hxxp://google[.]com

Analysis

max time kernel
185s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
3720	msedge.exe
3720	msedge.exe
3956	msedge.exe
3956	msedge.exe
1644	identity_helper.exe
1644	identity_helper.exe
7108	msedge.exe
7108	msedge.exe
7108	msedge.exe
7108	msedge.exe
540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 55 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4820	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 232	3956	msedge.exe	82
PID 3956 wrote to memory of 232	3956	msedge.exe	82
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 1956	3956	msedge.exe	83
PID 3956 wrote to memory of 3720	3956	msedge.exe	84
PID 3956 wrote to memory of 3720	3956	msedge.exe	84
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85
PID 3956 wrote to memory of 1044	3956	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff81fe546f8,0x7ff81fe54708,0x7ff81fe54718
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:6196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:6980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:6224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7148 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:6264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15523755840020444397,18040391109451456814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:6276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5040
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab114eb6-acad-4ecb-ae36-5dab0e5b30fd} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" gpu
    3⤵
    PID:3412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96c2c056-0939-44c5-9dde-7315be27d7fa} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" socket
    3⤵
    PID:2084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3292 -childID 1 -isForBrowser -prefsHandle 3324 -prefMapHandle 3284 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9bdb68c-06cf-4389-8ec5-1365141aa3c4} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:3172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2768 -childID 2 -isForBrowser -prefsHandle 3740 -prefMapHandle 3736 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4360a855-617d-4147-b7e5-ce62a1e0207a} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4644 -prefMapHandle 4716 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2565c07a-37b5-4431-954b-4ffdfa24e51d} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" utility
    3⤵
    - Checks processor information in registry
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 3 -isForBrowser -prefsHandle 5368 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a251243-4f9c-44f7-a4bc-9bcc36e5f63f} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5532 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eae230c1-c739-4db4-aea5-0c4accb49a79} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:2624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5716 -prefMapHandle 5724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42df6ad3-b9c8-4b05-91da-52019d164ede} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 6 -isForBrowser -prefsHandle 5996 -prefMapHandle 5404 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82c15cc-0eab-4549-a22d-1bd94f8a81b1} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6344 -childID 7 -isForBrowser -prefsHandle 6336 -prefMapHandle 6332 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb59f31-b618-48cf-b84f-5d39e34824a7} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:5900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3876 -childID 8 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c9f8d49-57f6-4c80-b4c0-55177fe97606} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:5288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
233f36bdf1a873c1ff6398d420803f84

SHA1
e0ad43f87461616485e213d3f1f6c98e1f1a5d4a

SHA256
56a62d549600d6b0a08aaf5248a86a0e1cf9670f272841392daa074a9b657fd5

SHA512
f4877de8a0df3352dfbff08ac29dea50ecf2083426271e8ee7f73a03fbcf1cbc3584579b32a01b2a8fa8de135623ac8990ffa459ed4da8ef99fcfe21afee8e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
103KB

MD5
8473182497dcb1d492c37e108cb3585b

SHA1
da2402c4d3296528fa6eb5683a78357189a9bf31

SHA256
d0e50430dfcb067abf986661bc193ad6f37d8822cc58efdcd821758683162b2c

SHA512
c39ce1dc1be5203b36b77a3895279e5d8babcd50399861d9131f58b552f69667c90385054a2b03addb5e3e8e3e5f33948a8d14b8bc4e8f0944cfd3b33f28345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
77KB

MD5
5dc01cfcd5336f696cb85da7ce53fa9b

SHA1
28a1f2fadc35c5343e0280389fe7955e3d1be607

SHA256
f419ad7a4477f36ce73c74a23dce784150ca38fa5075a8e06109709cbb716903

SHA512
e38f03ef448a304331e307da790021f2ba8c70ac7165af98713c23bad271f3a9748f466326854b341b1eb48857d66df816d71128b0fa73ca0ae36ae4e5530cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
29KB

MD5
fa20d8437865646e82dc61b9adf6c93e

SHA1
936b2b3a3757eca48867cf43badef1c608177a28

SHA256
777efee22cc03118f4e5ba78aef0cf7adb1e8a13fc2b5c60fd220e80472f0188

SHA512
81c77e1a7b29d089ef10056c10aac8f696cc889499d9b68b40550e861173557edaf39049859188fe9eec55f69b3b22b05044afd8b6b212101ec792a7fd289f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
100KB

MD5
788929642c536e10432a2e648d29ca97

SHA1
ef65d33b165a120c389973f1ac4fde7f033a94ef

SHA256
5f6dfb72b2a683c140073779cb913c06ef25c2ebcda74b589df27465d1a71990

SHA512
9edcf3fd9a129a2db1e2368a82cde0fc9c63a7de04194c10698f1e513232b178d2582dfb426b3d1b48a0cd9a9087fd5634516242f1c9ec0e255d2da89cfaf41d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
32KB

MD5
d36b3a2e8cdab3cf6f75f52ba640fa6d

SHA1
c1a48afaf53ad919f96c3d307ca9513718c3b3e7

SHA256
1f82cb7357951949fa105591bd9bd975e453d3924061f83f0cbc968f33051b44

SHA512
98b0e3a8376c185c639f8e39bfbc1783a08d28e1b8a40c26903ccfc3445542a7f23035c6a8c602fae9251836dfc4c188ff9446857e88a2fe99de110d960f8239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
33KB

MD5
9fcd0794529af403b9d459c743360eb0

SHA1
aba2edba029942d5d78bf4d5aa197332f70e3aa5

SHA256
dd99e147e88f83f4d5af7a5a9e6d1b7533b1e4db05700c252d1b0d7a22f327ef

SHA512
3033085e715de0b8c951814d8c02f68e6319b94135e8cd6034ce9d08a16ca5c459885a0de4f29b31cc24eb698056663b6aea3ac6296778c65a1e0d8c241a8272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
21KB

MD5
ba33be84c9d832718ac8c48f1e3be825

SHA1
b8e8ee8a3c794b943bf92cac6a2b86af2759c82c

SHA256
503ecde07c8436ab5d183617d681ddf9828180811b3c1475cf971e91d85bd881

SHA512
cc2c0838f3a8da314ab390b45dd9ab21d2d00cb058bb50e63fdf9eca5dc729fbb55ec31bc658ed9bb6f37d4205c296f5fcc2b9d976794df685be90b78397b7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
41KB

MD5
f2496049993a58596836434f0646a390

SHA1
aefaeb1a92415a2e166db5e2b6e75eff731a3a63

SHA256
98e30876c1933ed6ddf3b0665d39d775392f964e71d7011c6a83b9ccfcc9d39c

SHA512
34db96631272176c871719c6ab6a64e50ae05626e3427f97567e9ee7469cd51b2a56b11097600cdc8338e0f054da656d8eb3596e37a48ac47be46660500b7044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
e9d2501408ffd7b4cd390f5a23c980a1

SHA1
ad0d8474c3fd0649a5669038c47f5b5e5229d1cb

SHA256
997fab62a3834d38a3518d2f1a0de492a42ee01b283a015328ce20075ac03850

SHA512
c3fb65834d6c8c62802149849f61d95c2b0213e1103516195a14e1d962182f528c30a40d0473884313844402037342bb029c1f29ca4f9e29fe0d44b6506379f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
71KB

MD5
fffeb448f2e041bee10dfe9839b066f7

SHA1
03b31f117dedd900c819320b545d3d3abafca097

SHA256
26c974446a07d71a85c4412fd165dde24f3b9d682c610ea64fa1d361c436212c

SHA512
11fc93912e4d69940623d77ffc3a198e3854692763495652f695397ffcce087057f030a7fd64185c544b334156597e681688d351d265586fce4db726e0f1a0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
28KB

MD5
ed28b7af263c9afb191e63b738199872

SHA1
54b827bd559b536451f509101f05986dc6d07562

SHA256
ca41b75ca40a6234a5b1ea19c822986e9006dea434963fcd68e4110cba2f5d57

SHA512
e80c5407c5e055cacf6d457bfcb4d78fc887dd5827992b45e4c2571e9c03742531ab82f78cf6e68684d059017231e3e9dffb88d7f87225d72780ef4e65984386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10afcd6c2984b3ff_0

Filesize
278B

MD5
fa24e8f6d09bab0654b2820709d33203

SHA1
56ecb7aa198938b64b6c564f4050e9eb0bd680a1

SHA256
387a0d3893099dcca1c881134cc210b17fb1cbe63c10d9c3111e694379f75f06

SHA512
a9922c477c389e57cb6c00d3967145b81b704c4373719b2f53403057a0831fcf29d542b47d45601ac8d7539cc60eef8d9289d9a860c9bcf6f2fac0fdf1d44a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13229076b3fe30f8_0

Filesize
261B

MD5
c85d86be93974c14e32d4eeaf86653e8

SHA1
182c042da3a88f190d5df2793c9f722b464aa80c

SHA256
a1882ecef0b15a1713fc082a16b35da68799ff846de519f1f9060f735ccb7e3c

SHA512
a51abf0ee19f845c86b65f825f71641ebe2b33629fb606ee96b9bf4263043787c15bf7e7a18c50432d36baea6b21e69e97832924332d0ce409625f609048289a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c4289e779701986_0

Filesize
109KB

MD5
56324dd063811f52e641c9df80d926f6

SHA1
dbd4b4499fb2bf0fbbc9f65ae396b74ebc402eff

SHA256
ad2896208a671c30ba477905a818f7a25c0191778e4926bcaad0308cbd9bc00d

SHA512
8967a188c70d19fbeed76d8c3acc50905aa45882d0ad771910ad06eb51070a14b03c392572e2818ec583a820eab6b475fb92be3f13120cb51dcc91eaa75c8c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\567d2272fd48b5f2_0

Filesize
248B

MD5
0a070d8b0cdc02cf56c8c6a7fb624070

SHA1
fe2b48a4dcc6c725d839d1fcb1f260aed47c061c

SHA256
3e23046783e8e0f2b865b60144a26f33bbbb84cc8302e8acd0fc6360c7ffad2a

SHA512
d32263f317b0d6195a7228671e43cfa3ec8130bc0e8a103804c46378ffc52e8f1199f747ebeb320296f8416e4d4ddf89df27a9b5edde95b5e99cb65247b2dcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61b3915916e81480_0

Filesize
243KB

MD5
b97717ccb4a1dfa0b37e0a977390f298

SHA1
7c8e19ce99d5c5a38f8d52337325e9b24d557a6a

SHA256
b6d268c2c52f349c45b200e413c9298d637361fa6ec7ecc986f76ff78d092f9e

SHA512
d1d9d01890a86aa09ba4e5d933d0f0cc6f98de07e34483c664e81a9a3a8cbd73fe94a0ff9fe815daa3d3aae2ac0495e03f6b5d5fd1c86e3c851352ac7fd03e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82e55a37ee73cb6c_0

Filesize
725B

MD5
ea97012f35672b2be3384e0b89b1fdb1

SHA1
e13a46a9415ed21afe9d644e5dca955da8c6c838

SHA256
8eb8a4aa22f657dfe7c71457216e0b9bf650ea3bc37a6b35c65d9d294f2038d1

SHA512
a2dbafd12bae8a30be48488b8a8ea96c65272e15790513e08e1cc34d7a7be3db72b8ddfe89d3166eb51ba0a6cba0a8eaf9aaba49673ac2db448ab6b69d88d9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b9fcfae8f85dcff6_0

Filesize
425KB

MD5
0f29cc362dd9daa8e6323488a4d797be

SHA1
7f857265b5309f99b8c60b90302450ab31afee2f

SHA256
3275c7d254fd66033ec0e30649533af9d6364099ea63a0f6bb3c8728d7e7d326

SHA512
117f159f2db0ac498a9cf2a0e869d94af964c90db699a9e46d989031cd52a2d5d6b6790ae19658f912bf897b961e107d5ea20ee4ee5557292a6ef2304c789b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\beb5cd5366d6696e_0

Filesize
6KB

MD5
08d9f8ffae1f5f34d9eefa63cd0fdca3

SHA1
3489b3adda88758ab8a33e8342e4070f95813f30

SHA256
f1b92ef6c9cc6bf6459517cfa48a512a7c91f47914cde0fba6c26263a25fe6eb

SHA512
17e46a6686ccd515b152fd9e91c6592988d9a990ea0c4b35612e531588cff4b9a543adab6e9acbafec93b3e1832adb3e31c803cc51d6028effbc2587d927272e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d400cbdd50be941c_0

Filesize
249B

MD5
f55ab17c599cc0f218b673245ec9cba8

SHA1
4061c57b602eefc1c7590c37e6ab45c5e49909d5

SHA256
39334d9098efb95ced51b76814ac7a843650374de981a46bed7fbd6b4b609ba8

SHA512
1f790ac181db47d3819275e8e7259c640335cab090ab385d1521e573b2129deb92424482054cb88b00e3cf81e4b4a63e7e0bfed528301e937a5b7a84aeac85a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd82a7993942c6e1_0

Filesize
457KB

MD5
7a60e0e37dcc836307c5fdcf3a1193cb

SHA1
1905ccf7521b16d9103903ff2b82dde7a4a47c6b

SHA256
97e9622c6289ca3a0da6b6bd70dc38b10248a2b5b57747abbb20f25cbfca67c4

SHA512
a96a60508557cd9e0a78d2847d07fbb421fd99c63b35b2064de8298df1cd59d1f0cb657173f6457a674b2f2478c1ef6c64bd6d05e04130ac408214536baeccce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
aab06bd5a42d56e9e7800913986c3834

SHA1
75a6c301c004218662460e1d07b11aade04c6ab7

SHA256
a6f99a7618b6b30300a58d6d181b6d43640e46e5f20d7e14888538bb91190e95

SHA512
2f441e3774579f58e7ec307aa80ccb59d0e80d574d5998627cdc8ddea3634fb0595898c64aa7175d7e5685db473a3cf9bbf2b923bfd9c1a48ab4e7d1000cd287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
83b2df6d0d07d10d21054b79048dc75d

SHA1
2460c9f2c263197a6a7a60cea22114f94dc4113d

SHA256
686d697a12d8862ca0d39e91675552ad50e08a68255d4fbc28ef60713748a64a

SHA512
418e2f692ea38065dde9b77934148f075fac8562465fac493d425267e4d6b81f9fbf80114553c5ef874facc2fae509c04665ecfc720a52ad01e4b8bfee02930f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e89e220294fbed9bcc7287be8cd25ad5

SHA1
63a194abd9184dfd6ee9fe3ecf768334b07efcd5

SHA256
d51772f15e2abb4dd7a0d6b3cecb383e00222d05d0eba28840b448e9ab9d5c00

SHA512
6bf24c83951f414667bcb46aa0f57abdc46365acfc4af8b18d30cfceef79cca66692cab02d067bb5303c6161031a9a97b512af9ec44d2927bfff89581f760f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ffc1c7d47017718c9a86b697f103126c

SHA1
3e31c067dad88a313bf6b9cdcc59b41211e2e312

SHA256
2dc9d99695c29e17b4693dee8f3251d354706193e6a622f1d5556c3e03599cf1

SHA512
e84427e7a03298bac69b1fca143f115cb834e01a2e037dd2962a41a88c6b0c6072d5a836871607b0e6606e2e484cd3c18906c7f904ebb4d1d10564ec65152f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
00b55306225c5ce85dbc1ce3578a9726

SHA1
1366884404e7cfa7530c25ae320b2df41ecde26a

SHA256
146eda42dac24d96193f76b60c6a9509d22f190d9b020e6507605f3c5cb281a3

SHA512
91cb6010b91c18601909012e8c1cc5478728073392a41f36aad156e429786208a54b0369d548ecd6823832b4cd7ff0140f791e191785bcb7660e27e2e2b6fea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3af5437e0b9f006369c20a0143c344c

SHA1
ae3d66c9db67201cacb1163ab71a1efc5d5ecd08

SHA256
3c4bc8e956c7044073c41eae21bbd2d77dc2fbfd906dfefa8530692b478ce0be

SHA512
cb2787cedee595272ecbfb3fc33aa66aaac822c9ec75fc0b8f6066a36ec0a19fb17e6f7c5c4500219d791280db472fca98a1d043323a836c80db6f6965067668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b4432b3ec8fcc69687861bb5ed483e29

SHA1
4a20e8244742ec438baae38e098a520e3fdc3a0c

SHA256
e9d4aba2afaedd2d8960d7534d41194519782b6b3029fa7cc6b4c160a0a2ebd1

SHA512
1b2a748dc68187ac66b1ed963a788b7ffac05d8d6bd8b2a35791d1e47ae2b0bb810f8963357568d77c34cbe84f43bee4e446328837acc5d8b499405aecd8d9bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5d83c40b8f5e1e61db23900f5b82cc8c

SHA1
796d0e0d488d348e7127b51347f00b207e6a25fb

SHA256
493e5c51ba12cd5d0ee0d18c568286a419a5263e20d6a7e131296e103ff81291

SHA512
6ae866fad1c8e59f4769a0c2815b6cb3bb002a02bf25f4265b1727a77b5ba05e338bc920c11be89c5eebc63c12edc9ade09b946d7d36da75312db76b3a59d6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3d7137b354e6a02341a901cddc633fe7

SHA1
1f7b2128e644bf6185e9e13fa9a9678195e55b43

SHA256
46f3b917df01f651e6936b4cc92d1d557d567d838141c3c7c090ca64786d26df

SHA512
9c908f3bed63add10686444479acffa9295fe7670eb26ee1ecbc810f55089de3aa70aca66e7581a0bcb879d8046ae12476e175ddeeab3a45a321539ea31f48ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9c66d89093848744935830ad809bb758

SHA1
6d962e9e6ea3565e832db4829e368832aa4b5415

SHA256
e87d48f81bd9a97ddf619960547de06dfde54e832cabe22cf139a81e23ee0cca

SHA512
0fabf6a0bf72c50b02dbc02925f1b7b8afa90be2469d464459f368e045015e2791b939dc577a45f76701add7c6c8983fc6bce8968f2278c7bb1a868fbf1f4d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6f5dbcf05f26786c84558bccc17f0960

SHA1
d1a2e33adc87c5a2e7b16adfee4f931b4bd9a964

SHA256
4bee3937eaa3099a2c2b09882a4a2154ab245b96609f85c7039cb398dea3507c

SHA512
749df27f9f71e65d2cf380ae34845d61b589589a4c792ddfc041e2d690a1031a5f555b467a69b90254752d3893ba770dc7f1d957e715245a35e3025faed6a1ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4820d059f4fd0587b49f144941eb32cf

SHA1
1c93e628b1839c9d92167b7a36b96f987bdd84e0

SHA256
c0abd16b380c6c70b21af2d46921697801fd1a33a56044f69a55ae65339148b2

SHA512
089fcf14c0ae361df6e3a5f45be22ad4788fb733fdbe269bea695ee3b57db5030bd61eb061d424f9aacffbd6b20728a07836aea141cde24f8a7903c65f01678d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b54d9a25aaf0378d7b350529482591e0

SHA1
8edeb100dd9a05dff2514f2f7d546a9c2e1b8bef

SHA256
b3b3d666a7004814f58014484951cddedd5d847947c852455adda457cd702ac4

SHA512
7103b80ccb17ce9df2fa692e8a10548ce4918c18570c5bfa902f45847f51b282101daca05464615dcf82b1e843b2bc425e56a9ad25a54f4a34b9137e1fd07dc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f138ee1233e5310ca573381cb591d6a9

SHA1
7c34bae36aaa7143d701c44616778e0378f7326d

SHA256
21cb41d0e912a681e26cb3499fa6369788396f60b6f3f853a75c8def6b9b6af6

SHA512
d2f1509519d2af7c625433eb40ca7e71e134eb92c8210db817ae305c8dad19c3a3f2e9061f764e8580071fbce26d610817fbe23a3b02a4de10a060cabae8fb2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a09986d50e77da5962f45fc02c5f5200

SHA1
c6bb32db39c372c4cfe0041ef17a0f25f8b80038

SHA256
e2f116d2dd3ca8fa45eb54a1f3609abc0a3da558ad308992cf8ef6d3078fa123

SHA512
3fb445fc808f9d44039aa7326382c07a415d6657f9b632e8b3f4cbd98d9b3fa00a74d7806950d2facdecc2e63dad335324e6e3fda953135a147780f5ef18f70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b024049717c326dc90ae146dd7cd9c36

SHA1
0db4a2718913d957fd182ae853b75c6cee32dba1

SHA256
491279184158ffcd5fb497e90fc71e812551dd907133175616e673f841092527

SHA512
9e8aaf9c920410759636736c4353fb94710afcb59bb316e2b93d2e00663704a346aa02ea9117f51631aa1857eb3cb11c3f6ce4efd29a4294f7d767a2ee6c8e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a9acfa2dd152e907f136d9f0d442bdec

SHA1
b00cada0e98d94ced11b26b5f4659a701dc3bab0

SHA256
599ff5007bd0940fdd6bbfa8055abc9b73631f07e0afa95558d1ee7696a88641

SHA512
5e756a13aaaacb2360d645d9b1f3096ba6a26da82d613b9b4d413fa6aa01c9b65cb53d9efb8f609e312d45bec3090c9c3ba6c50a772a62a5c40f7f14054d5b4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a0f43.TMP

Filesize
48B

MD5
45e5f73349182900c5dc2cce01ceb3e8

SHA1
39e2a6185eea1a1086295141d3b80f10db82608f

SHA256
1116d6d61bc7702bdf8c71bccfe1988d70c79b88e8cb866e796fa85f209e7fc5

SHA512
63daed47ad6b1fe433346d82090b9b7286417dfe36fb496f89900b82813b1c019cfb05f0da7d08c683950859fa614913d0266eff249f94ad65efe6690f855394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c9f084e3e5165e27bf3b22dc44bb5395

SHA1
eccf8ad2ffc24d67f3db34f545cf57b0586e6893

SHA256
f8977614bf59f43d150385a9348558f944b54e28ebe033fe3d60534bc376648a

SHA512
edbd537e96d92d37335edf425580d4466d958015f87018d2d5e89483bf8dcec0aa6c11310ec9f8cc83b77486ff7233da1533cbb6a6a7b8bb9b27e226e28a7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ff0404fedb06f3aa34cda3fe0526288a

SHA1
95eef750b66d493906ad265f6a8a249edd1dca54

SHA256
d5aea7888988cd14fcb19704c692b1f1ce9a2c535b9fada95f5e387ab02abc7a

SHA512
d7c5657e60d82def5af864de4a262cf953b81c7343c4214dfed8cc725463480b85b39fbb79be5dc17d602dd39fe0003daddca448b92a381962a25427f12f1308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
65f9aa073baf83070a98bc0ace578b82

SHA1
217a34cc34165d688c3a3484e343abd5cf0dafa6

SHA256
793d96641f97137bc598f9639ebeb378f0c85c185e4fec70e9277a43d961887a

SHA512
b2f372e671a54ae718c8910f7382b62e123c976fa1229878ab1a28fc6ee5f1f3316bbf76fd485326a3f76851937950d9bea3584ec2c807948969def1e7f47458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
dd66f6b005b905a3739e87854aee4edd

SHA1
b715c73457921220dda8a68e00681cc3c37b7b41

SHA256
94f9178b3efc54b288fe3a341cb25741f351c3604b8aa799f3cedb95d4b94a85

SHA512
68c2c35ddc040f1029e17117ee703203e1491a853423c407e9b899d40fca47eef67256627e3f03613cb9c8acdeca42ee188f82e162a6aeff96c13add7307eccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
24784b871745dc337e6b923f87d23d54

SHA1
e5ec9eba63108596755632304bf3e678a8a9dec4

SHA256
ecbe60891d5cd58a956641291aab0421d9f141cc96d36eafcffbf7b8ef3aa1ac

SHA512
08a5b175f9be5e0f8e3fefd43079962f178f087ddff16dbc245debe08d3fb9c12bfd517d6bb66a6aef1bea34d22341637a1fd0de42aab9aac0686a4e432e6db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bb477c2d5701c95acf55dbdf03bc8f86

SHA1
52b075833ee371a0ff018c75d618e8483efcc7af

SHA256
944f1f5523671a2af4917fc92a816ee04c746a22edeaad3589ab33dbe461cc1f

SHA512
160d9d7116ec5e730ce5e3644d10122e6037f4ac925462d0df7294dc3f1abd2daf9ea4c45343afb6c2b6d5349bf764ba05a525f7b908ee1349b43e463510e2c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
74077ac3564fafc6f583e9acf4994200

SHA1
a2e4868f2148dbe32e24d9128f214294b0c86586

SHA256
0ff48c0a47d6096aa59efd5d463ac6f1388a7ead0330705bce21a4fd5dd7c3eb

SHA512
3562b166b342f04975dbcc27de5942b4cb24f30dacfbd0e0feaae458f65532fa51ff2a54033aef6d167a653d8e0b6b9d22dd28828e29c912eaa2da92026aeaeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b65df6c45cafbaaf377966abab1e14c4

SHA1
eb39faefd20c10b6e3fbd5532ad8e71d87a86158

SHA256
4ced7e2d6a53480bd10da1e340c7092073b1e72bac868ac3930e26e347c91532

SHA512
3e91293138a337a87daf1ade7d7923fb7a698ac21065f64db439970e0a7468fe80cff3422b39d3aacad9efe412f0034c65e1275e32276fd63fdbe6422bc63775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
74b3449112322e5c0108a80094fbf9db

SHA1
d4bcd934a131af607a6f84a0a2a5129881e2a0ef

SHA256
47c5aff7a9666ef373162014e2db6aa45af096d7d5c24a50f6f4ead276de6aa3

SHA512
acfbd73d44de2416cfebb6fccccf4f603e67bce4eebd3d3add9b485bf3f5c8fc899f7fecd64d5fac2957bc8c101a3d9dc5b40fbc904cb9e6275b84a9c72de75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
26af31e48a6c6fa759f0d75238885ef1

SHA1
b59d2ea1d9ae836f12205939be956317ddc1a6d7

SHA256
fb7c6226b85beb75601a08fd9c3725e66bd04baa397d57242f7aefdc41d4ca4f

SHA512
7b0e9ba7da449531091a6e449bde8dfdc21cbe2401312aec67f959270b411769e8a2c88af78e1c86a77651ac5d916c40cc869c30b7a18c9ba8098b29a9881a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586741.TMP

Filesize
204B

MD5
7919c15f9336c641f9ee94592f4a6256

SHA1
cec99ff85bd778e20a987af469f12da43ee1e941

SHA256
6b3d0fbaae5e1841dc3263afa7c2d107a640338f4a8d44d729000afe97f5f1f3

SHA512
e052b2a9a1c6055d553c90bec58d345e00c77df0521ad6bd7fc88261f75e1a72ae90045bfc49488f7359dfbeed111f6d1b6786643e1f80bbbcb1a71075f2a8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000c

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b7722f2b74cf5e0276921afc82e3f61

SHA1
644f865d554108de1727375e08b9986865f21899

SHA256
c86afd9b40be03b2de9dd4a45e4a84479c4e4f305a4a62e1015f879fb1869f06

SHA512
d3c0bff730dcde43523ed3ac67bae887650f0f5ec729aaa4d63b388428865aa1ce6f88c7b9e8dee4045057da7158a8cdf231915825031ce4a8b8dd514d1fa2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a39876f359e86d42aed6c14f46fa1047

SHA1
e2bd05b27d19e317dcf8d6fc333ff93c7e4e6ad1

SHA256
e468681a3985146083210ebfa04c11dab14855c7d46dbc36a23f7823de0ff233

SHA512
3f7f615a0f7e5b7954f347962da93bccacc600ff183845c88df877f922c836b16650e620b9f8420d25288697ef48082574ffef72b671c0d3f8aa37ef6ab7810c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
da5fcf4ef612a8f095b92a9f6c0c8e6e

SHA1
fe385ee89145c1617f3bc483efff093945200171

SHA256
47b0aa48c431bb40738816bd7b07b2eb3d5a2e81e02ec315048aefe0ac31675f

SHA512
7557fa70470c9aabd56217da03613d03b10339af2e65ac82d0018a91df004199b2d32e25a481487f512ce111c1d7bb6f030edac3628bccb4f78d91b0658c4f3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
5802884965454449f3bdf6c12ae075f4

SHA1
a5453d95fef207384abfde12c7b023f297c7591d

SHA256
3decbbf9c73fd70f9f9f3ae21e8e675f08d2d230eed71389a083cd48b9bd302e

SHA512
fda329f5c217137d882f05fda24144cc2f75eaa5e77c6656f9353f12fd8e138ed68118380f33ec3330b05e1cca306ffeee47119b54aee163c892ffb8d4936fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
cbfbb0bc44ef5e301fd096c9f1ce4d9d

SHA1
2b5464108a275e1ebaa7643e0ff53af97d2104e0

SHA256
0e0270df65d875f14c46e5f5f8e574b5ec450b59f3186c5a745a1cc938524485

SHA512
321fed5ae76b70ff30325c697cc974659fb213e87c4666ce7ae017805917823b2497c7257e783ac7ed2bca9107e2cdd7f1acb9c090af5be21a1911ce5dccb68a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
619aa214a19401aed27e7ac0d2354a10

SHA1
40ad534d5fcf769efffc22e4a6e35b156f5da67b

SHA256
901a5bf939dce06dcbf42b1c00758a4f89a9dd328fd198ebf58125a028c7c7c7

SHA512
9300fec579f120f453118fb133cbe3a4d308952a68f27defc916a0a5a0a0b5336201ca07500112c94b1fe68a0f86075fd95cbb87777fbeb604a1ed924d857e6f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
87b8b90247320b6c2301e8ea53ef4444

SHA1
4a7bf1b69ae8865b66e797a8eb0bc7c95ccb51b6

SHA256
7cbf081742fb4e0167185d53254f6f8ecbfa943cb7a87544b24092ca3aa70a2d

SHA512
1dd30f80ec66aee44e4acbe23f6fd89cbcc7439a8665ad23c0015ea020a0d1c6cdc8a21ef8a756455b18a3b43df393325563480dc346e4b7db3f0a5c36ee9838

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b030fde993056f471118345447ee8f4b

SHA1
4f54e4666871e819042c2556a5f77963c4de10d2

SHA256
a503ae21de72add3323145cdeb38f3df2d499cdde3312a7cfaf1a2f50571929b

SHA512
61fa3c851b9754f7e65d0989bf2fb791eacfd7daf487fbda0976a02ef3a95efeacbf95c720b4fa4ccbab4faa3fb7b40f6004356b4dda164da2754cfa26e4503f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
dae534f330ea80b408381b12371403c7

SHA1
c9559749ee7242c96c9849fde46826f26c9e3408

SHA256
7e86a650f59bc5e33b55d055d5352d9d5f362f399abca1643d9eaa00a4151129

SHA512
694ff91ecc43dcd27510fda4e07e72081f62136f1474aabcbf5c346cf51fd5d82103a8509597596eff6d2ca701e74c053396ea7b11848969f12f9df67af18557

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
6KB

MD5
9f26b96f2481d42ec851c3077202cd9d

SHA1
80edb549758689c1e7ada535045446175b9af0f8

SHA256
72ea9ed60934d7043d9bd7778cc8d4ed24eea312575fcda36b28b961412cc74e

SHA512
1dcfb6bbf84b3c62cf68a6647954efbd245cd6cb8d8ecb6e821ea2bc620ea776fb21d94d666bea2ac2fb1ef3b9434c8823baed5cb1b0df82e9af576f05802b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
25b0ea11bd491e1188e8f2440e44f8e9

SHA1
ad11b24347a3315ff6fc1be28c2905a67b7fcb38

SHA256
3926cbc466e6aa1837182b4fb9efbecd71e2135a95fae83e3336cd560cf69da5

SHA512
0162ccda280d0902ed02777da43eadd4c992bff6af4bc850b28d09474d9845c4b438070333856113e4345e2c1a9c170f34a708e4e740ce62ce0efd0d5e81975a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
16KB

MD5
c832b2d1ee4f7825710f5513d5a3a41b

SHA1
23412e4ff47f8e8ecb9316adc78221855a07aa0d

SHA256
dd11c7578911ed6d2a9e3171e9848c299cca9e1386c8b38bf9b2850d8a42ec42

SHA512
d9c0ce30c8f6944a62eb510afc5322c3e06a0951b395a876e327cd342ca2858bd7a1c16e0b72d8b3f5694974d4f351bf6bc5c40668142788c81089859f21ce9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
2f4e0fcf06876e22cd7116c92bc1794d

SHA1
e794baab922d7cfde39f50629f78a428e0ca4e0b

SHA256
0440240bcc6768133f7466a6d678e853013a7ed4047f09955624a5022ce5d4d2

SHA512
31a56bba17948d7f21ddfbcaf52b6222ddc5675fb0350198c4a63f928640af9bf102a49cd4a45f87b3aac3654e0922f4e09e84eb4c953b04edb9d14f7054e0cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e593607b22c3c8c582d7a13e81d27b3a

SHA1
ee380f2b7981ec505a4a2cea1742230085553183

SHA256
b9fdf58c70d1fff8ec5a2e350c2fa2ef60ba6221b1085e9e5d58d0e22b101851

SHA512
51494f09be34739127f92a4403248d24a62718343ccf09749bd3826f51b93eec9097676353fef3b9b45a4d67a1d18c63e6c121894da2edca0363fcbe939841a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f94dae4b480a6cf1f3be999bd49c5405

SHA1
255f10d385f2ec23776799cdfd5ee985afe705ea

SHA256
84b8bd53c080834ce5407685a4ac1562ef80aba4dd1b61fd169b3e8a00fd666c

SHA512
1d90a3564b313072fdcd4452d78cf943e98de69928efc4e3c8f5c4a3a4ebc93cc791020dbe0742d269e6463d76c320ff9a51f63fc4f16e8be7b68f94a1e4a31d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\36e6e87e-594d-4ee7-b8fb-d70e7fd54e3c

Filesize
671B

MD5
af407b9d15610f276f1a631764c5ba56

SHA1
8c23efbeacdb13bc5a75594b6db4957806292ebb

SHA256
23d2e219c3fc05057ee8b31e46d4a2bc8c8b6dc63fac311564d4c29983fc32d4

SHA512
3133a19799a74c72ac0782bf1ec208e0d9948f3add724c7421bfea59f1e55f9457a891e6414ee39072c80908bcb9340fbf08a1562ebe053a7540ef53f3b4fabb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\d7b1a573-0f67-4021-af44-5e2676b67c3d

Filesize
27KB

MD5
91a3222df9b62b7899b47532cdfc74b3

SHA1
a31acd98d74ccfc44b0a68aea99be4dc714a2ef2

SHA256
fa66200bd2743598351decd1988d9e795eaa3e33c8865bd7e22c3308c904e640

SHA512
ca485068d3fe8f9e3871651ca756a967a4a86c977fd2558bf7b7cdcd7e6967050d33b0a261224bb549260346ebdc3ee0f38c7a15ec2e718508a121157e854daf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\f9a3bebb-200d-4b01-a878-0844c2bc9777

Filesize
982B

MD5
e3b30bc5b896d9248fd05a09618a98a1

SHA1
05c4714c236ba836b340fac8a0ff1752998b92fe

SHA256
cc0eca45887ce44d1eb0015cc704de69786455b542e737000a14c92e5fdb4990

SHA512
995ac4cc41a6a0f6a2080e3858b7b0f66be1250af8012b9da34aa7d83163fae32706e942dacd9f489bd67acbdd2af22ad26f6ec753cb5dce64b6d1b63e9309db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
745e08dd25ce3dfbd570221e361848f8

SHA1
3bf8848b358d40eb55ca642721f361a52d128f0e

SHA256
b5bdea029dbc470d195a536b0b543aefe11b238c1fd97093a0301255e5935676

SHA512
f5cdbb315e0fc237ccde88732c9a92c56a53576641d8b6da2ba9acef3e14836bd9ab305e4a99e6f2f5dfdd125ed54216cdafc2bacbaac72abf423db4ae5a79e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
3750445185e8ab872968eb7ebc3cad12

SHA1
47210338ad45f69855cfdd754877238097c66573

SHA256
944b6fb3b47acd1a5637400cd04d59a43bec59ba382a982b2799a7e5b590fb71

SHA512
54e6760fbac071de19e6502debea043cfd4731d46cc060abde74c05fef773532880f99734b07a3559c1f481170721edcbd1ff3fa29d3c05d5982df63686a5511

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
da3eff58a63ec1257de901e6b2164cbe

SHA1
dd4651054b3a31803c84967a6961ea3b10d39ed9

SHA256
99cc84687f4c241a826b1cead80bf5c608b5b4f5b51146eb06fafbe95a497ed6

SHA512
0f63c7d175c672e200eb6df8be3c360cd8c0b1c294da6ad59e5d0150fae131e23f0d6323696d76f724b37e63d12f4d437b804916fc970a9481731ea8b025a7a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
8bae18337ef0f4b5b710853d56c0d6c8

SHA1
a1b7109321ceb0a763b72635e1e5067c7eafc0cc

SHA256
85ebc834fe93b3f8c6c0f4cef3371d4888389f9a88625b12ae752123de5b4571

SHA512
bd002e2abce32069121e852c8ad1a5fb51e500ebc93acf12661d2ff0216fcd8d078e0af20417444122d3c9a4cada5e7cc2639915337cd25fc354211df4b2aaa2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
27a457e6db3303aa6e71c5c11ba0d8d6

SHA1
d3c60f73f9ef693287a8a45d43d0bef65fa733cc

SHA256
7628d0c4d4934e96215e14303c2aad50aab87950d406f7a563eadcc8cc27fb56

SHA512
c5080f426eda269abb6f9316cd681d69805c77c950d8b13b2b7a97a80395bf0e3526925ee23286d3a7ca89905ca50f22b72bdd484053e3392b500a1794cbdc05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
67aab989bb0cecf0b990f9ec6cf5033a

SHA1
f9be351e2c570066e794f5ec12c2223dd46bb372

SHA256
b2464e15868af09dd54445d8981592a0f3ae100801b1993b3e68b8d3a171044f

SHA512
452f9e334c14ef26b1d9ef2cb7210629f954981b40e93d9550dd1a4e429354bae9ce3ef43f9224fed01b4d944657bbb01f516e587150835812abf550893b5fe2

Download Submit