hxxps://adfoc[.]us/23030642731374

Analysis

max time kernel
297s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 16:14

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://adfoc.us/23030642731374

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
740	raw.githubusercontent.com
741	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	MSOUC.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MSOUC.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	MSOUC.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	MSOUC.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	MSOUC.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	MSOUC.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "184"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{865073AD-2063-47BB-8122-55714F52A7EF}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 856506.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
3744	msedge.exe
3744	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
4480	msedge.exe
4480	msedge.exe
1784	msedge.exe
1784	msedge.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
668	Process not Found
668	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	5564	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5564	AUDIODG.EXE
Token: SeAuditPrivilege	5600	MSOUC.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe
3744	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5600	MSOUC.EXE
5600	MSOUC.EXE
5600	MSOUC.EXE
5600	MSOUC.EXE
980	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 3540	3744	msedge.exe	84
PID 3744 wrote to memory of 3540	3744	msedge.exe	84
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 1212	3744	msedge.exe	85
PID 3744 wrote to memory of 744	3744	msedge.exe	86
PID 3744 wrote to memory of 744	3744	msedge.exe	86
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87
PID 3744 wrote to memory of 4408	3744	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://adfoc.us/23030642731374
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbb95f46f8,0x7ffbb95f4708,0x7ffbb95f4718
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8452 /prefetch:8
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8868 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2016 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,14426138284223951161,9370172746897377484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x448
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5564

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5560

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\install.bat" "
1⤵
PID:1208

C:\Program Files\Microsoft Office\root\Client\AppVLP.exe
"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE"
1⤵
PID:2912
- C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\MSOUC.EXE"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5600

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3905855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
102KB

MD5
4e3b6af6455d4d44be1c63a654bc5079

SHA1
ae1a035747a25df844cc71ac860a9f5ce7251a23

SHA256
384976c29cbd3f199acb925161865e81fc50cc9cd8248546af5014ad9e59c4d6

SHA512
ce82325dc69ea00e02681ea1d1bd1364e1cf64b23f87faef6bf63169c8b26ef79042ab16e2390a8eb21093da4b0c59eb42b05ac782c2d503f4af493e86bbd076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
58KB

MD5
83cf6a86d0607697ac6094ccb429622b

SHA1
9bb2ac6e310fcaab2d901ca916558f1b2ada3751

SHA256
5018b0c80b35b34f8823801459cf5018958b29a5ef8bde6302eed337b8d1aa5b

SHA512
1dba06c95e5ccd135c89dab755092b2e95234a35181845fbdab3cd2affdddf68961c402a9abb70b38567c2f18a2440e527525fd083526cf9456eecdb8d29fd1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
369KB

MD5
bb68125cfdc1c7fecb525384be9f252f

SHA1
021a148fb4b9a258eafa3510fe4796f77eed60e7

SHA256
b7387cd7859f593259dd3335a04d2b41da5c0675aedef330f746d4e1af18ea67

SHA512
8707329526e39285f3b06b5917455aaf090b61d6953ef05e404de020aef076618662392fbb62e53a3648d07f4536e18bacb05f0ea81edfc1a7a6e29f82c59d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
18KB

MD5
23faa43e77bb2979e115eb452e3bf8b7

SHA1
0e210d6034311dcd078f325cd747627f5c2fa248

SHA256
960401b077b684d496538d94ffbf4bc8109bc09f1a7bf611ffcfc234819a00d6

SHA512
4ec02135beaf33887349fdc7944645844cf239ecf419764c65118c9b22a3ec2d363185146776f03e17da12963c937b13460fd935c91e1ccce4f359402c5440ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
81KB

MD5
437cc5d3bebdd008ebcc2ff13ba82b7c

SHA1
f8a665c89f187ba2312beecd7960d2e41716a876

SHA256
860463bb09d43375358f7b9e553a9e8620c9332d96d55414e131681ea6b68b21

SHA512
ee9a13986f9227f7ded2fdc5c30c38c5c9f57fa40b05397dcc2be9a6df032bdfd9d48f07497dc80ec4faf641c7cecfa310b20d4596cc646ec4da3025e42f8dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
879221f334a0d9f2379558d85c0a4ad8

SHA1
cab458217d6823cadbf842d0d1ce8d51cd593a09

SHA256
41a8b04f4043c9e0e76def69cf7c3270b5a8465b610f56cf8a6b5104f91307d9

SHA512
e0bd175c2d38bcba8b07f18b4706ff26cdc5361f0ec84eb8c1f88d5fa911690b21957217ef23f564c82c6056d583700dfec8b431482f23c9ac60fbcf10b9c90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
26KB

MD5
cb9730521646fef01a3a198ece746240

SHA1
245b35fade029a8b7d6c732dfc79d38103fb0352

SHA256
c0efb52a8618a35eca8aeba777fabacce01992addaca8e89cf240f1f04c3cd71

SHA512
e144e66230ac5d72c986e979a19e0bda6b3d6ad6cce29b8ea26cb4908e650057e436513426f85dca1474379d96e2464893a5e79a505549d7ea6e0c73b65c02e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
27KB

MD5
17b6743977bcc7a7bb29fafc37f142d5

SHA1
a06d514d3d380b8c28696bba059c62cfc54deaa2

SHA256
7475e9358cc8ec5ae95b1b485ae0f5dfea9f22c375f9ccd1107b53025f71e3e3

SHA512
1696cb3834251d9f4c1a2bd5d884d06a5efe2b53e15834f9f78d60bfb186977abedb007a37eedf3a23b9347ee44853c1c715fa50faee04b9bc8cf0d3e712b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
17KB

MD5
e41c34fb540f488e3bb1409b8543a2af

SHA1
6d0064e1764c26cb262f92c18dec30b50ed3957f

SHA256
9a9f06ebc08583396fc7a7dea803b01be254bcefb9e0ceff6db07d50763b4430

SHA512
5bd9f13f24a653a8e82dd6e9b836c6e9c57e336f3bf0076d41c4ad8f34fd5286b6c04f6fc632e4db20de7c7e4fa123a348ed20dbbca0c4d9ce38ba5815efe959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
20KB

MD5
74d08f3e49a4210f66236f4e84564a65

SHA1
fc5232cdcc3689d1f26ddf1fd9a0d567b8cd4bea

SHA256
f224b59ba25e458e2dfabb559d1e338019bb0f82139768561b03e42d7ebce7e9

SHA512
ac233a8d6a6b0a2894c89b33b7c159acb1084a06d1c8956a337e1c235c74f635b42cf95bbe723b2359b3b8fb09980dbe17f11e46f777749883af78cf5885f175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

Filesize
63KB

MD5
a5cc79fbd666432c461daec09604f082

SHA1
9a3df93d85aca657c5c8b60f9b4063128319647e

SHA256
9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279

SHA512
f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c7

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

Filesize
37KB

MD5
b171ec9a4afec36d9c5c223e74809096

SHA1
07921ed2473ebf493aa779e4147c5ca3a3e464f8

SHA256
02fbf77fe2d810cdad165c9050e7743936cc489b103217c36a1362b93f5a5235

SHA512
8f52e4c14b386580932b123007d0cca715082ca2fd79e6d5c1176f08b598b5a32aa262b96e877c51522a1ea867dfcfec574f19e8510f57fae22d935668f66085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
19KB

MD5
ca39c956585ff3441ed99f219a95908e

SHA1
c17d8ac3a1fa156abb4d7d6f4799bbabc09966b1

SHA256
c23e03e141a70b1967f6d62a272ecbc588655211752e250f9173bebcc61127df

SHA512
57b5cbce513d2f1c698e4ca82cb9b2ba1c26d7b80f21e4efa77493d0053943bd5a8eaedc3dccb23192c0145dc411a99a86356777e95afa78ac616ce3f5189a5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0eada012e60c35ee_0

Filesize
11KB

MD5
7e34a2c3cf8240b17f80ae1461927d70

SHA1
24ad172f67b2cd8c9c0304f28f8eb76dd006ce5c

SHA256
c0ed2ead41d9b58a71083d4d90c2b1eb379c074fddbbdddb276bb7ad8de668de

SHA512
271ed9ffc6c459c2564b5e29bda10555d44d615adb72b3a2599cb69bb3db24422c70cb7f3f7e0be43ba02478cee9fdab1fd46700176d83ee34f4076288d011a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
b8bd4995953a0cc8a83f5df53ab7e836

SHA1
ec8375af3e9b10c4e938a1426d6185e596087d4b

SHA256
1714e719634c3e7ce6280ea6e0f2efa1d58d054f47a664c56146607b19815ff0

SHA512
729bd6a0d3add16ac084368b59c971dd0102e7756f0572e40e483254f39f669743dd0173af05f6964e52c8798f97b4027b506b4f42a72859b51bd9d852d1e8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4bc6bf5847160a1a_0

Filesize
11KB

MD5
cd86c0419145b93798a3d421744d889d

SHA1
bd3897c5c0a33e642a644df82a73e7ba29f6a8e2

SHA256
31cf8b574afb74a94ae565ae414cde3d4bb961bb559b3ea7a451188aa3b43710

SHA512
52c6f1b1ea01b18969444f3a406d4955c613a34b7af8bf43e9cf907e8e619378f45fec277ca66ba0eaeb61eadd7bc42828686569e1dbe16ce358083cd7ffa303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
c95d90802f3d6d67762c32ec12b30976

SHA1
47fea6e6e7cfbeab80e9e051dbf9ff5d2d33e223

SHA256
bb89b05d2f9534e3ddbb6e35d57084886f861847cf6ff41e4630c30d9e0027ed

SHA512
b868c33fb3e0551691a875de197b87ae27ca781fc9a21f979bbd9152a5338f51ebc61d4e44f53fc6af75dfc15576ddcc9e9f06a12aa6d7c3cd719a446b32cf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82f5b75520717e05_0

Filesize
82KB

MD5
a14ace7dabea6b7a008c12fc19857ca3

SHA1
d2205b5e350de8dc8d4a7c06bcde03c39522f7b8

SHA256
435624ecde24e948bbb19b81295d6fba19b9c047b7991e3f35ae53427692924f

SHA512
58171427b92d3083549878220445e2ee9761a5fd277c3baf69dcc0fa3dacb1f52b96c12400c700e38cfd67f5cf6d9f9ce1fd744bfb9f7f6129971b9b12071def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
686dac0283a47bb17f18a48773fd250f

SHA1
e3724d3593d2a1e220c2f8b352270a9deae094c3

SHA256
5144aa6c1f84e987d77234ea677d251e97ef5e81d154751437e9030005591873

SHA512
8ba4aa1aa6b583d4d1bcf98c0a5920595da999777f1a47f1d76955a5c5f6b6309d466e07112cac23e7b303ff8569085b380410dd3fc326ce35d98273b77875e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aeef7aa9011040e0_0

Filesize
10KB

MD5
087e146ce60723ebf8fd25868ef4b0e3

SHA1
97d7c4441d449791fd3b178b966af4389c2b5df8

SHA256
6d82b53ef69e48f0528d240aab7998088370d2e72ca96717ea6375d63872c566

SHA512
7403f76337aa7cb67f1fcf5a5203b0bfbac035160886051135053d696e5b25f2a83e89744e4ee1fd4f84d2efba842af93b892fe020ee9f6fcdfcee5ce54cf7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b27032f07b72bec4_0

Filesize
360B

MD5
a4c051acd128e6d6d3f610ed19d94663

SHA1
bd7c8c2c7aeab153c712c15016e6dc9e87c4c5bc

SHA256
9311bb70b22e40027573a0744ce9b49e7559df7099a1c24ed173fe1be28b7ecb

SHA512
5d57620e56d6f43b648a026d47e89fcfed233c9ba8bac01efb79909fa6ca43fcd3a58eba77a731dac60d19abf670190f5a07d66359b2d3277dbe98dab4163f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf560353dbbe3e6f_0

Filesize
8KB

MD5
0b6290ea30fd26ef17d1cd91f317542a

SHA1
29cda0d1b52ec8b1590274f303f59bc41f34f9fe

SHA256
3eee235cc4574bda196eac6aa6cead237a0d84aeb947744e822446c05f5c82fc

SHA512
2ff24675d12ae0dc2022721bad5126f9284c19901d3b311f401f1086710a004157c65a18499d0310a5db6dcdac5b1d7e93aadda825ac94f0197e34c45d5a0b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
34KB

MD5
37bf362417a685b4b27a494cdaa75e3a

SHA1
30d75f4ad3d7f365b0f688d18c2bd606f6389aee

SHA256
5bec8e148053fc68c003a08915299061bcc415e56fd178c011ef66424cc43771

SHA512
5eebad8911f13938f6218a5203d620214243858410ec4abce52ee54e58ddd1f90258ea90e0b3149cc01d71024081fe527ddd0909b6228824ce5d4c1da1dbc581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
2a948902b76d5bd57e7a797697995e73

SHA1
5aa2c7f378416793d7f90abc3dbaff67651bdfa0

SHA256
e269a7432c68028de080b4e0331e34724944db40d3b5ecbf38e147c84a6bdd8a

SHA512
ecd6f636b3e2b7261b47a2a5e224aaba98b8b7c511d2c5d7772ce448630d8c8460b1f21195ba3ec8aa84cf199bddae2d3248cd63e9c830df679908db776aacc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
38d8517fcc293ac8c063724b8d9997a2

SHA1
5e6895fe0e7b64d0c06a20dd94d1c39f29bae03a

SHA256
a38666b6d296220ab440e893204d5e236fb950a4f7738531f7a9bd20494639b4

SHA512
e242e9c50bd6d388161c5cba48404d5a0afb0131c4c3378fea13a27e685ee605d5e838762eb6bb0e2976a9620a3198df75b6810245525844bb8475c1f3592cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea3661cda70c21cf_0

Filesize
3KB

MD5
717e3ebb9fb718d6939a72e9fee8ebc2

SHA1
5308f775c7a937a59c3027ee1a68bc106c782710

SHA256
566f129fa9a4ede351b8c69cb9636cfba2c0c4f872145744c165934290302f5c

SHA512
9a69f522eee38d66c0a4de27d601ae9ebf69436b3156a06db249e6fcc013db4b05f8ef36d5910afa35891da1edd446588e754bb3aa7e22e8b7744a23e1c089f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
e7b61a01bad25f4eefb9ff7633ba7286

SHA1
35e63de4b1182b11a9333adcb637a2038d385e3d

SHA256
9f00b3a3169e93b4c84b643d946e2040ce1e2f2bb127d78611540a6cdc82729e

SHA512
55718ab2663d3982c221e8d0c2c50dbd72354c26b93cd055c44ad58160794a181dba323307db3ac98ec2935ae1a28041028f3bbeb268cd7599575d1b6d8cadb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
494f6ce247edcb0d14ce5d414191f2ba

SHA1
7913bf7da8f6a267b7c9361790279212fa400d4a

SHA256
d71700b10ebd0d809302a14956ecae30598ab44a12d13660c21c6415e9269358

SHA512
b05d0f301d4a40b2e925323ce36d2abbd46f464eb54a074dceee2fe31f185cd81fd994eb01d9dc90a2be7b10bdafd0680315145450779210bcc3c10bd3045486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
01087bff0f0930a6a3b7fc83a3326880

SHA1
5697c3ba6143505e9e8fbbeadf054aa687b09107

SHA256
49b77370ab81c87f7b1ec701d00991448b01b74af326bc044ec8f7d324a0aae9

SHA512
81a274078496b24f2ca33dc76e78ed26b1360e5fea09d4e839279d0d6ad4455e9b186538d0cb4fd094a0fca7db9bdf68237bc9f5389b58dae4d56704769101e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
03aa8c5b24947ef66ff1acf9838452ca

SHA1
db41a768338e557824cb3a0e132836bc76803218

SHA256
aa3a094cd25a1e0e85904c7d766ddac2da8398cc8e3ca6609424132291ee91a4

SHA512
aec6be3ec7077a9d1edef7c9e12b6641e3717c863b5c15dcc483d8a4dbc2135059fadcb27616451258aed4006b891f6957ca93cd0bad3bd13a271745bf9c8ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
4ffa03a29b549687c0ab469ad02253eb

SHA1
53dc4cb8da4f71ebc0f0328961647758ad7c09af

SHA256
5c904d648e929c035ed4872d174a7f32b08fef158df2b0a22d9584dd3b1f65aa

SHA512
17a810804c4cb65f70ab7f822b188da97038298fdf4fbd37a06135ae3e32e365bb902a993a8e6832558c0474ff889ef405d65d763cee32dfe03c335880c40916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c637ad88cb7b78874486728281d7fe73

SHA1
19f42151fa242b31314daccccd4f92dd6f5ff675

SHA256
0ddeec66738d1f7f6b781e3a981b816e4b03961a6ffa0c712c55e65bb0a2fbe1

SHA512
f1f16b89517fba896d036428364dfd3c3c64e5cb6036207951fc0885fac38b41d7ffef140fcafb8a7f8585ac6d962de77ffea1cd2621af5b7ed4c7d902a04e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
bc56dad9f2ae122dab44071ba97240c6

SHA1
92e4da07ddb833b27f06a4fa043c4d7f3cc352d2

SHA256
c8d16c25b287f6efe2d37f105a4e4d7186989a4ead756d2db0e941f763a0e21d

SHA512
633d1b62304e738f4da075cf76ca4e3d36f3d3f202a803e77153861936e310dd2b5bb1ef22ffe78aa1bad61e935f5de49612a14f8738758c95f9c736d52c23cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
5f71d3c8670151364a92d423dc64aef1

SHA1
6230962ffb72e1af2653a0c2a83eda79d50bc506

SHA256
3b03df909d11f7faea2cd19b3ca36dc37fa0e08c84c3dfc76d80f2c293199da5

SHA512
028f457f12a71bd699407ba17c0c4c073028683aa213a38a6b3d74776bccdce8abe8c21c6492ca71d90a247723cb8ec9879cdabb61be87816a221c3ebbdab1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
719c778335aa07abbb7dffcaefd2cb06

SHA1
0ca8b7a68afe872060bc74546135448bdedf198f

SHA256
6c0fe983839126ef79161dd4a6cba36981b167be971a75fa475b8e89a5a820e3

SHA512
01ca72a96bb875cdbe8b93cd5744ffaf7729849c5fa7b89f03b3e6eff889c159aecf92b085d0ce904a91dc9e0f895ef01180afdda52086fc50bc77926311e5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
a2dfb2759b9d5064d8c8a46a4f16266c

SHA1
395176b9b90896f10952b384bacb163e82a51aa0

SHA256
8b1aae1e1e4672a3d54aa1298d686bac6a131380073ca52afe52fad8b5ef7264

SHA512
3d07f0f659b414128b4c9886b9a42634fb0096cc386dae635f93df7ec31d4b6eea84ca0ea1f9789779e79f497fe3ad2868c18f9c34de7d92eac85872edb01a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
7898a400e6dec54f971c84b4f7199328

SHA1
585257c37954934213d0b972abcb3b1a819ca989

SHA256
db91d603c6098ba47cafe6d5daecca408d3820cb3fafc095c70207c84bd27390

SHA512
bb630636301eae60c00d8d2fd91f53fa595459ff0ac0cdf148ce8e2860a0270474b55633a07cca5ce3b725db9064fada4fe7faf94f848369d6d6720a6dfb0ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2db1e1a32fb02e84e06d4fa39a828c24

SHA1
49a1451c45fc153d1f8aaa6455252cae4b2bdddf

SHA256
016a18ae0620af23553b75cf9c9646b0682d01055a06f4a8d9574681712e5ba2

SHA512
135ee01f8f644dbe9730263162af66f4db88edaaa5404bf40253f859ce8294ae83c08617a140a0fce6c9f32e18c9837b597cd95bd12882dbab11eec2bede0b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
28df51f1a67f8e2acb213c41c033a78f

SHA1
ec078541aa24526b809ac05ec82272bb21da88d3

SHA256
574e5e598d7e802801362a94c3a7cd3c505beabcdb0717a82a741a74d25f4b0c

SHA512
40883033b25b6787e0ea7392d18c8683cb2c02f1ecc5524cfe0a3e9f7f6bfb59d201e06e4a4270c138e35b61c54a5ed208b36c3c267e6fe630819a23ddbf4ba9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
85a370792fc924acffe9dd579f5ff833

SHA1
9c9383c72de61b4b7212253a1060953ed740f3d7

SHA256
531bf1b5ef02aa9ceee0b933aa2a2593b5c0d82092bd8ff59eda98acad4850e9

SHA512
5225f29b5e563290c91cc5d613ee473694811982260687912d5a5fd155839b08e1b15fa1c4c43d8780fd886ecb91e4a61a4d3bdd041366b622e1e88d2e002e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
732bfcf778a4ef61f13ce5f28bb8ebfa

SHA1
8914b2f8309fd0bd1ea597f5023358ef6444a9d1

SHA256
7b7dd21f7e1210510c75a2ddc82315652aeab7a2ac55f11a5124e40a6942659e

SHA512
2c0695eb6103e02c53613b941d31ecff36cbbce91e3520d5d4ef4d48e25f70f87e8c1feed22e40acbb41b153831a9c6db392ba37fb7c8b6923521955f0575b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
b696be56478bbc7d58b9de8df8d426a2

SHA1
abac323679e5b1095969a9f7735f45d125db18b2

SHA256
7ac9895f68a477d4ad28943bcb9378229e4e768d8dc44590f8fee0563013c893

SHA512
b72e3746246ff1f3066c04f13b88e5d1eb2fcb092d7fe0b76788eff7fef1f4f8f25c3aab613b1c6abfc9b4f5a6ad0852e705525c92fcfff489a179dd8ceb801f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
e2e04725330a0e921bdfcb105ec645bf

SHA1
21983159116b0f268933cb674f866a71aa1f9f41

SHA256
87330a1b965c74034ec3078daa42edbd5fdee59f1283958841b41eadb6ab0e50

SHA512
46a7b8d1990d6c496a3ba429865da63fb034f2cbf64eac60ca642fe8233b600d266aed101cadc58dc81739646c2c03213152b6cb443fd44f0ad3582be3046bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a873e11c1475d6f6fa3f5136e5a42b45

SHA1
93c157118e54b25574899f84baa6e9f04f674e44

SHA256
f707023258ff53a35dd4718cf05b4071da094a2b6470d455d9e81c039ab0d3c5

SHA512
c3e06ac146345de5d7e9d489fe10671e4bd605acc2d2206d21c6e65261ad845524edec9b1031eee5e0075d4c561f811672711e5e27790ba053721f945060d92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
bd055472dc0ab49c092ee74358c298ac

SHA1
5c52171455b7216be6b4d42815655b556eacce4b

SHA256
0910dfff808428080f722dc51dce510742b52ade6988c00ad35d8a1660358bcd

SHA512
2b87499416a9e09eaa1b91ae109b53bd91dd605b8502dc144bac8b5a0b86870f92cd7a520ff4bb0febbe7ab171536c290065a5505d74d0990d856ed5bda7dd97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
de91dff9b8e2b903ef8ed78ae707a3ba

SHA1
39c8461dcedc0276627c31d332563e4b41fd7bcb

SHA256
c5c1055a16424292ab1938f8702fe69027f0194c8eaa0f9df49227aada03a338

SHA512
a64a8837e909f28264bf45ea395e14f557a09ff43964d81405424cf871633a6e4f471250316d843cf62f29fcd69d12bdcbd3e530e271ca6f755a32196659d42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4e18862fba61d2292e8b166132c14d51

SHA1
6802b907d0cfd5ee562cf2aa20c8ecb4384862ba

SHA256
1f191ca2e0ad812df02bf7549fc40a53c0277526786b5bc3d131597a4dc66888

SHA512
4f23ed6d27035b16b27b75415f09514d35d636533b24025e1190526ddf8fe47b9b1b8d428d4435d9d339d012db90efd15db2d8cd0ab4e5448dd3fa912fae4f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
37d2c0c205281c6614326a0e01046941

SHA1
ab1b3b907f00412f2eddba79ea381f8384951649

SHA256
b737690ab476f98324be3c76a87b2e67f5da3efb12627983c83458c38272ff33

SHA512
2103478251f8361b00439781fc000dc1eda7a2de9789accfce1171dcbfdf6a8a2454a07480a5a58b5bc7bfae3dfbb29d783cc219ad1937995da28a5e88229fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
803eeabdeb52bea3de5d2b8f059806b3

SHA1
51279f92365574d5ffd6659a571baec115d0d5f6

SHA256
98a235f4db1b266b146077308047c9798fcd3e8ae3566cb087a8442827ce968c

SHA512
ddd386e51de361def03dae1b75f72f43f31b49e250d25184c3dacac2153d702d9495628cab1b9ddd9ce4b1fdc10203c1b611611dd8a1af55360c2485177060fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
f1302a4c2af719b0100c1158c847199a

SHA1
56a595692165cb2dba5010731e51e345bcb178e7

SHA256
13061465c90c51131fc9d231a11794d3748320d045b69180f5aa1d9432baf9f1

SHA512
5d95924c5eed7dfa9e62de80cb456a4bee2d4a05dafba62ec24d64f118ea7268c31093daa040ed5ab7b9771d97c299118805b4772bb4e06ec7ec6f3b809002d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2e11d6364c9f441dc7fcf24b680d7353

SHA1
26d8806b8240bc1bec368259078dfe22209ebba6

SHA256
3e0bc274b79f0be018a3214681fd296f97dff09296395a29d3ca12ba65ad2464

SHA512
9f94a5275d11f08303456c9e313e67c9d40446c900e1f530ed089bdc485625e6281785f67adbd718a52dd31115cbf2b658c048391f0a7f5d927a590003543205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
04ef529872650d439a541f8320d768cd

SHA1
aa0055c01d7ed1affa48e1c0fa4df98389456d48

SHA256
07b295f9c7e64f6c73c1e927a184b3037bb2f6e06acc3b0456909d59b6d59556

SHA512
db82c9cb3a9da515259778813973b81a1f0beb0d27eba7875a280ca9cb470c8c14a694af690521f419641bf9dd17101e1d02c4f7aa455e1f96bb3fbdb10495db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
63eff6928b067f25763ddb7873a33926

SHA1
1e2c18abfb034805dbd5efd58fb2ad9e55b6eb33

SHA256
0be0b8adc429d0e019c21a5722691478d0bfd28d0d6455b40a0a9bcb3ca8358e

SHA512
b94b9f0966651e2c19f235390166fd7e8823882c9c44c0829b910308bf390d38198e7567460376a437bf73343b152c6710a637eadf8dcf2db9a5d790df246582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
c84dc811126d80bb6bc6f932ed1f52df

SHA1
e12af3f14d1c564d641cb4deab4301cbf7729923

SHA256
3447cfb409cf6c7b6392aa068e04baccd47f8e271f0067a8c369506d3c6d70f2

SHA512
945cfce2119a5271bf5bece271e1f155da3aae2d7ef2931831af371805c6f355e0ec09d02fc9436f392fe4a27a0da49cdc624ab9664db3b0b4cd81a959166cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
0b44c72f2e677178b2fbd35a6beb7f0e

SHA1
e98a312da353d99b0760db49b91309071388c8b7

SHA256
51a910a222a4e163d633d2e6d9c6e658074ef7b6e7c33428450416e13b35a3fb

SHA512
f3d25e587cf0b9d642d92281b3092aabcd8441c005c4d54327392760834a9d74221bb84f1374d1acd158348c1536b5ee97e43b53002f4269ef153b7f430cd315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1ab50c200ba9fdf3d1e3e655d190646e

SHA1
e5e723c88add969361015555a22d610c57d32b00

SHA256
2044c6e55e9483094acd4413a69b8eb95856562b9818bb0ff98e406e76dc177f

SHA512
5af5063e272267b6b65d1731c84f11fcb4b0f412bd3e0a50cfe2a650dbbd5e6204d505d24d9a9796140a76d6bb956122f0b93dd90577b24f4b63f3fb7d2c2d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
3ee8727c1b28eec3ededf5847df57d2e

SHA1
d4f94a11d3e860a0e43cb2566795afeac53e6c33

SHA256
6861fb01beb12f90c398600280308ed1efd975daf9ef23a030bac4ff75bd9dc9

SHA512
aac8597e45dc647a74572691ed022fbe22b81c68871b1425a8ddcf302901c04f3a583dec24edff6dddb3de9ebda32d13fda83c935ade1a4774021afd0ea1faf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
8df9e8a32caaa31cda2f9c3624725501

SHA1
3b0996d9da8d5da27a6609dd41a28c067a5b3ae6

SHA256
f43c3efb7d8726d55df4ed2f150514ae697234dd6f351bd7e71a5509debe57cc

SHA512
66b2f6756334507bb1b7fca0d5e64e6f9b3af5f8962dd1fbba5014e3e56ee0109ea958ba3aa715a35fa81c3c740bcf12d3823d02b714f60f5d33365fa43bef4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
31fa6fa53379a7df124b28a2bc15c19b

SHA1
6a4f6101195ed9b4ccd812a9f42a3e20c45ecbc7

SHA256
fed7fa1f0f448829b59dc978dfa7296cb390aeee594b3c6e758fe10b50561338

SHA512
f1e856a3017c0fb1329f8dee8b25726440ef3e3e7a5da345a0f2143a0547c5d1e1403b65e2060f120b29038dc79ae7f2c77d55fede390fac971add6a7dff9611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bdc849a1077c797df132238fb529763c

SHA1
8e94d1cb20fa3ceeeab33ed42e65efe725f873f5

SHA256
5544488bb7fe5ff93f8f5c3cbdab7a0d9afd4d3f569878db9a3a6283070ff1d8

SHA512
af07d4aa41bc798d49e49319517a3576cdeb2caf657a94d47e037eaeb8b6f51487621f80d7806277f4b6b8e4d76dba9dcfc5950aa722976a73b05cfe82db687a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58364d.TMP

Filesize
2KB

MD5
a8486e7932d88a75552ef37c805288c0

SHA1
716c8af7a5687880696c759d42dceab82eb3cb7a

SHA256
02033845425f203bf2e79580f881683d29e631d1fb92d2ef11872311d32ed7b3

SHA512
69c8d4504928b6d7358f8c477852e11474ed8fbcd24e68e2dc69e9e77a12622ac59e9acfc9425f6237480e94fdbfcddc42fb146d5f94114182eea7aee812264b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee430205141682918f5be44edb1b405e

SHA1
de04d3f2436594a46da6c646ccea72fe9ff3cfc3

SHA256
e311630c743d39462188b4782a1f9eeacb3de4b4c20dcdb1247aa41a68a9b630

SHA512
b25d24b9b9ac8461282fcfb062d59fa76e8fbf55af9e3577afa5f4f4bd775e3741c6b1d415dd59f55d16cb9ecefe5773c4dbbd7682a9f7df91a5d79736b29054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85eaac1232b2f6a3eb7312fb3a45c80a

SHA1
179d98f593a96950cb049fae67ebcddf9030fdad

SHA256
d4843f9e30f1c388caac5570efbd01a342674d9cde37c4915002c4888650f166

SHA512
46661b42f56abfd7df7d274c09749cbc7c20ec70b847efb715f943e9952535800c0db6797b482e4e6d5e87f8e1ef552bab340cc2dc7cefdacefd876c7471fa28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5f7f84de675086783b1451efb03bba1

SHA1
1b82f4d20e6787e7b8983d9263fb0653f7a417b9

SHA256
69af0cb4abb4f136b78e1f0189941da9fa49b46fa7519b1a109fe00fde3da012

SHA512
7279d645ed8ce122e113b751ccc7a7e1c26142b42fd9a044077bc6e8af49ef532c7cc21eed936ace3fdff18d97b79e9e5749b156a5f30cb60a154b07d75deb75

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 856506.crdownload

Filesize
1KB

MD5
94b76b5817d6e31aea8eb36aca51789d

SHA1
a780197f7b01b1ea0cbfca4f857b46d7d2f5feab

SHA256
b50aca86939cb7048b30e4f422f9792861b842dcc3df32b45148d93ba7a02c25

SHA512
18db8184703466d5bbe2e92f5fddceba5acc35000e127037af392256e039199bcf6a6d1ff221700c3911dcc631d3c495fc3951b351f98cb7405cf778fbd0fae4

Download Submit
memory/2912-2568-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2569-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2570-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2571-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2572-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2573-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2576-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2575-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/2912-2574-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/5600-2578-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/5600-2579-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/5600-2580-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/5600-2581-0x00007FFB88450000-0x00007FFB88460000-memory.dmp

Filesize
64KB

Download
memory/5600-2582-0x00007FFB863F0000-0x00007FFB86400000-memory.dmp

Filesize
64KB

Download
memory/5600-2583-0x00007FFB863F0000-0x00007FFB86400000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads