hxxps://drive[.]google[.]com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Analysis

max time kernel
141s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
24-11-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
6	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings\MuiCache	AppInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3870231897-2573482396-1083937135-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe.AppxBundle:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe(1).AppxBundle:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5188	msedge.exe
5188	msedge.exe
232	msedge.exe
232	msedge.exe
3056	msedge.exe
3056	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
6080	msedge.exe
6080	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
7092	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	6052	firefox.exe
Token: SeDebugPrivilege	6052	firefox.exe
Token: SeDebugPrivilege	6052	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe
6052	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1292	AppInstaller.exe
4420	AppInstaller.exe
6064	AppInstaller.exe
4656	AppInstaller.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe
7092	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 696	232	msedge.exe	77
PID 232 wrote to memory of 696	232	msedge.exe	77
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 1076	232	msedge.exe	78
PID 232 wrote to memory of 5188	232	msedge.exe	79
PID 232 wrote to memory of 5188	232	msedge.exe	79
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80
PID 232 wrote to memory of 1232	232	msedge.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ylSw1pvV-PPZ5pFYY5F8EGwStwPNdPUc/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36cd3cb8,0x7ffb36cd3cc8,0x7ffb36cd3cd8
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1224 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9624 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10284 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10680 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10872 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10928 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11084 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11192 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11952 /prefetch:1
  2⤵
  PID:6364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12144 /prefetch:1
  2⤵
  PID:6376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11736 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11712 /prefetch:1
  2⤵
  PID:6244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10868 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12416 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12408 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11708 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:6784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12316 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10288 /prefetch:1
  2⤵
  PID:7156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11316 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11212 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12468 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13196 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11396 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12284 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12764 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,14315852966750101683,7203273870830376772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12980 /prefetch:1
  2⤵
  PID:7396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2728

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4420

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4496

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe.AppxBundle"
  2⤵
  PID:6908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe.AppxBundle
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:6052
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1844 -prefMapHandle 1832 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bda73bd-636b-4aff-8b38-eabefd37f422} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" gpu
      4⤵
      PID:5552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb345a3-667c-4632-8ff3-2339827920ba} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" socket
      4⤵
      Checks processor information in registry
      PID:5356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3364 -childID 1 -isForBrowser -prefsHandle 3360 -prefMapHandle 3356 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92bc48a0-401d-4dd9-ae3a-7bcd27036a5b} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" tab
      4⤵
      PID:6932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 2 -isForBrowser -prefsHandle 2668 -prefMapHandle 3040 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {013f7b8b-6bb0-47c8-afb8-0445d9585aa4} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" tab
      4⤵
      PID:7100
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4724 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6877762-8599-4f24-abb9-4b8ca98c57a2} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" utility
      4⤵
      Checks processor information in registry
      PID:7640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 3 -isForBrowser -prefsHandle 5196 -prefMapHandle 3200 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d2cce28-d838-4762-b3a5-76fddad1b2bf} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" tab
      4⤵
      PID:7256
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5664 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5736 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b5dd40a-28dd-4655-b273-8ed56a8a23e9} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" tab
      4⤵
      PID:7244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5844 -childID 5 -isForBrowser -prefsHandle 5924 -prefMapHandle 5920 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1064 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa51a2d5-0430-4d0b-bf1c-81403582a3f5} 6052 "\\.\pipe\gecko-crash-server-pipe.6052" tab
      4⤵
      PID:7268

C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe
"C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstaller.exe" -ServerName:App.AppX9rwyqtrq9gw3wnmrap9a412nsc7145qh.mca
1⤵
- Modifies registry class
PID:7208

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
  2⤵
  PID:8000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36cd3cb8,0x7ffb36cd3cc8,0x7ffb36cd3cd8
    3⤵
    PID:8128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
152KB

MD5
4521b6fb0d76ba6fbde6dacf5a6a2a51

SHA1
8ffdc57f21502f0164760f9e2bf4dc10bb3fb43b

SHA256
4f9e8f4c4e21819683335f73bd1e7d2b3afaa30d3449508472294885afe8f0d4

SHA512
13819a3a6357cd44717fe768154f8117115b22043e9ddf024b5b7ebc5ca427d733261e0a0aa0237be54dda49fd3010853b1692dfb74fe42695d201cfddeff552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
62KB

MD5
fdd3922edde39c73dc37b568650e47d2

SHA1
1566ef03ec365d9d7e4ac9fc9cbb4e5609b9b976

SHA256
d464beb2c15b29d24af42a7cf74db9539652dba74de861feb169145b5589a3ad

SHA512
b3c7e48d1bdf62d8436ff428af14155a5c2e834ffec8003e9457fc1458cd77b7474210edbb5f57eb838723844f6139b3c523d3a9d1d4f525aa067bbccb9e146a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
31KB

MD5
a4da976dde535a4f11ff4c9d57a8a56c

SHA1
fc4c29049db6d81135507dc3736cb638340f55aa

SHA256
6b85680498d0061e6b748f0fd9c904c74eb9f265f7d6ff6b33a37a0656164bf9

SHA512
e3db7eb080a2c927ec3a223d16d818cc76f9da51525a91b8eb3cc9e15106e2939ef6d550121b8cdf76d38c001971662d833d70a269ccf35d36278d25cf42aa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
33KB

MD5
cc2e6953d595023c605b47cb60bd9382

SHA1
8a4031b268b68af53edcf43dc9eb23ea3b60ee06

SHA256
ba3d82ee0980960af3839e8093b1d92a88f2e61184eadb933b8d79296e54bf07

SHA512
1e1008b6032ae95ea1559ab0e3f0d070630313fae0a378c45127f3f08ca17350aebed73857219dfd4e6505e2f2482509372477ebf06078a98b9226de561819fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
251KB

MD5
ee71fa6ca71c1303c101fc1ea5968e5f

SHA1
682555a18800867f263d0417b26500d844df4463

SHA256
6f8ba0839386566477b9414545bfb55098a77251117fb44409aa49619197277f

SHA512
541974889028142a90f36e2eeb18c628e7d9cbda6833822f6f58c5fd69a8b0c966b5c89d52e37d9a55c4a065b3c666fa85cd7348172d94d5b22d4fcf05dc3516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e98c4c1271cf5686_0

Filesize
44KB

MD5
efac34d60421c4600e06f3723dd0e556

SHA1
4a96b8ea9ada44da9fa7ed8721d9b7e5a1e05fc0

SHA256
94f1ea23afa38b90563c6a1b0a085041d823496e8eb37f72d59626ce67c4589b

SHA512
22711f80db97e056f879b714a3619d3dc84df088eac7ee0fc79aa7b245c9ddf604571ae5aab3b2bb075bed0ee40b7bb0d09e7e350cc3a8fad52645d09c7f3bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ac4ba57d3c8edde9cb1276e6f3d28699

SHA1
f38c718bf48493f25be86275f7ba532ea45e65fe

SHA256
33cb95f8b98f88f09028b07010bd1fcce5bfe5e454b545c1eb101dfc34700248

SHA512
ea6d5f40db01e3ed7709ae862ae593748dc4edf952f380aefe39f79ebbd7a6b7a801a98f99d7aa22dd2388e04321861abf260759cc90f8d9a998600127a389d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c9cbe45e1078fd0054b743a1e7869f5a

SHA1
6e4f15bd7911a74a7a434dd442c11d6e0c78f05a

SHA256
1aa8dad22d3c9aff90645faca0d665694c5853a3b6efe7b316519bfe3e005448

SHA512
1d53ffa865ccd8b0d0b842e9c2e3bbe76f99633f6ce23d762acf385cbadb2a0780935a4276b70c88b61f72c96a4769339431177441ebf7c0728b7b7f62f9ab87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
2323555b65319694f016eab093c22fe0

SHA1
2d72f2575d6d186850b24cc0a834c33462d715a0

SHA256
402960e6ad830e487ddff6a87e8f8b3d41550af00922a0d6dbd460aa1b104d7e

SHA512
9f3af24541b9bd30de3adb47c67970cb614119da588618c3f8cb5301abe74ce802249d929a59919be07e795d284e45ba91010e447b35a20318ca2aaa48740da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aab54550d68c90443867cc80a93585f1

SHA1
885f501cbf57160cfa8d04f307dbe903d0c8f782

SHA256
785594ed7e0c7ae8f645680da0341da8a2692d7505b64c0d5b61dde3cd9be586

SHA512
6bff723aa841edd1188ed9b1ae688bcf0e646a62bf357935d34226980dd6cd6788ccd50157303ea25eaa653d2367e802bd7d507d6a0b77dfd2beac00dd1805ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
ea79f56941e651452703bc1e071f82ea

SHA1
df163ee583217aa12ba2f3d4fb4a0d36f4b9b341

SHA256
816017ef1b92974608168de0f8e612d97fce83b738fbc426048dfca38512afa3

SHA512
71bf9a632677f12ac4ffec2c002665398e1137192abdaf42c9062ff0ddd68d26566d87dc92761a72e3fc5f631358cb8e3f3cdc48e567472fe0c7c1241b974c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
915fc3a913bb56f5d4b00b0491256922

SHA1
8af87a8bf750134071a8ad8cd2e74b2a68184a8f

SHA256
ca948d71d6a5006b85edfe8d89b2a72e4749c66918001f641570b1bcac522e63

SHA512
41620f26affb0eddb009a58542422a29d34a1402ef70fd729915e213a3de1aec0f778def9af1aaacfa92e622279b33534695d49d5d571f1c850807d735b3c321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
b41232553f8248f380f984a9976d184d

SHA1
70b5f0e96bea74e7bb2b3a22c02023f14fd3d51a

SHA256
3681bd1a9d6c16529de0d963b12392165b426243e4caef8c4fa4d4412c126371

SHA512
94c2d4a2a5c16c3d5a162cd07fc5129f63a533fd0ebd4589726f4dd2977e55ef2a71a658fdf4c994a0712b553348ca0a44c5dd59b2a49e24ada0c3150799a5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7c6892d234c4193f22c8933d6f84c96

SHA1
77d992efcde5caed4e7e3931579d8ab73aa489b5

SHA256
a97bd830af156b9420dd4aaef811d9ca5efac9a12f4ba11190612da25dbaea0e

SHA512
0c0fb01a7d16a4e1b11ce8e1d006275aeec4c8b7187c4c23b2c3bfd992033e2fc97a6eeca21fa91e49efe149e890af771c71922e5c95f5858908ba7581a9ca77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
74933f0ce235b97d189ed6a2331690b3

SHA1
4972ea4a854d8000e34046c2d398c4a68ee5c7fd

SHA256
764042541b74774bad50be5e22b912a983ab9facb2381ff8842156afbf0f57c6

SHA512
bc8b70b5e173cf446b037bab784ddb9cb39857a6550c8a6f94fe0eb5ba5645f334acfc4fc1d07585c5c65df360f8723b9247e4e6beaf8c3b5397351846b36928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
87ac3c4d8ee533c16cc1c618797ee11b

SHA1
3faab138037c949ec37d96f936574bf5092bd224

SHA256
a6d676848b6581c924f1d12bd253c1b54389ce995f21f596fd4b8026270c7fd7

SHA512
bc93d8479b1610feffdd1194a63f205bba63c7aea28f066e1e13d15b3f444b38b9032f1a6fbef6fe8efb645bfc8525b5fd669190cb0de5d888f602ae0b27a910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4b5c582c9680fc3d15b0c0ef45322b1e

SHA1
b9e215eb54e5846e048d7e832f7605dca1f18a27

SHA256
af37a7d07c3155d44898aca1a57f7382bff3c8012a9cd7d02b32b15774d0c3be

SHA512
c06998905e22c98705e2244949c1a16f6676f3f13f0fea9086f3ad5c3d8a6cae59a4848bf3fd0a06b6f2b8c0880f4554e3895767755955d372bdae1d2fe1c0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
85dd99a11ef896c8276fa1caefd0ad6d

SHA1
2a6b8c98aff450583b0fdcc706af2c368d17de83

SHA256
2bc7fa8ecb4a683fd96c8ada02837400a3e280949017f74c71f67655c24e77de

SHA512
a8d95856036463c8d7330bf1693698bb36020edae9dcb86390e4133c3fd3aac317c501e24b2964d6dca7acabde6849373d79a892328c3ba60e4c8a37d97edac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3c01b6bd7c4b96e3b0abf471e7c75788

SHA1
d7d5cfde5423c64a3e425e17f442614809d004b0

SHA256
6cfb12c293288148e4e03ae4ff162a837399a20136a40456e2158002cc22edb2

SHA512
8c9e4cdf04de9754d9b26a456db573dbf38e4cb4fd75bbcbafd3125d1bae4544521fb3ee4e2147875f6930b4b402eb6cb24364fb81615052c365172319c354ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
fdba83eedc85c52e79d639456b04ee3b

SHA1
ca22a40b090d5d2f23bc42ea943eb7899d126d38

SHA256
ea3eeb20d6310cc8f7620796c65b934fbef611e7ae1183586bfea7421f9e2404

SHA512
58365a365cbff4d723e3d5ba1f7c4cb396bd7b43de4f8c7c9c7fea78d346aeefffb5c75e97fea3e22490dd1181e650aa8022eb8cfb6e575b9a06706d82c6aca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
820169a3973a5839f106fd535c913691

SHA1
963b5854fd7e6ded122a75292d5614abfe864e0a

SHA256
3f1ce2575cf0986d91a99a8dea5872318f175f9be5539b08f766b1ee599f96b0

SHA512
92b53a16598cb1b9cfd199af9b1ed616e5ebc046805eecfec543719727305e821e0d7ad8c80c48a002155355ca5fa97ea336ba4b9e429c4471f6926424921189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ae2d.TMP

Filesize
1KB

MD5
53040e4de6c0138c9fb4a3249e5e700e

SHA1
af5c03498a4d1e9fbbe57d2905c436e036208336

SHA256
9c18daaee75728b0cf5242c9c97e922661c7931b4e74301032430d39f745690c

SHA512
66b4f2aeccc0601dd4a881fc7f577f5b28f72680d8c22bb7e98310e3792881570d922f0699d7478268c2075c7dfd289a2ff0cee7e5b88037f4fb84f9bd289204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1a83d71a4203ea48f3ffa51d6fcaaee9

SHA1
a449cf12c104987a7f41a6e1c28c8d018d74b6cc

SHA256
2e1a2312d0e60dc95f8e5b75c8c70ff89854597e59e286f6b42a07af49bfa9fe

SHA512
8606c6aa5d3d67e6ebbfa1a47fbd03da524042614e70a31bc55348921cb5486178de7221b69047ead4c57012c111c0b029fb03303bb66acbaf8e27e79990f387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
30ce9ae348a6c3ca19bb02e9bfd8fe82

SHA1
00b3a4b4446b3e62812cac0f4770b56e9587b5e4

SHA256
18d46eda9d251c5ea7a7a217863b13426fcdd9984f764eb53744949b07a6f586

SHA512
8997edfdddf439cd8d25f412af3ff53556323a746483f7979baf2a69183584c8877ea38acba46e23a4fc7de38a363cc0169b42905bbb8ed3d7d57b8b3f043769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4570ddeb6fe96c4845be2412f6b01106

SHA1
e9249084cd5a43dce893793b01e5e9ae132b8138

SHA256
b4948aa49901f970aaab18d6602f5ea2f5acdd11fafb9a4ea6132c921818986d

SHA512
4837f58273ac3798682ac73ae170f8f2cd7c5f70ba3a771295b51de3f97b6feff812e85931f3f1ffb96f8c0223dd5afc60fa632eeef63845c609971f1eac52a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\o7bdpohx.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
1a4c192c1060a88d80fb00f1e0e2c1ff

SHA1
2ae31588df666e36d2677417681c55d87664e39c

SHA256
0b6de8472e1d0d7f95e79228fbc1ba74133891a87c0739cc57ef2288051b6286

SHA512
bc18db8f1f52b02ae8e061fe2fd2c637ed23aa2994e1bab7483456de71d10b92187ebcacb7c4e8c23f0a6f8f00658050e56bc322454162072c1c9a829b2e41c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
4d49028d9481702752bb1202a018d79f

SHA1
d8c70c53d70648b47a1c822a1596484c6f16894f

SHA256
3eb0fb35e59708f2a32a9a8bb9973ca12d1f45fecacbbaf79db4e967eebadc89

SHA512
51829a0901daab82b799a8d074c968496e10eebb28a69e669886ba26bde229c1733c37392bc0a232d6d20e8277e60dd229488430d57675bbbedf18dd4da3b8e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
6b7fa9226a00db31c65d168b63211b60

SHA1
5736d6750fffc30736bec14518cc53cf671fcd10

SHA256
d851a2fbff63e2ad5fae260c5abfc605cf988b17a3a63252487ac59fe38fe454

SHA512
068fac2ebb7fcb98783d6cb3b24bb1d2c83d3d175b3019d2bf02204ea804b1f721dcc2744622f70bbaf5f7defa727f50e0128f62947ae02d11aee2cc5cfbb85f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
64e80d5b15d31fe60a2087b8fe900916

SHA1
9968a190409f68280e7940871c309f3ded8e465a

SHA256
46d09b17ff4b47baa05ed921e4e2b9514df5578f81f7de09662088ce34d499b6

SHA512
dbd888d5730b24ddf4cc498420a37a18a9323f9de721407f7fa5818cc93b4299d7937e0ab6cd5430aca228ca4251b08b717ad70102e3188b73a4f29eb4e25561

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
31c6c819a61f5f01ed169f218da2b3c9

SHA1
d793b36300a76410705f8634d18c319956b57a2f

SHA256
d45df714a1da4b50fccee56b58226e982735b30941dad8b9a22db8c225048260

SHA512
0baafc61f56c0642d378655ae17541ad17db6b80e36005bec8a4bfc7093e444e491d3577a287263d3f5e80e8abe8c2d779e7520a80c1a325233a759da8959189

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt

Filesize
917B

MD5
87e0daeae601a0d8e93551278e4458e1

SHA1
dc46bdadc201d8b155b4ff0ca2b8ef362bf5acc1

SHA256
49b1659536d47d103c23aa34220a43dad9012a885c91eaf2878bdf7a499b7477

SHA512
60393c21f1ab3ee5fb4beeefbbf083941c1d4264b3327de170206ff27054dd35ca076413a334553f20f23b32bdde952128614c2455c0772bd94169e8b3696e0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\AlternateServices.bin

Filesize
6KB

MD5
74c3debae0df89d13bbf200bb577f4b8

SHA1
8f9c64ac2977eabdc1ca353a0871fc14e876cd1a

SHA256
ae10fde268fbbb7917d82113ebf35545ae8767a0667307f889df0c725e25a582

SHA512
1d9abcbd7d85678dcdc1c3ed50a8773f1b693d9c3ae60daba83d320b32121e8a3b1b8e32a2aadb2f27dc93d65f83fea5c74f7a8cc1a2fdad3e798a3a535f1482

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
937a634545742ce9db04cc1c6361a1ce

SHA1
6ab832060d1bbc2acf5e125df67bc3e27f666460

SHA256
f8672259b2d3a11774e03eccc1c8d34bc38c3af74357ee31b39b73a2dbfb4f8b

SHA512
73254d53195f27f9ba664ea696df02a274c615b701ccabdb6679fdbe1c6ebe9295853fcb361e21c3f1fb26b8c9b2056ff2aaff92ee57fc78d1847274bfea5d90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\53be3baf-98c4-4172-88a6-5958116d342c

Filesize
671B

MD5
036e6d6a3c3d26afe201e18866b85d02

SHA1
9753c6cf1c228eb155361a13b32ecb6ccfc8dab1

SHA256
40665fec2befac422fe837f98d1465896eeb6f8a32bf6b2e2da797b59eabd5cc

SHA512
4b9f543522f2cbe845bad2ffb0f448bda5055ff7780c8fb4ec64ea317dfbfc40e69bd7190e46bde791a9eadd23f9f05022f1e98757eec51d2a421311a6697432

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\7fbe948c-b48a-4751-be41-e1150b1a042c

Filesize
982B

MD5
a801bc2e1236620b8291176ef800b9f0

SHA1
29c3d8f6f3e2661821f4692b38904123882f0ea7

SHA256
bd29557a040a2af6774a5f5db6b1c1bab9005852f88c33ef4235229f6321d4f1

SHA512
d40313c30ad1174c8d10cb76717a8abd4f689edbaadcac83cb14620a6bd488b3bcde11eba8a01beb510764d48fe48f2a5c469a48651eb6f619ac8d3fccce08df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\datareporting\glean\pending_pings\aabd3433-2e68-4158-bf38-e0b4f4838ddb

Filesize
24KB

MD5
abf773ada851461dc6d0d31866fe1ac6

SHA1
901698813777278280bc01b4829891b3dcc08ecb

SHA256
bf9e129c8a1c686de803a1afa36b2b5b7c442f1c12ee5986a97bc2cd3cc2109e

SHA512
39a50f34ec7020c22e6af2c5ad33037d19b290f79d677a877db2dde2f94df272c795b7ae1b1118e0ad95f8c331e285f4afac2bb8f77d6919a434c85413ff95ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs-1.js

Filesize
10KB

MD5
223e859590d40e67c476ea83c9268089

SHA1
a5417407ec6fa3c74b7b7ed4439a321caf81ca6e

SHA256
acb40757cd9ec04ae82e3dcb6c355e396208dbdceed41879ba3a60b8ae72a200

SHA512
2d09a5a054b0ce62b54ab7e91c555dab50620016ba1e6d426382670c7edf2ce2fe876993de4de128cff4e54888f64beeceb65aef5b4c12083aaed28713fc716c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
4aed6301147e18d4b8ec20d21c7911bc

SHA1
9e63df87b21950e981e1033c8a3a122049209dee

SHA256
10bec0628cc371ce3746ec91932406c7ebc241f87c132dc3d9847aa07d103064

SHA512
c1e956275c36073c4511d3b3b332cde35b7dcb9b5afef621fd97a155c5d14e5205bc2397a5ca482da58e79d1bbde2417298566a181d7eb00f3c0635c3018c645

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\o7bdpohx.default-release\prefs.js

Filesize
10KB

MD5
fd8c60ab0ff1a3c6dce1292bd49422b0

SHA1
7ead074a8c9a99988746a10a4ecd53e1fecf0f57

SHA256
2ef7449bba85a131e8d50072de4f59ebd22d112449d0b799496f7769bca6b85d

SHA512
a06a8ebfbd1b5d7f571073b8eadf98b8405af4b6d9ac6822d4066f2eec029b6d4a5110cb6a4f91db3b8579420fecc0789ad3e0144e4c9699af391fc03d43f3d5

Download Submit
C:\Users\Admin\Downloads\Microsoft.MSPaint_2024.2405.19017.0_neutral___8wekyb3d8bbwe.AppxBundle:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit