hxxp://Discord[.]com

Analysis

max time kernel
361s
max time network
362s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Discord.com

Score

7^/10

discovery motw phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	discord.com
14	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
338	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1045960512-3948844814-3059691613-1000\{64A38086-3E9D-478A-B925-E2F3541C8E57}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
464	msedge.exe
464	msedge.exe
3660	identity_helper.exe
3660	identity_helper.exe
4964	msedge.exe
4964	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
5808	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2684	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 1144	464	msedge.exe	83
PID 464 wrote to memory of 1144	464	msedge.exe	83
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4936	464	msedge.exe	84
PID 464 wrote to memory of 4052	464	msedge.exe	85
PID 464 wrote to memory of 4052	464	msedge.exe	85
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86
PID 464 wrote to memory of 4912	464	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Discord.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2296 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9280 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9276 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1
  2⤵
  PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10500 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10636 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11140 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11404 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11580 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11716 /prefetch:1
  2⤵
  PID:6260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17244435290395909780,8573774167949687896,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:6568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\41ce1e9d-3ab3-45a8-82e8-cb840fe89eff.tmp

Filesize
1KB

MD5
c5e2debcbae7df930176ffb91128e315

SHA1
95fa35a0937b7e59436b4c72c27521b9b480bf4d

SHA256
b64a936b2ece2c7a2e7dffdc7eca81efa09ce86d66bf73244800a5ece779dff8

SHA512
ada46f8c71062402feb6fe2f88e386c240f768af34f3f23bbea2c5d0fb3cc1bbfd5272c8b26503c183a81bd253d2fe4be985e69e2c05d764a043e2fbaf2c8a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
19KB

MD5
c1edb5509c5a03af3045a88dff8f4a95

SHA1
50216552b8895e6a78ac8498615b14fff1bb0f65

SHA256
b790c237875e1b38a162087c219973314cbf4cb508c044c17174b6203bd999d4

SHA512
6d496ba88b139dd3576ae055e0d1fdc824ff6c754782b1b1c0b8364c61a3e6720dc570670b022ab1edff5fa524ec66a57d5f5a0af82075cb4fb231c9b88d72c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
79KB

MD5
23840ace6867efa6e31209f8588b39d3

SHA1
398e6a2f591522001235216005e2a1dfec193602

SHA256
e789d7c8a320ee0e5a41107e06ec9355f48998232655210f2ecd43161f3b8264

SHA512
5137d958cc1d9bc86776e5103301d049be59821e77310bb810f56870a78ccaa330a9cc9a0a7d9cf08d465da88eb41de8a25d214f23fdb7405ada7402b5213ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
52KB

MD5
d0113ca8f3f2b4c34af2bf44759fa03f

SHA1
a89bf8da9c1e22e2189b63798222fce20947b27f

SHA256
ec3e0b779ba073d336ef34cfaf37be52a905397adb7a42d967dfd105e3fb1eb5

SHA512
b0192240edfa0289006032c83d0dfd53cfd688c926266daeed83f2bffab86c4883c9f7b7fc8829156e945f384293dc68b85a455ae2ef1369fa9f6348b90e5a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
67KB

MD5
ce58019b091dbdb1895be63d765b1177

SHA1
37a38458a92835c43b270069c0629c6975b2ba69

SHA256
8defb86fd585d1e578370bac22698f0de49d509d7398a0e83fbae7a9d11e0fcf

SHA512
36be843dd5630cf0c76219459b2ff946fa91ab90be31e3ac62452642a79a062b9d7aaae14a0ad8fd92b1a6d468394f1aa8bfe45f262f33e34048b46e046a1b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
20KB

MD5
fa4cc25f0f72ac052e9413b46705327a

SHA1
72127f17a73fdeaf1d867ff721f8115e90d82e8b

SHA256
62215bb3463a1bdbeab484739c056495d60f9e6feab8e3974cde6bf69504f05e

SHA512
b33ebe5aad7802e7aadf31bc490bb697a7a941c4ec9a03c211b42bf54403f05dba02fdbe42bd7c28a27e309c868f4d74c060840a4aefdff57ac9c5c2cb66921c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
35KB

MD5
7c702451150c376ff54a34249bceb819

SHA1
3ab4dc2f57c0fd141456c1cbe24f112adf3710e2

SHA256
77d21084014dcb10980c296e583371786b3886f5814d8357127f36f8c6045583

SHA512
9f1a79e93775dc5bd4aa9749387d5fa8ef55037ccda425039fe68a5634bb682656a9ed4b6940e15226f370e0111878ecd6ec357d55c4720f97a97e58ece78d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
20KB

MD5
e92faff58b6be9dba9bc283c4f4c8513

SHA1
49588273a413dffd248cd35dd191189ed2c2343c

SHA256
8c6c6736f4650f9bf7af6fe14128a3d173816f3dee2e02c5552240c04852b691

SHA512
52ddb77b600f519eed2343d528b9c9bc03585c82edaa91c63e8850d19be23c2f645bc8faea19c3d75ccffb30e4e69a3605883106fb1783346a8883465051643e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
31KB

MD5
f675a86adbc3b4e856a4aba4875c52b3

SHA1
7284a3559cb65d5777d30ad2f3a7f073d27b4b93

SHA256
9abfbf98fe0bbbb37522e35c584145141f7893934fbb5c966129ce278817987b

SHA512
f3c08f9206dea9fb847e2b4401ee78a6fe9d7cb1eca1c5ad5f733dab564c0adcec86a0d9d6bc2e8bad907a87d31d0c77f742a3f6b29ff946341d1b768bc9fb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
59KB

MD5
006314cb652c33eb3ecb7cc9b385f95a

SHA1
8806fdc87c5b1ad41a10c71e2f7d56764d060fcb

SHA256
5204048fba8f69622f37a504b93e5500418f3a4146327d7e8f01143f0e6a6119

SHA512
0867df323018e0303a0978541e8da925e9fa9d69c9153765abff40684598c988b8b410f40ca84e64ebcde0f889d7b32285ae79a8fb7167a3b36901d172a76318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
735KB

MD5
8f52cd2791679ea36f9e51b0bd3531b6

SHA1
d6bdd188012c1b1c10a632a9341294bbd1947974

SHA256
7cd9621446b31bf5bb83846d1bd5bcfc36480e8c7523ed434d6ce3681c02718e

SHA512
20b543874abbd672313c067205b5264d9532f26ef268a013af589d04aa5789093289370536956e909686904c68f25dddcbcc068156b6bb05098058257db2c9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70de4bf191ba3788_0

Filesize
322B

MD5
0cc1d42d7ec26af43251f09565236d61

SHA1
e3aa1d97573860587ff7dfce50c9eeda3c89abd0

SHA256
acf0e5208b41acd6c81baec60f61fcd94bfbbb8b5e1fa6d184afe3bdcccd0302

SHA512
5778eddb3e2b4a423d28d6edbbc10eccfc678e8d2de814e8e059c19a03d5222eca400b0a3effa4ef5fa0a670a9e5d6ab78849d8ddd8e64b367f9ee8bc1d6d32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc69bdc5bb869142_0

Filesize
55KB

MD5
78e3a7833e55ef0422d33ad12b406437

SHA1
8a781621a233d788d2727cfdffde31e1167d7b70

SHA256
bfe22a2cd477113581109470fe472b5b6ba14b8b8b247c1eb141eca9866c01a2

SHA512
2de9380ec90963c343f04154c1677084a73b53e97cb52f02d2bcedc01fa1e17155b8b484b691af2723baa2f9698142a6164c334c8c75e8cc38b243ac3d9cac5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc69bdc5bb869142_0

Filesize
55KB

MD5
ab9bb74f3236c0938510cb4b243249a5

SHA1
706ab8a4b184813acf419139eb53fdd1d74a767f

SHA256
28f3d63e00b71dd643d3a9f34012111f771e09fd08c21fbd69348c143579ae43

SHA512
0b35453208028063e0cb9b629368d4b797f946fb1f77e4f12c59ee2ebd73953b548341818ae6e4233508a05d2187744ccc1c7b210710b2b06e8e3de6034fcccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb6532d66dc7869_0

Filesize
66KB

MD5
d4ef43ccdd538764b13770d9b58a541f

SHA1
2b3368fbfa9d46e0078e880e0140da7aa10411fc

SHA256
fc6e8de8f4e084804bc1b7b7bac4dafebcf24ad10b428662917fdbb2f86eb2d6

SHA512
26a871fe3be7aaf9aeb740404cddc6ba4bae6b120b3ebc7c56e15804805edf3afe4735d589300beef240b057a759f5ebf7377ca1992a6ca5e6db5361848dc50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
65fa049e9a064c741d13f8a6a9ddf572

SHA1
cb802c53bcd5130c2e98c6c7cee88d347ad7a1fd

SHA256
a78c83f287a4afbbde183b5af831ed0cb73deab5c84615ed41ebcbdb08f9f85f

SHA512
3e4092b00b0d7fc760cb4e719f99cc7b89a911165196c2d9172cc6dbb333544df0136ed100066e2274959282b3db5bf435f888bcee0bff6d9e7db08e25410bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2465839c221e2a1a31100c62df1ea8e5

SHA1
a3ea86b52b6382df3c102b46ac80217794d65787

SHA256
62324572e20e57ade44e1b404b974fa862984c33f8799e732f6048cf07e29ec5

SHA512
e07b222eba82d45c0deb3716103ef02389be205db070bf81e4699412de8aff49145514d129c6f880321d6a08247341343864029c87f8007205eec5119e26918b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1e28506d1fa8c8c91cb3e19fbf11ec47

SHA1
5b2a9377406f1dc58b3c80c9224c599e661c664a

SHA256
4c6fe463ab93c9c65a47d99567d1623bf960c2daccaf3e7d88991d29f3f77c17

SHA512
068234466df812ffe282a99c6569e3dd4a2aff8a092f14cc77fedfa3c1138a2373f5ce735f0232216f242d11665aa2de8448a8168a1e870eda8bcb75db316b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7bd7d931385a1cd577d6fc9034a62f35

SHA1
bd9d961885b414f77fbaaea59c496403d8cd40a9

SHA256
774abd741685abd3cdf1a24ddc296cb3368eb11d1d105a397cfc325d1728f86d

SHA512
f1e488ef6c38fdd474ae764de30033a6ca8846d61df76ef4815ecf183677089db71844efee0f3e1ec3c0181d5c534a3cdaf49a63f3f338692b4bf99c3736fecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4ca193d40fbdbc504a08fbe227a97a06

SHA1
ac04f738670af99c9842f7b64473c0a4521b8ab1

SHA256
96be75b0e760daab74e01a995b44b9488f0e0c738732888e1433cc6e7eb3921d

SHA512
54010703b648be28cd8c77bf493a8a93ff81a7444425122d0274061c198c201e8cad12fe3d2970e9911ef18dc730d2c8db3e6f0dd04220843905d83faba1c6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8fd48ab2be7cdd8bd9c78ee5d836a8fb

SHA1
e4a77a0e1f75552102199c8035fc993a9a26350c

SHA256
a81028d348bd7fb3fe5d03a9c8579e3538f81d9dfa0730be3914fff8066c3dbf

SHA512
90cebb1c4f63baae25cf4ef2ff30d977b9aa45a9c8bd3b2a918d8cd7e675776314d2afa6ff95a0f15b68259527d8885efd28f4e82c0dba2651a60ccd107857a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
5906d01613b1151bce0cd21787daad39

SHA1
3edcb82e8754d1ac0312351c045543324ffdc877

SHA256
801e9f019d92720910f7fa4012135687c87d754fa943e338e1cf28d68ce2514a

SHA512
99a6672d5d3a9439a8d0db1e151afd5e534ed2b80ead6768f7c9f067f54d403569d0c3130e7d0cc2ef6047091264329b3212f83fa0b421a565fc826c35017293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2688fd0c62d1d7f5ff4365ab116138e9

SHA1
9da5ff230692f0b77b4cbd7005bcf2f7ac84e395

SHA256
295e3bfdcf9c443637b4a2b02fecc8eb9166b5bf4b0bf1cf26cb66e92b8f1478

SHA512
e4a9e19604290018ae5b00051681e3826da480384fc0c6091506b033d6731a05602b53811324d3b933b08e31d85186a9cd8aa3bec4dc28f7372f5db6e4a534e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2129f8334ea0fcf962e6360802cace8f

SHA1
3b6e4d4defc7a04297446e8db157d5e116be682f

SHA256
19e02f2cb1d2ce4a7a191d49351895843a7052cc45bf27a60efa38dc413f94b8

SHA512
731af824fdf6dbb2c2a36cdcc4721454a09e9b9bc19c7756a456674c1fe1bd4ef655d337a2c2ebfd15006fd48d8ade73c3318206c599447e93e927d24286f1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
5611cb5be93d37ed4cb971d993ed39bb

SHA1
f29e881885f1100d58f140be120eb01f953ba68e

SHA256
3ad77062ed5e0ec48d730ca308cc764d896505a2c15dffd6c0dc9508d8e1c245

SHA512
f67277a8e19c7fb847e489b20971b7d36705b9c265c47b492d34b40d8295cd941624f960f349d81ad4c71e6a1aee5fb8a23a26325c65a06a05a6c6f6d49ff0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47ed8c9749fc5dabf137966fc8510ef5

SHA1
0aa940c0c7ca65815f8b0b6949d7ed5e98e4856b

SHA256
cf284abacd412ba5e5f4896b3733caac2097057d83e9f67b775f32c2dcfb4598

SHA512
bfa56eccb5963bd0386c429f76e262bfb41016a24af6a94d533f3be6a3d280fbe58db5e21113ca67a4c4052dd6f785afc15ff3eedd4a1619486fe5824a7bba75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
596c759ac8fe7be753c27c0dd83dfe0d

SHA1
4701ec68b7830dd0edfdca7f74f5e3de58babca3

SHA256
19c02dfe23944235405bba23302ee0cdff06a2d48a814e45b3be6003df5995c1

SHA512
689ca5a94212ccff604193ec7f429e0f28abbbc6662617432c6ef749c231882f323b147bbc81c4337570e3d2f2b285baa48eeb04b9b84cf85b3fb5269c0a5f7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f59001b2d1918c59e6d3d075a6cc87f0

SHA1
ee8e22022cfacd14e0635fe1337c8f881a3c90d2

SHA256
660a6a11752bb6f9eec69106be456e13df35ea7cb94cf84308de891268bd4926

SHA512
e46560313eaaf9718234f437d5bfe0d9185fd3fd0912596530f752f67f1c1fd3fb78c6013e704b095cf6ec9993937cdfd593b07ba667270a28a7f8e8f466450b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6eeedce1b8136ebeffccb3a3912dff2a

SHA1
fe8635f9d88fdea3554b1e54bf672c1083089c84

SHA256
473a2b977de5cf6a15041c9d99ac9c460f4640c58298aa14faeab01e705d3d3e

SHA512
a0739b47ec02a0aca52fb2e488f8f52a8a3e36fdcfef8bc14443d7f5229755438f8b5c980328e8c6d6b189126ddde6118f68bc2293b6d796ec05a11d57b3965e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5381798ae2379c449f5d54bfe0c0a890

SHA1
393f6b4e63eb0c0519218b35a7e66ea2579d5c3e

SHA256
13c119e2985c24559757768f4854480424249975c764379306ca49ba02306e72

SHA512
ad9037fff4346ce11bf82823c9c3f9742b76b443218996da4e146d0701ce9f192ec1c9933cf5fe90d6017df70ee4388f85784864f3b944fa1830d08870aaaf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
df368e4c679437fd638c82658c63868a

SHA1
973f177e5c6a47d15c1087944112cf6636c14a4a

SHA256
d853cff0e9f16d437b7693eab75e39cc37088475b5daaac07eb9b181a1411f3a

SHA512
02679cc3c66b482b23ceddd0cea0b7422802987172b3f5967a91328971a33a5f559b03f1a9d3ec32105e354fdc6a5366482eb385dca3360c123e6c7fe8cf77c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab8531d3b0786e397ac1a15d87a5d29e

SHA1
469d364de31ec0241670ee5c0b68786d3ab05cf1

SHA256
cf29740a991148edecc0301fa713d087264b2cdbb5be761e8beabba862c5426d

SHA512
c0e2c7ef5d664850df261fe4ef6d3a53b342f2e7bd8b104fd3ded4dde072d7cf56b4ad3e3d792a041eeb965af72d990e068761a551a69db947461988d62adbed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6fba066e7e86549e05adc01b4eb13e86

SHA1
ac30c4bfa472bf0a26901709e4d1a4372d752317

SHA256
92172e99d35483e9fd294687d6fd2c22382297dc8e15105d7fc79b821428a75e

SHA512
4e6a3df8813db073e82f038c11c88ad369e6740ed4fe23b95b50258deae43f9dc156a74536f62385c06349434d6ca6a262f89fdd5084386ad348276f6e0ad65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
672d7beaddfadf70acfbaf6742f1fbd7

SHA1
bbf9a127bdad1322b40deee913e9be0bbcebe78e

SHA256
5f030cd7f445632beca60d9497d8c108acc694cfb0397cdb10ccfc45c5fbc2b3

SHA512
24a7c0e617e78bd67423c72ead4a00c6176bb617bc9afa97d5d4d193c85bdcfdaf01140189ecc63ee41bd2f7e12e5dc7f33f28e1d8ecae5aa0f39da6ac986e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a880a92d84b872cb7d41c59c9059d982

SHA1
4b75a23f807c43604666b1c486ea86bc81e337a3

SHA256
ffc207df9d51ecf98acb6e9bfd686eb2d50187b1404f655f43a5a63774bfa204

SHA512
0ad069ff425f7eb1b6e4f389785145a6236db57bf2511b79c97c32059790607848f95a9a66dfae61d3bba935d7d0d1733e92c9ef36b241b7f8b9847a05fd5d61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8e8ab4a3a73bc5734b4943a1324df27a

SHA1
8c25ea28f5079cce741183b6ee63bbc845c2cb01

SHA256
74e51eb592fc6f7fc12bd272752d3a67bb1eb88ccab8aaca482497e74b027efe

SHA512
c2826d5013e7586da4e3c93a68d860ea4c1b2b0ab939641ff33745e1ca67ce02f1727679fca6a6ae92369e1d3cd5d3d77d9da34309a3d46ff5f546a5a6f2b301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4e0a8fc57b2e8371efad3bc00392e10f

SHA1
6388de27c1eb3a9468995beff37794e71f8843a3

SHA256
679aa6153e3531b9745c32d11088bdf57162ffd3a5a086502f00f1a7231883b9

SHA512
d2c9c55c32945e0aa3256d704b7550a7291c189ab7c3d5193ca3b3984d3bc901a75901295b6a83160f19b6f73d7cf9f4acee06604e580935dbbd9854dfa4dc98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4d3dbf990fa69dc0f73d299d8531540

SHA1
25c44630c56c97c257fb513e03ce7b4d5621c6fa

SHA256
6b1a3d0557a9e3275e192c45de19dd89cbc1a79abd3b0768514dffe98e3acfe0

SHA512
d95629a51e54b4ca377608397dea9403c1b7c88765b9e9db3ec50fba5aff416b2edfaf36b537676054210d06fdaee481aa8d5ce10d0c0865f57512d3e53cd008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c19d7b6fc9981e2d6c96e75fa79cc6f6

SHA1
bfe1d7a6cf018a3bbae26aa740a0a6de74c18db3

SHA256
4b8936305981f394673b294910bd738b9fd9240d671b55320b93ae3ff97d557b

SHA512
f2c554acc96ce49f8969b50d195ee7779161ab63632c0456ce55507d19a24b42db447d8398992a1d3d0c59c5207f455ee1d20cde097285403b9b890e028a7bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a35209683972f4c0141ff94a8e7637d5

SHA1
bc31264018933038abc471b6ae5e1ef7d1bd75b8

SHA256
7003d8f4d3350a50967a4dfcbcc39a6d926317bd0284f5e7cd61c6517fbfc473

SHA512
a033fc5afac44f603baaa93454769f3e6180e7e36943581edf6dfc7b80bcf11bd62dce2b786343d6281850b3aca110a85b8049ec2f423808691a71b2db52e17a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06fafa291f5ecc2c6751d01e4bdf5203

SHA1
caa0253a9405bc9e5353e94cbecaefc7575ce170

SHA256
50e227e1aac4eba3c7c2e116e71908d772846a843ab8887e970c3bfdd8125d81

SHA512
24331a527ef7cb1863beae9816a22addca34dbe97557c922f49988d5d066932321189c65bef07a8e191e84ef684c8930613aeddf9850909572f8cda1e56f243b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7b299af2a7c4a435c54e091d360349db

SHA1
934a75656946e1e5addb6dfea7e987b7ee96667e

SHA256
9884d05e257297cc870282549b9edea6fd34d65d4c044e7b1d418e1b91ae8b4d

SHA512
f9d5aa4ab87d52568331d552c68c513703d838c0f1a62709d121fd738d91543accff4d34e17770a3dfd79ea894ddf95a3d1ccb03a57e1a05ce4504c1fac41e27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
570826af6aff924f2d8f850cd592e578

SHA1
67f66cc71b9397f0c1472e7bca13712a6a1d5469

SHA256
935a0dd2d5ab393fc965022cc37e45e9208c31279469f7b1a50a737ba43589ed

SHA512
c1223cb7243155a98b39bc9d05003dd62a89209868a32515b44f291f3a9c2067fd41f1bf7b26962003b2ee2b90cf5f0ee20e55e3ab7e6d423e670b7ceaac19aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ee0fdc72ba0c03d37d3d4bffee56f6fc

SHA1
991c835101f01b9235631d55f4faadeb46b63466

SHA256
c5a0b8fbbca879250816296a6ee1b6ce7868fc72e751895a97a9911532dcd82e

SHA512
408369dd4d701230833d061c5bbaa430374d1f19636dd5b60085c85d97309fd28ddd8af0dc5a47b444aaf3c0bb21d21743b536aaee8c68db9e128c381e378cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7c0da06dcd51359054e8884e58154886

SHA1
49ee2e0c184ec1b8c62b9ea041868a603141013a

SHA256
b71d89f79e56678cca7ddb3cea41dec312b50221c8dd3161ec10d1ee8d1a52b4

SHA512
693691039d8cf79e1d25b89a13cae34d9e2feeab785b1a183cf98026e37865746069eed3e53da49d2fe1f66a656027c79e7115c1a07a59037a80459ddeb38e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4c322e588a20ac969f6ed9ec5d3e34f3

SHA1
dded89bc13278ee833864dc829af46acd0bba2ca

SHA256
e9c59ba36d925ee50d7775418170322becd0e66cdb492feb3795d6d2270a8284

SHA512
7b8cde2638c4f86bc48def06f7e28e11b1a7e21240dd5f562e12be0a0305a71f9b8642747c18001b90454931ceca8928ef281a50a0e00a9bf1d9f613f272d898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e8f8.TMP

Filesize
866B

MD5
172e380bef4c0914e09fc7922fc42f7a

SHA1
98cc433947083e05f05a3d0a8a04d48d4c517ec7

SHA256
ce2333ed20c8feeb46ca7b9d012857a353cb170274439e48f7f2a704b7d16920

SHA512
9d3ec1650f79206f6327a0d64a0419b1ac74a1d1755a77acce92dd39606afc957060c711aea354241260f12b7fd36deb9f50025cab500a5013922c2351033036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0dcf840638c05d6afff242ca8655ffd2

SHA1
209dea7e8ce72c178c6bf5effc2a3860292a128d

SHA256
dce2fe0285547dc5af29f01da2ca58e011750e39c5999054a7b41fa710a4d55c

SHA512
e02a2356187ab6b666df6f60e3557c2510067a080bf8c902071a454d30e23868d2a249aa916044bea4d63df20557508789aa31a4de3d475878752c5afaa4a411

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e763f8f914c1f94d9be5d0482d96f3ad

SHA1
c134e670e672617158975fbeac483e3eb842e66d

SHA256
fe9c9acbcd0a5b3c6f73ba806a1dd44bf5d8140985de1d860fb7f27ce1436cdd

SHA512
10b103af83fe29bfb34156c46b568b8ce4cc67b340e3615d9103fd4e0da342a56e5d2806adbd08458a20f2eb0817416fd405b2b6f3a7f464387796586318ecd1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5946ae905c85e00b9977cff668ec483c

SHA1
e9e65b4f98aa0bdd9d81600fbd375cf92bf1390e

SHA256
5930145000b2cd2b7f3b8483741ef980b938dad78f11bcfd434d39ac9625562c

SHA512
6b1383c295615b0cc8c86212ad4c9181e71fce7d240c5a81213804e4cf4f241c4a0b2473bace8425a7d82384aaf923d92979bbe26a57b4c8e3d93ac21266c2de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c40e708c039911d140fe9ca8fe8294cf

SHA1
931f4f0307ee3fb421dae8a8ac45b44cb1f4f340

SHA256
a0f1a5c73fd4cce7c5d421d6430ff744e94337fdf3d3e856f4bed4d6bbaf5e31

SHA512
5fc6e159c6f590f4a6d3949804637a955a569b5b2863f13f645a4a3748a28da8b0b8aee19e2a2ea41102c3676a2027f508d79fcb8006d8278fdfd68a37f441b4

Download Submit