa08eabdd6c08c91540229cbab4297

SHA512
67c5d77e53f07826848596871175b37facfd4eeee91ed7f53d75ee19813505928c0e12b5f683474fec9c275c688240c45a36d755fa9fc9b618dd14aabfe542dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d82a6a34ac5ed7b3a0ef03616aa6f90

SHA1
fdb3b44beca46b9946e317fed9e7e578b50e3541

SHA256
fc4529be632ff5012990d1d1fccff34d51791223328669131fe2e0878547774b

SHA512
69dd286d16b2428cfa67d198e06cbbdd262517560b96e616ca65862d7759ef28401fd8fb8a13d540392b5360eb1ff4f743f33cc1d8ff0af178da4381741fe4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ac94b88fb7a108c0ef91dd2e6de87e4c

SHA1
afe4fdb9fe7da5246244f162dd2ff3fe898de224

SHA256
3ec4afea2c7e44c830850928ebcc31440e85300a2f191d584d1c92a73e40c264

SHA512
df9ad920e60c385e8e698275f767e9e41e4504b0beefdc6332df6495430fc788348facec34d907ae0b130b819d27b929e8d5700bbb5edb03ead5af78622e2bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
29947b4f62d50cc3b26d4037d25da610

SHA1
694a9572d3e0f9fc70ca3afa15c00309e9a1f531

SHA256
7a1dfc53154d1c30486c0a2aef6b1cce4b386b591b797bbe44b466ef9feb96ac

SHA512
9642beabb663a36f0b2f220ff4ae113e32dc4b4d5eee1519cff5c2a6594ec6c6eb334ac031b54742d360513ae7d69dd7ba269b9fd2392691446f9fe4c5026004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
3faf3b47ba57344644b4a45c873ad2ed

SHA1
c26f6132757cdde94941f80104194b5c70d2c63b

SHA256
0d650ae35e24e9ee43f6f1ff14edf960452eeb1597c898c5b26a67328d198bcd

SHA512
34f40e0042f5505e837609348afa424797e82b481edca0b8832633314ad9160844679a3822ac9c8878d071a3fdacbdf6ecd1635b34c88d99072b43f7d5b2e571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0a563cb16c3af23b1fb9df21b91b90c9

SHA1
6ff2b0a611255bc55b523575c414477988a329d5

SHA256
f9dba71b3e214c83becb344ea954c09f5c76d37376d8426c4573a9178dd86a73

SHA512
d3aa51d115568d83e68caae135b9fac4e178fb91503ab7e4b04ff260492bcc184c5e4ee042f8b1b3396cff6abfd1ea45efe4945e97b54f66ac84878080afd11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5dc4235b4f5fe0134a8d2d457896403

SHA1
1ae336b7eb6b8fba8fbf582d949943c03b9ef97a

SHA256
f54a8790885603c16085366232ff0f04d038b20fc3f77e2ce3d04289d436e61d

SHA512
751781ff0b0656b79b34c8bae369ab76afa63278a9370c0b5ea0e0791d76bcc219d7f01077dbf189b34dff9d241d6a4fc0fe89098ef143ddbe250ca282f5340f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
81418e3891bf8db903f47c1adcc20521

SHA1
de0f4f9379621b8efda33c7da3576106f6ad5398

SHA256
5d8470482dfe2bac1db345f8001621abe7df96ee6a502ab23f21db8cbe5a0096

SHA512
cfb58673a8739b8836f124d969653d169eebc2904068effd83c4bc107ec092ee4fe2a1d015b2fa94bb23646ab6302f3812ab733a488bd5eac9e69d6925d11f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c83d54a7df8b1320e06602199f182433

SHA1
e12d4b5ba83982105d7093b622a9d764d5b46106

SHA256
27b04907970200227b6263f6bf7f2609e9d71ad74ee25302f6cec88d9ead117f

SHA512
93ea055954656c996c5816913d78c1860b8bfe2c5a182cd9354cc5bed9f7acf2c7a04ce6f4fd056f30d2eb91aede645b7eb7be0591b71bc3163771ff157b55fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b3fa34f60bfba832968f62c5e4b5daf0

SHA1
5b9498d0d49f08282d177086040b929a6a2198ed

SHA256
6a3dac7240baf19167a81d4cd113667775096944afcb76896299950c4e9361c6

SHA512
6114c154f2766679f031add5e8411929a13cc21e0db92d39516a0a3bffbca20ff0ebf2e3079c3f37546c6add77917ee5fe73f290483e1f28e0b6e7e808e02254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
cb8135c4feb65378588cb3cfe0a0d7b8

SHA1
b646c71b48bcd8f519fc65d51a001c638db91949

SHA256
a92fc0122fc497fb994933b052dbf7f8ff41b47bf6f77d275e26882788202aba

SHA512
9adc25a621739223c290fb71e8d6141daac4e028c4e68a54e60f036022e455fd21a35be9e04ae64525e5f41ae0974f68192482467abddbedd4bb287aaf76e2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d9d320d64d4723d26624d9bfcef98c09

SHA1
902390f2ffe984c954a62058847370329db7bf60

SHA256
6ed3584b7a21a7b1c6fd6ca9726a53c529d17e849086715812546fed4fb3ba0b

SHA512
5ea0d4c1409925465d01117740f809d3bc74dbfae7fc023ebe8e3182aa05eb1f71332b38f5d38c48d163758b4dfc18b95afb98fe6cd97b8c8128f2fa254c2f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3442173fc1d4d0ef5abba9f5e81ef9b1

SHA1
7c3c134fe98d2fb25404265226464a575f2e0a9b

SHA256
c79089dbcc8e90133b82f841554be9af55d6da887667748e478160f5d2f8c20c

SHA512
e87a3514f0290751a246d3713424d21b01ccc933aa282fc231f905368e309018ef551b6059072d50976edf489e3610d7a45cfd8f71ff16ad59044bcb839bcfce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0ef0ce662383fdc1d7e5c4c2ad4f3066

SHA1
407a8b915a36db862cbb56f5258787a1d119d6d1

SHA256
8a9d4ea92df19572345d28054d8ebfba744478037bb35c3c0da9f3db831ca7a3

SHA512
3c98af1170196d78c4f78024a2517373a9ce79a4b8dca0d6e504bef66401a1ca7f6b7ae20fc17c3185c4204baa375777b4da3024231b9a6617a484da4d6e72dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7fe681499882a714dc1bd2184f73fbd7

SHA1
dd1a79c710c6e97a888210289f50e61174d553a4

SHA256
3dafd07448460ec3a93bfc7b8be15775c52211dc39b5b559fb9e9251a34fb198

SHA512
433bae8d4f06caa0e3d8b984e2bc8ffe40fc732cc0e8733c6a4745af7b648b0ea340aae2e26b79842306999f7ebb0657c4f60494058c1859264dceb1a5227f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ace246c13c4f1fc1ae3bfa6e13774c2e

SHA1
af07e8cfdd401bedc13770af8cdd31953ba0c430

SHA256
350fbf2f2f68cf0cda2ca5e1f6ac352c7be80c41cb58ed333d8661d4157ba454

SHA512
9f6c6136f3a5d0e52e24d1b1578a5d6846c30618769ae0a111b0f9ecfa6af1b6e61fc5bf9e532884b8e0def2218a52f105035465206445fbe56471044f33d3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21aa2e7bbc39c561b7d4125a4fdbfe72

SHA1
144de1aa5357a20b8de463f379c980761d5c16ed

SHA256
36a4710229fe3e0f1c811f4e0e715ed28f7dfaeb3818fbb3338d7a22a5ee1aa0

SHA512
9d03e6760bc4f7e12ac8d0cb8d85ddf4e854ba7359f22a6d7d1ec164329b7174760d9d5972530bbbc1c44bab94a418c61050184023282ec4e1bba99bdda0402f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
041fdb0b35985518ed56ffedc22d6e06

SHA1
bb98e82b00e8b88282941b180473c33a30e46bef

SHA256
bb5c5564d4c240413a9ddd908b92a527894c195ef85db42e057228a801009f59

SHA512
c912ba88de4cdfe52cee113c4023c0a08c63074abc351f04a3f217c17ee1e18851b55467a30816d35c252eedeac1523ea738c914185ea7d3d599f6c1db0925c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8fcff2741f40b7309edb9b13a1514415

SHA1
7449691e8914afa72ade98acce5d351c19d29645

SHA256
d12eb2475496e1da699930db03dd1e44f0b4769bc9476e5fb8361077e2f47f27

SHA512
5f2c71680f25c49d2fe2ea690867261704dded9d64bfd862eb18ce9eef8be2874f26c081d208d2096c397e8f6bb55ae1b39c16b7287015dd31b0b03d5cdae291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
37a93bf93b604277d85940d78d8feabf

SHA1
6a874d52245c123cce0c690adfb249e2e68e4b1b

SHA256
b66e76068d88b33c059516c3f20c8bcdb2b208c43b9cf4a5dc882a674156e2d9

SHA512
ba69195a6dc1fd90698fd448641ba746c0faf3d914c90f16daf5fcad8e8c41be7aeaca4ad348eac6a87df0f4dcaae8764daff8eb4c4dfbe42b8a9d8b7b606db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586404.TMP

Filesize
874B

MD5
1ad69430057ec43298f53c94a86257c2

SHA1
d44261323d724c772b7984c42f2d647bdfe4bb86

SHA256
e2a71f79a749aa69bcb6d58faedee6a1e80a942df00551ec6faa701f815cad39

SHA512
92de71c6433f81465f3ac501b07655fd2a1ad8b626c7915985f233a68d726bbded16989c1609b3000df14fdc5a024e093a4fc1023e85226669a18ff39a7daa52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7e05618-e5ed-47fe-a5b8-34f65d8c941b.tmp

Filesize
6KB

MD5
3b4bf839f3e4a335c17d868f2eed2935

SHA1
2b922f3d3bf5f72080370db3166cb68f9e83c944

SHA256
062780da2959fa951f13707033300d3182371ddf86f5fcf65aa7710657e26dd9

SHA512
847064f7ebf3477f58eb22c98c1f374ed7e680ddaf35c0237530a0ced10c871f1cc8e9e561192086e3b6273e94fef4102612c2096563245837f57c813cb64396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b4075202223329580d7e42c53b77c207

SHA1
099a410d526dc68510d885b7627405c9382ec6fc

SHA256
18d4d132e3f2cdbd465d9405718e76dd5f215ac3fcd95a6f0b9be883c243a827

SHA512
cc1cd2a1880086ca27f7960d15c48153ffd7e0da119e86e7520b4bc71546bb280a9921a3fa42cc231c53418dc7cb130ac697efdc96cb2f0b6ddb80dc36265265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e914c31e22d69f9c46ccd70518341c78

SHA1
1d66f639c79dabbacb2cc74379d37e8b319bc2d2

SHA256
3cc4e5346b9f827fb12dd9e0e72caf9506a2a9e6bcf72ffe3aaafbb850cd2c57

SHA512
608e726657eb78711b48d1719584bbce4e9761b298b25aedb38902d8566ebf52b2c2b493f993d293e67c051cf6d80a15cdb782b96f6481db5666eedf2890bff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78fe0fb07e333f4ecd83a673c90dd047

SHA1
c7a6b0f4f8c240ba11e3829e5ebd4e4d7b8b252a

SHA256
31a48c951aa228f5d3112c31a739ce9cd5a564cc9a49ceb1a23a8c5e432295d1

SHA512
15497fb602968d78a4506c490c1db31523d120f54d87bab47e7038f3e69b23705040dded780962719c3f0e08d37c42182af53d0ae30646cee31ba74b9815ef03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0eb0c5fd7ea670d20c0d0bbb3011aece

SHA1
225413f32afe30319cb9cbca62c51a9069a4a008

SHA256
2459079d2eee638fc601b56f76bf922d55ee3d7e0c6c24b786cca45a0fbb0c9f

SHA512
55a106567e780c39018f50328633173effe470d83b56f97b3ec184a6f596e92f1ff79d8ad3b50a8a528aac2cdc496c8c09b3b96f4ba9bb6d29bf86bfc528a9c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
35f2e4ab072ea533352984304c2d0d5b

SHA1
3362f90bce7c34974cfc1ad14f10d22f461822a0

SHA256
841415e52acfbac8bd50be56b3ca48654ca7c9413b70b14177c0bd4a160ee61b

SHA512
45173d6e42f206158bc2bcb316fd509ad84aa5a4031b018954d5022d4307d79cdb7c7517b8d133c50c5767063b7fe6f26e9d22f9d9e3c6eb201a418bba193a4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3e90e7cf5af022a3f7e1a6f63a74cbcf

SHA1
a637f91c0ed70f684c5db3dbd053875b1d27020e

SHA256
831bf9e5731b1706c22cc8d66c47eb9becb4601af1fdd725dec68d3474bacd62

SHA512
0e092978ae946e0a1d48835dba819af4b221573a44555e4a70263742991750bc941966d6c9a0ef748b2347b53d5fa93770daf43a3b6f50e477f32485a9490888

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d3d5e72292c2f864428eeea2be6a6ed1

SHA1
17864bcfc4b52d54d7f6be726680f111b81749a8

SHA256
f0718bab230ae511babde7805d975c2c1d210b4cc77a95e5539feb861ac3f7a8

SHA512
ef6d714c8c1c9315309260edd779aaf0591e8cf10b320e1f460870b6d9fbc2e55c338804c0d9fcaa62d084fce0f4a97651717a14297d96dc8cd1753fe64ffee7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e8c9d5d4fb307d56fe4a6780dd72fc04

SHA1
a199afd3f456fb9bae6cd6a25a5bff229c654243

SHA256
5cea7d2a78a38910d139d28b7e8cbdca6794aa6efe515b75e21e0852c82472b2

SHA512
9d8dbd67e2ac0ad0b660f04d1c058ad5164ad95216c44e9f756b4a75a15718a08989ed3dccee3d68fb3c45cf7e7954ce8d7ee8972e2df5769fe0445c00f7899c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
219d18892ee3b1e638ea1aab68bad5f3

SHA1
cf0135b7727c2011241adae95246a785b0fdf79e

SHA256
7f54502bdbbb09aa00321dd05b4af13ffaa49bc2e095d5dbeced3cdec1ab3030

SHA512
aca24136177afe7d38cc85cb071de3d8b79879b80fce644d2810412c9401035bcbe3fb805ef095bfac1cccd12c2e8b033a64244b44a83f780810b32905c275df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0947560ebdf4988f2f5b9670a7dfed4d

SHA1
2a883c3fc0701fc73854158f4b74efbf2aa35eb9

SHA256
b1a3ea90372747cb93207133ced2f9a734df9ba7ce98b9f07170d4108739941b

SHA512
ba5787593e10157ada37801ab277a7dee715dc64c11828a33e59f07e84de346ceb9a3f5bb9c368d55b79d344363fa4b798ce136c860d9cf1fa739c145622cdef

Download Submit
C:\Users\Admin\Downloads\MonkeModManager.exe:Zone.Identifier

Filesize
660B

MD5
0a710c6bc9b38c9239c9d514a5fcc9b8

SHA1
27fd4b035321334a1fec600fb894581c68e56efe

SHA256
cfdaf41da482eed4cafe01fd5bb548a4984b1079398a3e71df8b1af071838481

SHA512
95fd4712dfc2dddf8f5726c4dbe1416b8fe5024a7adb4f8dbfa190302a96afb0dbdeea7cef21cfd744a584f59da3034f1936e221cc61a50ddbd4493eb5909c09

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 354059.crdownload

Filesize
134KB

MD5
f1e96c1d5a7707c42062193f15f84159

SHA1
40e11bb590627704f6fb66caa4f3330f14f7c71e

SHA256
ccf0c705130ad280b3ef8087c5ba34b9178dbf8aba5cfd3db034de28b618de46

SHA512
f372188877570bd3403857b144d1681c4a75b363503b942d1bb52bdcb8e0e3160a228dd29a3093efe9c09eda7d8d783327c3d27b405425b5b8b50861aaa0e1c8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 516081.crdownload

Filesize
3.2MB

MD5
aee4dd798da9f13ac44fcd2eb5b6b296

SHA1
7079918f2ae966e78f7f234c088ce1feb7db00b9

SHA256
2952264b226a7f252a4195087e104e326cb2d70ae0ffb526c5051006059b0166

SHA512
95b6d31aa2ce2e9a58a23568f9e4cfd5fd13fe4e23bd71fb1218a45c17b0a273d8ac546414beb022f4386ffaacc34591d8a0b12c0e287197a5b52fbeea345a5b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 585838.crdownload

Filesize
217KB

MD5
1d62aa3d19462f3d5575fc54159911b4

SHA1
b37eab86c0075245fcc517a280f0705f6dffb852

SHA256
6acaae0fb470790102a338e23dfe2263f31e529288e4efe51b34bca30371cb36

SHA512
78a9501d7920920577a586396e5d9e2278a7c926448c9a98d7844db9032dbd887df90d2f389fe1754bf5a2071a19dfd5d40315624923e903ef9ef6cbb214b1df

Download Submit
memory/936-826-0x0000025A09320000-0x0000025A0935C000-memory.dmp

Filesize
240KB

Download
memory/1420-2126-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/1420-2176-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/5480-2136-0x00000000025A0000-0x00000000026E0000-memory.dmp

Filesize
1.2MB

Download
memory/5480-2137-0x00000000025A0000-0x00000000026E0000-memory.dmp

Filesize
1.2MB

Download
memory/5480-2177-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/5480-2284-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/5480-2336-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download