hxxps://1fichier[.]com/?5wssorji4yi7e0k5binc

Analysis

max time kernel
204s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-10-2024 23:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1fichier.com/?5wssorji4yi7e0k5binc

Score

8^/10

steam discovery motw phishing

Malware Config

Signatures

Downloads MZ/PE file
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

294 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html
Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
294	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1836	msedge.exe
1836	msedge.exe
3228	msedge.exe
3228	msedge.exe
2876	identity_helper.exe
2876	identity_helper.exe
7000	msedge.exe
7000	msedge.exe
7000	msedge.exe
7000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3228 wrote to memory of 4576	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 4576	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 2104	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 1836	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 1836	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe
PID 3228 wrote to memory of 212	3228	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://1fichier.com/?5wssorji4yi7e0k5binc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba9dc46f8,0x7ffba9dc4708,0x7ffba9dc4718
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1712 /prefetch:8
2⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=476 /prefetch:1
2⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
2⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
2⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
2⤵
PID:5728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
2⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
2⤵
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
2⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
2⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
2⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
2⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
2⤵
PID:5804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
2⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
2⤵
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
2⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:1
2⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
2⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
2⤵
PID:6328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:6860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:6964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
2⤵
PID:6972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
2⤵
PID:6156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
2⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
2⤵
PID:6656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
2⤵
PID:6676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
2⤵
PID:6788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
2⤵
PID:6128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
2⤵
PID:6292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
2⤵
PID:6088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
2⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
2⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
2⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
2⤵
PID:5920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
2⤵
PID:6708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
2⤵
PID:7052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
2⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
2⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8156 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:6520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
2⤵
PID:5828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
2⤵
PID:6968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:1
2⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
2⤵
PID:6944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
2⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
2⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
2⤵
PID:6768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
2⤵
PID:6304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
2⤵
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:6816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=920 /prefetch:1
2⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,15178889596738606430,18139244758318625368,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
2⤵
PID:6656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc 0x300
1⤵
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
63KB

MD5
54f20de8a9081fccaa118be5bf3aa347

SHA1
9a6f5952bca06500c4df3f5a26a54955e55ccc14

SHA256
b47847a633f51ffc2135e83796b686532acbb5876025eac6d20a083502315834

SHA512
488522b5d5dc119f11e33f295fc3a2537cfe8360287ba619eae02d70629d6bacf7ea9f8e85a05a1b9d84a0688922e97c7d754c42d5428363253765fee35f6d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
27KB

MD5
8d327694df3ebcbf19980f6553fe85a4

SHA1
ebee1e2e1c18a7df8be0cae7981770823e4db97f

SHA256
476cdac0e6b6f629fe3ef9716991455b515d87dda1651c3be37df4f3d3bc9a36

SHA512
1fa16800389256b0a70a4f519fedcc658ece5971f07c363bcb77b7267b1e9c3991b7f74be16db6223ad3b442029e4014e46ea7c87719c25f795204d2967056cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

Filesize
49KB

MD5
7450bc3c7420bc5c1de8a4b5ec2d0cef

SHA1
583a1dc7f6b2750c0749633ad589442c15676267

SHA256
eb210b6abc60e5bb93d2a62f6467a74e9c7ca917dbc43e64b9125c5f2af2224a

SHA512
b4cd6182d040e971a25bb64ddf32b817ddd80df0f18363c9ed373b246f571f421014cda6fd5fd468715a183bbb0ddf3a62a4ba3f78889489d2b3344d7bf596b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

Filesize
95KB

MD5
a3b9848a1ec768fc4a372c8943c70664

SHA1
c3a0cd789a5f35e24b11358f74744aca3eff4e05

SHA256
a5f5a81225a39d27d6b988a1819629b35c71bcc8822d9962323400d1523375eb

SHA512
bea4a8fb32b1c03554568ff3b17857a20b84dba8f685d385dc64b71fa7a3f31cc530d8e7264e4b2a36cd860424f71a261564b3fd01bd86e5b8dcf93e2da568da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e0

Filesize
380KB

MD5
23091cf83d9f830904f69ab04a600c0e

SHA1
4415e49af4f826af99cb9791ace61f302f09cf48

SHA256
0c1883501836d2ed6df0de33c6d32e8cd43911cf3cd4ef9d5ddf71855e3d9ddf

SHA512
46d1a74a33331c3c7143ffc8e8d9936afaffc01d2af8173054383aeaa8323cac5747aee57ce9d14f56dce6b0f9b7ebd5e806c6aee24d091c05a87eed545a659d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e1

Filesize
76KB

MD5
326b402e00a471afcf76c5b9ca41d2ff

SHA1
e58fe8eca39d127eaf831e062eea9c9c1d6b18d6

SHA256
bd6e6e69b452779121681aae5687c23ebe58aa31392b1b13d9d46ccaced6b9c4

SHA512
775e8f88e31c4216779f182d75dd599891ba11a387ce9b78818d661724e3688f1a075ebae2bd430dd7f97e69d81e04da347e31c91e82a985b04efb9e44a380c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e4

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000145

Filesize
174KB

MD5
e43d40483be5db1fe73de902c6e39fa9

SHA1
c54d0657aab3c0a95d978e5a09af53ea6437aa3f

SHA256
1edc0dcb45802cd16574764f1db2247f8c1af77238907afee9f9abd3e572eab9

SHA512
23aaa94b50118ff2a6e1d2eb4f85a93d35a4c96761707a58552265541e2be644af92121b5243370134fed57df9f7984e404e75f6b5fa04051edc11d23fddcee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000154

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015e

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000164

Filesize
215KB

MD5
0e3d96124ecfd1e2818dfd4d5f21352a

SHA1
098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7

SHA256
eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc

SHA512
c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1cfa318337084cf6_0

Filesize
252KB

MD5
d656a0b0a3075e5ebfe9b5f489be94f6

SHA1
9fe522f3f57f8f787b77868a866cd3e0fc6061b8

SHA256
70581624ab9bce534655c44a19a0ef980a3640950a44d3670b911653ab425a91

SHA512
7dd7887f0275500e4df9e51a7a16deebe043bf9e80cc7e648261ba3e3d5bbb07305f011cc328860f960f7c7bec229ce6f4b7fb3ae7b205cc002a719601c80dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2efc4fc3679cfe4c_0

Filesize
135KB

MD5
93a3edae216fc8d402ad95df989fc168

SHA1
1017ed4a3d79feec44b352fde986cf6e1b23e5e3

SHA256
458a443bae60401548fd27dc255c440ffa2a9020e2819965bdcdd09d3f914c16

SHA512
ff4acbd5e5a5eada184af57e2d62786bc6fba914fe58faf27abcc0e65d560cef1358666c9f11d1c18e74adbafdbd942e35a0d49800ad321f0baeba56f3e2eeb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45b9ce656733ef2f_0

Filesize
421B

MD5
e1b336f13344c8685ffa72cf12379279

SHA1
90e71078befaa9e51af45dc6069e7ddb246ca247

SHA256
e6391de2a30e971f55ec391c78d363f9d3a6b763f949881fe74a79aeed2c8d0f

SHA512
a32f517c2874a3bac72a896f7dd5c4d6c8ed6222fc82cd3002c7831294f51742b118617bd936a6c7356abc7baf0020e9c18b825f5f95022476126e0a7093b319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0952995f2f15d5_0

Filesize
394B

MD5
29fb6cee9d64ee3f02f68583070fd0b5

SHA1
31b65a89b618141e4b9c1267dd1594e4824bfc91

SHA256
196582b5686eef771cf0023e4f24a7dfa95d349baaa77f2421894214afb3bdbd

SHA512
de261139c70c50c9716b03b0e2966c077d5e74baeca3bc4b77df2d468e72b5c72694fd62a33ff86b2a61b7da0a5c9c080c81f80d60b3a05a26a715aa2c628b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
8d1917c1e950cf0bdd9edb68acb0a332

SHA1
400d89360ec7d8b8ad34370b25a32de539867f60

SHA256
e22ea10bd85d747325c24b06c1fbf9ba8e4a3b941cadb42c356e031b1691514e

SHA512
e79ad461fa73b92b354704a464d7dfb7d2ffba4cc7bd875bbaab4281a91fd60961aa5bb88b8a6613901bd93d9ffee1bf7c9846353f2718793d0c8e6921dc32f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_firefile.cc_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
da3ca9567121f186a820b35af8f54af6

SHA1
3d1d709dd4dec5df2ba4582d398f005c7250797f

SHA256
46e4f05963fd5d7e10d1ed4a8ac57890309ee12b8af8e8bfa056ba504cb76a20

SHA512
9df87f69391b7f1fa5f2e06c02e584a93ed09647b08fde16d1822e2f9b6c444476ede8c28d6aaf131e3ca11f67162873c1308511be83bbb7dbab6e01541f9aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
b763c6125f9f4ae11b73760025993723

SHA1
090070f6c121376962d6cbd17329841c8b40fb0d

SHA256
46f13c2ebe311d472e0d14b670c1c5537923741b3ad7f4976654966c79484e9f

SHA512
8c7de20738a2410d4b35817ed9f108904d7e677320d1ef9b689d45e7cfd7cd9a84dc9e819071418506c4731f957016e9aacf2239a168a28279f89ed8bee78f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
19847f8ab56b010741bd5ac0e4383b0c

SHA1
bd668c045f8f5fddde7d9b4b0ee0075fe8317e2f

SHA256
f7f8c0c8a0dfaae0d19bce9cbf272e82243233aad42ec14e8252472019d2eed4

SHA512
238cb227d42f5ab65038d8f6a476a6b517cf13d14615a571840642ef9024eef3e6eef401d2f2144d6dac4c312f7e49ce55eeeed78db76bc5792d7aa5a2d92ce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35a132d55d8b8343889bbc8768c7718c

SHA1
7d4b0f69f46211a3f22d9a0bd9e978e9c091ba11

SHA256
19b4f6f72132732c97b1f433f6be7b8d652341a4985686180d1540624ec55c64

SHA512
87fe39416c54d06bba26ab0a3093546fb4e64a62083bf1b49a67a195b63a8ac6e933539a9459305c187586aae38739c3768bc4efbb5fb5e9e7998dad497bd89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e29a9bbdb95ed61c1a43c0744592564f

SHA1
d74b931e62cbb8e1d8ec49da5c2d8cace88140cf

SHA256
50c024ca88160f0a08e1c678dd6b2fa3906db5062e5bdfd8c7eadbafd7fc726a

SHA512
e4a2951daec53b7d5799252af8bb9c61d82a5df0602a007fdcd122f43f2b9c44d861f707d0124e3286ee20759835b10323ce3190d54db48a2298231f18f4ef47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
57f15f7b015e542f69b60fe978b80368

SHA1
acdd6c66acef9a50fc6b33fc70481ffb3d7feb49

SHA256
e7c0ab08bbd73cd70569b9d09bd7526f4a36d4d8033bcda2b77cfd5dcb3cd794

SHA512
71223f3cb2e712a604771706c2e1b933917e1e82ce4951349ae3517c2b9aa51075d2b1df7003cd5c8a49e0cf654ada8e813a7e24b8e997384fc3d253378b5cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
7d5d818485858f49757d481d03cea1a9

SHA1
7a2fda9726175fa8a4f9ed9f3f14fcce59392657

SHA256
0afea439b960fc7630f208e1c955db4beb2b61c61aa2cf4e159e13aeb68d164d

SHA512
2529bccf1581f3eaa20fe02c3d3e53d4f5d298fbbdce64f33c1b9cb6894ac3c3bdc65d82170907286d83035e59aed672e47156e7c0130162f288e1e454e2cb2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
8b5d2f78e2b0cc5405ff948c1147c869

SHA1
9fa1b17c12ba130948ccadae221fca340028a577

SHA256
d03482e88cff1cbf71f3ba0ea2fcacce93569fdda87cfcd22826904f1e778a47

SHA512
034cea3012a87df5b8c8ef939fcbd425c8d2a9cd72685adf5c9e2d80fa726e0fcec386100819dc140b11b234ce26ad8ff064b96ac222eeb099f7c1cdf9fbaa4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
3666088694efba7e7fa83e3c7843122e

SHA1
1106a0e636dfb377de22e93fe705c7ea27f5ac92

SHA256
76eb37ccf02fb25a9c3404c447d4f2bfec2cd7a4f3c0312b6f7fa0f24adc8b11

SHA512
4b4365d68c39677704b287aea1a20e2761798cfa5afdf31bea9687846bf100dcdbba559b7e52330f880dbb27de80438b6ca5b6e5642527ea3800b3e3d3ccb2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9f4d47bf5b537dc3bf578a43e7313f2c

SHA1
5ef5ccef231a74ef37185b1303a79c1bd05fb90b

SHA256
c07846432c4f9463f5ccabe2097e277c30bad22a3387be3cb171cbda9c03f399

SHA512
8427f3c48f1671b1e9ccb08eaa592e5ee702ac9684b1f68204a6b48f0b69f9acf04b6747be310a935e8806373feebc7014905cc414beae344f635ca5b87185e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
2c99c7c7997d7ceabdcac889001e6ca1

SHA1
e3175380446b0056e16e0e257c82b7e1edd7e4a2

SHA256
65b9aac8c49a68ac70462e0e9f2b1c52698d1af702886d3168879b19d7b4067c

SHA512
c6261db8ef34ca08804a218a67553efb8a3566eb53e8b6f9f212aca12ec16754c3b81dd76f30ab6231b4a0a0eb69693359a44804069af22014a29cf6fee3de06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48bced1f59a4ae2d0632da6fd426eca6

SHA1
f91dccc3633f7deeb1e4594d328ab9de27536f1a

SHA256
ef47d1622bb6517e6ffb336a6b75617c7b18f150ba122e0bd8368121a090afdd

SHA512
1c330817169c975fd97c8c7c44d231a20595324554e7152f642ff01e768a2ac17ae70bbb294e21f77c336ab13dbbd69382d2fc378e767bc5c2b8fccbbfe507a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a2d6f1e4fd2dcaeb25c52be1a9f9bf40

SHA1
0ff610f357195e6fb7e028bce2518671ac2df362

SHA256
22a0a1383ca73b30ab337e4473cd269f795d81072d2424a4b12553dec336c7e4

SHA512
ea5f2a19b69d8bf2fac45e3e63606c095e21451315f3e4373b31770f335825bf684e3188cd0c7e90c674a7217b2405b9961fbc0835ddd5258bbb247c7494a5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
cd1ada51a888b5f0bb1b503be05bbcb0

SHA1
fa6c43a5e6a51e5fa368f2f3cbcc1e2124ae63cc

SHA256
fbe511465408f7b7b1a10293326ded19edbbc58fc35a8b0db5412116a2fc99a1

SHA512
cb4047aaea3a70bdc66e4fc828c488b57b3a763fde0b477a19b63a811736b77bea24928232ffae25000ba24197df9a2e25f6726041b266f0d72a8328bc13c711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0c597e276fef3193cbbf3368d7829c61

SHA1
0efea19db44b8724a8abf256905044432ed8716a

SHA256
0496d237cb1df077f26356d90183b5583074ce8d63ded07158cb45220f56eef0

SHA512
92a147db62fbe06c12541c468f3415ffeeedd9c448b5d7865986af995076d386c04050fd6e3a01ce331c65154b03613076fc67d7efdf076df1080138f55c964d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e0476c0326c8a7604916af53e5a035da

SHA1
5546fd3fed00a45dda0650c298de243f4c8b56bc

SHA256
7c78c25724e81d9e91c5243bf18cf28aa262e0dc25964e730a665bea56cb5f6e

SHA512
f5e9991637fff60102794cd4ec12341a39e863dbfa4c525594329b17a83b40e3166e5a74cc909cd9c157a1610980ed2202add6be235124c5c74a95964c877781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
c8dfe4a9841ac79da93229e51af093c9

SHA1
75782970a1ac67622b75b75bbae5956b67fbfb51

SHA256
be30d21b512058e14f9049f4ac65398681c5be9f6298f9e608c8695a470e1c62

SHA512
78b49f36a07bde318db14b959d6fe68d1493a9eeabe6910bac6706dc6300fe6a4c678b6384b3fe17db1198f804d75c7a0fdda604a023e1c264d673514e2c3d8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
47a40c42433521cc25645a900e13e693

SHA1
0211f1110f56dfe78b8804966feacbe92e5e66a1

SHA256
b7ea0cb30310766fe40829055b2ae397b26c8a6772899264d30843b931938ae5

SHA512
b2f4935a310b18568b959e375e7e2b8437dca561ad095b6f013a405d407d7b0c944238c75434823960286448dceb606d96a1c463126720c6ac8e5149a1505937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a8e18.TMP

Filesize
48B

MD5
b2ccf594479d7518346f184613eb9fc1

SHA1
9291048269525545f9396cb3316977c947f58ed2

SHA256
91ef26b5e6c42c290f9de964e18cdd73c566e1bec04812a22c8f37e7c2cf771d

SHA512
f0d825062eb3bd1a7d58dd48065f64995fa809cf3f69ec40f5b93bc057195d670f4db0fb6f0e5ad84c137678747deb37062ce46a40126bcb49cea9089248cfcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
00af956fc42aa03a0b091537c5b10a38

SHA1
1980cf32691e0c32d7fe247d604d6dd160ca596c

SHA256
0f8141b6d7f88ad6e484d6d6d36a0dcb16ac42c0c6186d892df8a0c477186967

SHA512
36ae95626ea96e2cef2978eeb1356ac243baf6484fea24385910b9e411344b07a7650a376001eb5c975d2784c53ea0c02416f9dc82d150d21487460de187ae9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d431fe28247bf989111f82abed31c032

SHA1
4c5702251cc5c317141baab7e29d570181ae54a2

SHA256
4fec4fb3156833593b0075dcc600d843a4015870d3f76e67614a531cc27ec740

SHA512
cc1cf50ed4b576672aea7afc241f60b2ccc9494a5e7244a4b20a311990b2b03efc4d01947394faea75ad1025b4c5ea74c4e97c6f580261cc1ab59ca354ae1dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
30126f60869c7af0488729488ed739e5

SHA1
dee6cc52722821034719ab7d4ac8336a90478b04

SHA256
04aac71c2ab6d8a7ce1592aead2588499cbe89e631b3b0ccb316421b6b3c5a71

SHA512
8bfd06758486f0ae1e1e5c1c588964875b2e00de1d51e73965ae16b1f071eaad29ee93068690d206db4fd17847c9dbc8588842c0ab5aeefd29ab640a5a2e5861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
16e88b0e6ac4a75314c83dfbe3b29460

SHA1
cf723b12aa7491196851ae3b33269e9f33c18a40

SHA256
caaa083afbca179ee9e832dd44149cbe2c7dbdf22cfd90dfc7e421abf6255d0a

SHA512
44d96a09e11b934925339066f000e8346895d1e453a7f3a7875d1816560475c561b63b73511e9cf838ed35bb37359421c73ec4aba90d031d4a2cf16fea880db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6214338da5a2a8df819c00ecb6985bf8

SHA1
6e0f9cb22b7f845acf38432af99b232cce416db0

SHA256
a197db1e91ff92a7d393424cea040e48e331dbbb8ef49a0d4e3639798df3fb1b

SHA512
b49aeef3aa812d0dd1887565078e6d3f25f31fa1e0cded6f4e48e4bce38a83b00df88074f12321a8a0c36bce9b4a31bab630ae3eec8825f2f9e5504224a7d378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
610791d36e3fe514428f29a6cce4b725

SHA1
889369b2671f092934e9599750e46b2ef132121f

SHA256
5cbe682456ee233bf3e7292baf8434152996b796752b4f6f68316995886038dc

SHA512
ecff3f210f994893a7aebe03ebedc69846d0af4c781ce05fdb3afea80dadd523820681722e4bb581ae7983346f68329d9b6944247849ed553d5b1ea30c08e1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
1808b271fecb5b38866be5a3bdc17844

SHA1
9ecb66f88967ed0927071ff26042a83536383b0e

SHA256
c52b4cdbab3dcdfe0424e722feda5eaeebcc0d6b25befc3f1fa9bcf455c42dc5

SHA512
8ca16365c566f6aa0bc90cdca3239386e56aa1871486fe1771807b665ecf297e898f2abfb80e689b2feb7818da68e900eb9980455ca35eeac928924b53fdc09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6feeacd89a2439db787189a16b2b481b

SHA1
327186003de88e5fc693a1a0ca36a1d61bcc9b6d

SHA256
a533212c7d29ee7f6a7eb33c98a8b0453e63f618cb6cf1c6529e29c680e704de

SHA512
af5746ed2eb5083b2fab88238b9bea3e66add2b10531828cd99580b1a0f879b5ccaf6c90612d5f18252682b5928b45fde5de679bc3b2e016d3d1dc49998a3a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ee8ca5aca696d8b278926d8d6d1eaf14

SHA1
ef5787950db5c3ff2149c4693a57277f1f87732c

SHA256
634291abc85ec1c81561139f7e4a752627e198d9fffc0f0543a9e2271cfed3a2

SHA512
61daf8ba4fdc6f1a0b4e21c40ca8c3d3f2a6475201558cc9d3c1277db5eef8bcef832f26b650595208067c077cd57ff5aad5c9e11862d619c0eada02d9455ed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b8581109a6b73fb5b7188c8a41868823

SHA1
5bb9286bcfb266a61571e624f42a343eacd491fa

SHA256
bafc7da4cc787d9dd59fa55963a3e18f561cb97c5e7db29d31725feeca9a5f76

SHA512
1e83c830dda3e4068d3ecdb367eeb60887dc490e62a2bf5d601d6c203737ad5f66009f38dd3d81c9c845b081f134115669a47da435b167d2c0a0746e197e16d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fe16cf80d364b67da50aea7f916a7c59

SHA1
fc692597ccb980bcab20c685f0e52b8549896edb

SHA256
79aa5b9c737b3dd394bbbf2787e918196f41ffac811c5384a4cf5a37ae221a28

SHA512
2a782ed5d104faf91c56e5c3005cc6a05ae282ca48587bc9ef3abbc2b32f0c5de3dc94c5c73f04e69e351edf0c59670d621baf7e1881106e149bcef1bf9b19f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
e6165e0098e77ae305de86c04367762e

SHA1
4393376c94d951a8e905d5422e4716cdbf317db7

SHA256
14d24fd147872dc5594b3b2ef36e5063c1925675d9f7f55bf87abbd883705fe9

SHA512
ba675027b8b396867e1e64ee9a8077443322fb63eeebd55a8889c0e30773f43d0772a78a82b54c1f7d746f97870180f29024497f5d89861cdd0a679b2a54a7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587143.TMP

Filesize
526B

MD5
0cbf76b8c380e0f6fcc180780871cb8c

SHA1
67b99dc4c20dd9d379cb7ffa347f63239c6c84ed

SHA256
5d0d373680cbd36ad1030f4778ae821624859346377056e79613f53d6f3929ba

SHA512
6e20aa4223323ff013d7977fdbc1b4050d4b9b826943aabe4e153db7e90011cd67fbb50294c52e9d1f23ae5a42b13d432eea39d175c941404a3e2cd7a9fe1ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe886ce2273277e17ade9b60e8349d4a

SHA1
71426172077d8afbcca5f6afd3315c2e598f2837

SHA256
39dc93fa6c066d47639d993fde6edf5ef91f76eb6228e85bfdbdbe9c9f1def6b

SHA512
2a14373b81c755541284d4da9b424e6c3b0eec7561d2872018e0fbf3b210efb7b11fd658639c5f4e4832206c8cae5d2d1bc5fcaf612f01ccae33f2413c61ccd3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
75d0555053aef044d7a997d49ccc42f3

SHA1
7c65cc363a392e49b94b9430792f5b363e63d18c

SHA256
aeec8a7603b3ac573c42e9241a09fda4d7d904ee0ef4e9dc68d83eaebd809522

SHA512
f50a8821879a0592d98574114a109b16f188051abf4fc196d588072f0a0ad8b5eb4871eb1e22cbbed1846646ed488ed66363a18a42e26cf2133b99622f19169d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
62f9b3136cf6620684a510cae229fa69

SHA1
e09978c120f9171842538bc04991f57589cf9de5

SHA256
63482be9da16484b7ba974a1fd3428892afa2ab8b01881ad7625c5ba869e5178

SHA512
7bbc1f49ecce40479f466590cbca34f2a6f41ad57f8730df67e0ba6cb16b2c114907955453f0134032b06e9fff256fe7fc39c8079837deaa592e05a5605a7c12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9f32ab0a38e1eaf6b9e97f70a936d775

SHA1
0cf4dda81fa3da227137af0a71ff123327cb5e6e

SHA256
b87b781d3d7aff3c9e09cf9a356f90d9a1a6c089785fecad6ac39926ce48afdf

SHA512
8226cae6675814c4b1f79a32317cbc4cf44a2f909917f4bc74732e82fbb4bf77a6917881b4713554bcee39fc7bde1ea55ddd823cfff963d60f8897ef4660d116

Download Submit
\??\pipe\LOCAL\crashpad_3228_QGEMSIEUAKPFLOGW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit