wannacry | hxxp://Discord[.]com

Analysis

max time kernel
303s
max time network
307s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-12-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Discord.com

Score

10^/10

wannacry defense_evasion discovery execution impact motw phishing ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: 6633dd5dcff475e6fb744426_&@2x.png
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDF123.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDF139.tmp	WannaCry.EXE

Executes dropped EXE 8 IoCs

pid	Process
5804	WannaCry.EXE
2928	taskdl.exe
1492	@[email protected]
5528	@[email protected]
5796	taskhsvc.exe
1712	taskdl.exe
4472	taskse.exe
3272	@[email protected]

Loads dropped DLL 8 IoCs

pid	Process
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5248	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
507	raw.githubusercontent.com
1	discord.com
3	discord.com
4	camo.githubusercontent.com
9	discord.com
272	raw.githubusercontent.com
500	camo.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
209	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2410826464-2353372766-2364966905-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133790240803845579"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2410826464-2353372766-2364966905-1000\{B7D878C7-8CED-4EA9-A4B2-980842A4FFDE}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5992	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry.EXE:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5200	vlc.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
656	msedge.exe
656	msedge.exe
3520	identity_helper.exe
3520	identity_helper.exe
1544	msedge.exe
1544	msedge.exe
2440	msedge.exe
2440	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
5816	chrome.exe
5816	chrome.exe
5312	msedge.exe
5312	msedge.exe
3396	msedge.exe
3396	msedge.exe
1356	msedge.exe
1356	msedge.exe
748	identity_helper.exe
748	identity_helper.exe
5648	msedge.exe
5648	msedge.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe
5796	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5200	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	3744	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3744	AUDIODG.EXE
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe
Token: SeShutdownPrivilege	5816	chrome.exe
Token: SeCreatePagefilePrivilege	5816	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SendNotifyMessage 45 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5200	vlc.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
5816	chrome.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
5200	vlc.exe
1492	@[email protected]
1492	@[email protected]
5528	@[email protected]
5528	@[email protected]
3272	@[email protected]
3272	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 5556	656	msedge.exe	79
PID 656 wrote to memory of 5556	656	msedge.exe	79
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 3576	656	msedge.exe	80
PID 656 wrote to memory of 468	656	msedge.exe	81
PID 656 wrote to memory of 468	656	msedge.exe	81
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82
PID 656 wrote to memory of 4288	656	msedge.exe	82

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
5764	attrib.exe
4064	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Discord.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3d2e3cb8,0x7ffc3d2e3cc8,0x7ffc3d2e3cd8
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4140 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9744 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8040 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9820 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9824 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9452 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10028 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9676 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9292 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8524 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8368 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,3327865483786916652,17703720892670641114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1160 /prefetch:1
  2⤵
  PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:340

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004BC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3744

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopConvertTo.MOD"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5200

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\PopConvertTo.MOD"
1⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2b91cc40,0x7ffc2b91cc4c,0x7ffc2b91cc58
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1596,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1856 /prefetch:3
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1580 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3248,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,1481369969271698423,5564862614314105480,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:992

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc3d2e3cb8,0x7ffc3d2e3cc8,0x7ffc3d2e3cd8
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,12998076827842019552,15957614020250906675,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1236 /prefetch:8
  2⤵
  PID:4464
- C:\Users\Admin\Downloads\WannaCry.EXE
  "C:\Users\Admin\Downloads\WannaCry.EXE"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  PID:5804
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:5764
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:5248
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2928
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 253701734550530.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1796
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      System Location Discovery: System Language Discovery
      PID:432
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:4064
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1492
  - - C:\Users\Admin\Downloads\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5796
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3388
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5528
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1712
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4472
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3272
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qhvfvgsevfiqy755" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3308
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "qhvfvgsevfiqy755" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5572

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
585B

MD5
856d52d5308c9d6d9f8a8aafbbe23d5d

SHA1
62c32303be26837ac452fc492d60fa6e004446db

SHA256
b446e5df8ebbe5152e09f76459dcc1122364ddfbc2ee2429ee7c00a0f69921e4

SHA512
7ec71abb2c60a0572b8bfa4fdb79567f9bf4b48d58b75a9104c254c8599a5a6de11c6126258ae7418a75baa39b423bafa308e7e111768e5556dde5afbd4e07c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
da597c39d6057acd555512c212b478e7

SHA1
56ea9da48c0ccb5f5f45699b4a5c015a5c5b5b31

SHA256
fcac609bb9fc57cc2ef9772dc3cdc699ccd457c893fd3884e63537affe52a57c

SHA512
9cadeb211ce1a01b2f2be5f063d6bf82455df89972fe1ec221ac3abc01edcfa0bfb5b103b5c6954c925bd27568a954ed7b73b242f51cb84b3f2242e27156db78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a648970e13dbdab74c57341e5a772f5b

SHA1
82e73bfe519f5124452fb4fae60dae951b148788

SHA256
b8f744c07b0c9d87f5df56c9045acff5390626445f623aed065840b6bd8244bc

SHA512
4f06bfde891823e34e0fa8b446bffcc31efb52cf0bc5650210ce4036cfd0239718249cd1d60fd4716829e7f850d48584faf84db1ef7e0516a092a8a0c2c8aaf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b9fc6730c3c078897d14381be84f420e

SHA1
7193d187bd2bae34f2d72e6565f95c47ee2a12fc

SHA256
f0c9fa3f47a76f02b93f104f9b7691528b1d4f414efe821376a84221de76fec2

SHA512
de2e135b6e1b57b4bb34ca11ac94ac7eecb7506317c7636112282bc79353721d6ab23c2cbab7e3a90b357c55e4eeea927c908837b3916aee8614d0665f1bdd91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09bdfd438198e7c4a69f9743eda709ad

SHA1
0d24d4ec16121b8cbed0526bdf02731a143423f1

SHA256
caf6556ab845efee34827aa7f7856b3cf1389d3d21e47d43be283b8222093401

SHA512
4c1b9cfa00db61c45d5ce9babb6cba1890aee31fef85b41280841858e36d558a6f012f04b3a0e1d744facda0b5ff8d1fed02fb58e6b42f140bb23231bd62aa50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3648fac29fee202f1ad8a1d49dbff8a5

SHA1
959085bfdeb65c5c32c530e219a3c126efb65fb5

SHA256
6daaeee7f53f42e6c5a7b0d675fe05efedf85a07dbcd55fb8828db0c2f44902f

SHA512
2a05d1fc8484c5ba3f516c6b80eb6b2520cb4753b31ff300fee86e23412f4c9d17911faa6e7731b66011f89e620ee3a0badaf461be60b810398319dd89df6a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0d01e9ba2bc4d175e3ae3d028038e20

SHA1
2b283cd11988ff505c25e68e514c95fed1037ea4

SHA256
6cbdc3c97551dd3c8698e142694066d114149fd135cf3cd605d33726310410ae

SHA512
c707ba3d6f6667238ed3f0be6e1e9106637cadbe2b3f33b5ba6d7416b4864d59a4afbc8da725c0eb4c4e90acf9c8d4ef6a693a5aac8b4d1def3cd8e1bea1da50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
250756e4e62b9a72dab9e3ac50f3c603

SHA1
e7f91a1440e0fdecfb56d00ade179dde68d1f649

SHA256
5ebb58b5b57d697412f284b73a09645500e54b413ae6032bbac4dea27c2b451c

SHA512
6523e79e01635fb8566ea40f54bd9bcc94d397eaea23b338bc6738e4bcf928d1adb690b421438104d7edae537b6dca1a64a4c95a69679dae482c4dc8c65b17d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d8900832b802a2f4a4278ac13cecef6

SHA1
0e3e04b8d050d4d4b51e498cf4370e3147225706

SHA256
14b40869e06cb8f32495d12c78852c147b828a73907496c5f727b924843490a8

SHA512
91545dfa6522aa6f9ef04ea9cfd3e8254916148cb9ea63c715c0224a936822ca039781c23087f2013f459adfbf1b2fd4f854249dbbc50fe86cee4133264ef806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f28cdcc53465025f5a5204c4e2020f4f

SHA1
057f175379d4d363c1a33766d725861a36fefb3b

SHA256
ccbf82da5af6a8bffdee8da3f7fd8df9a41d3f61d02d11ead75b771f0a9caeb0

SHA512
6a635529f05c363bd5d46d9ddb96f6a6e3914b13ed4ea14f1e0fb26feec63375e42943a4e1f82657ad63c77f9a8d6d8ce3f26f2b4c919f626f9803efad8b0fb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
d2d37a3aa24ab3d9c6ddc2e41a986108

SHA1
b1eb8b953efd07af859bc3b6f27d7b526bb1284a

SHA256
04a7e106136e8885f1361060be4e41cc963e2af67fcd4e4f6ab249fcc580f13c

SHA512
01c7a51c42b94168942269a1c4644fdaa6def376e289797df9670a35a5beaf0ac6996e3eb6816672a39695396731448852e5b87fd4babc130c9df64b81846fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e7b0f4330041b173e959da5c94e21a62

SHA1
58866dbaa374c9fdf30d3208724591968a5a13b4

SHA256
5966fc57aa145ac0168ecf1a175065e595c3e55376341303287cd80dbca49c38

SHA512
71d582d25c8fa49f69dee81561279ead3a26536ab1dcbd8fe8583203416b3c45379783ff8e495ede9aaf1ddf384921ddd4b4e8475c8799c880cae1f999e52e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0864baffb2650857264fa33fa0dd59bc

SHA1
e67b0e38b64fbcd90b7d83c3c0260a6f2c501415

SHA256
cbd11507192daa9dc59a5842b0d83b1bd2f55ae2335523f3b0a3e2c1c9a4032a

SHA512
c6c51efd91ac3d542c0071aed78c8c332d555896740798569aebc6b0c266ef15d0d2e19acc7c1399255890a4122493b7f67bf0c637d74fbeda2fe3b4cde13f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b730e71d53558ae0f0be5e1d8691d82

SHA1
4266645fb7c9effc143a2de998cc0ff3cbc6fb23

SHA256
18b008a937e7a27532e1ae8860c031edb390299f476455e9b04fedf374dfaae5

SHA512
a98872c484470e991963c3d6976aacbe598324fa4ca723efabbe977b322c8b0c26a51a14899b6aa08b16970e91d2ece509982beca232cf13faf68b8e6fef5e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5921d5a3-4028-44c5-b6ce-4a2b0ea1f2ad.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
84KB

MD5
0fa11e4408de337b82fa2363478acc4b

SHA1
9898c89f86813cb75a7904fbacaec9dc45bb5759

SHA256
796fe2c0f2f89acbb452e32fd078827e7ed6af99f5b9ecd91358bbf5693ac7f3

SHA512
3faa835974c39be2d6d8559901eb23cd6fb4e70c296b162b6b2f05a2ae27933668c217cc1fd9f7a722bc662e8cfc4e8a82cf55642ef949ea428695eb12d4bdd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
184KB

MD5
eeb1e970362340a2d6e7abeeefbf6a15

SHA1
641b43e287ee7883985265cdddadf7f4d5ae77b7

SHA256
615452889df9ddbf53114b7b5e8051a8be2e392185429733a898fa13ceca49d3

SHA512
0e8702319a1607d66f22d0dfcb21bb0ae8fc9a70ab9580eddce94700d48ca87cf4a2eeae76d16ead4f25dca69aebf651a9304675a7f80b7853846a3f7a159326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
103KB

MD5
cca18e7c821bc54d22145024b8e28b9f

SHA1
87ebe490edd6b1f154e3e5a229bf19dbb057e431

SHA256
a779da3deba49f9966fa58efdb37812396ad841e3ac517d729f43e45550532b5

SHA512
5672fe00ebe913df9ce4e219ca6ab84804f9a6159ac6f58b7afa9fda08bc60a08f1db5567b024d4e9c2115a5676ca29dca1b6255557bbb37e8003d42cd45be0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
52KB

MD5
ec157282a8b0255b2f8f47a0101defe9

SHA1
28d6adfee0f7ade366554bd155f0d6c98b9b2b51

SHA256
f7d1a10832ebabfe2d92bdd368953827553e9f1ef5cba120b295a249f369e6c3

SHA512
9177206b42271e7fc126b61643bf1b35663abf9e9ecd514b1d6fe2876d0227d619af8e3c53ec8ccc3b86a10857fe9909673f179011f3b701baf0c11f6d778139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
22KB

MD5
58e193ad187d187d293c4070f93b878e

SHA1
1e8b34473b7824580f569349b5c44bd8f8f473a4

SHA256
647437298bc77a43491af37ca512beb342f21d056180fd414abb74977b010ecd

SHA512
9553bbe74166826a98891a54ed268dd72fe924a6db2745e034ab9883148e18c04f8f7d2e5500e104618f5ff9e69200e1952c7e602811339f022a17fd2ad6d718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
32KB

MD5
dab1897eec62a052c666d9dcac70159f

SHA1
98a55aad57e206bf115f86722fc8e3dbd8abe99e

SHA256
2d5919b3c23d1ff0c55e32bd01ddc5df028a606087c6461943da91e07a9ec16b

SHA512
6ea367d74d9f10fa6fadb3af5424ff7b53e1b47d24b83b3a25f988d8511094c872415822ea4b6998176e6c6cf36df027d549c8fa56f0df9b6ca8fd9e2874e89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
100KB

MD5
fade4efe2febc85030c02d4e2e372bbf

SHA1
5bb75313d733c41ac39e73617f7147cd005b5742

SHA256
442bbc1e227387c4b5c356075bf6f9b6bf84e6a033e08d5633e521f2fb957da6

SHA512
07d9e91ff437079d1f07cb7b196d285e8a14f2bac3f5433d75cbb2cdcefdc32e178368f7e56e12102934e055a127aaa3d072e73d447d8377a4f7c5944d602274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
84KB

MD5
ba5353e480e65a74f42d280aa855647f

SHA1
a6bca6a69502b8e90246a7fe8040446956285687

SHA256
7a979d7b03975183440e331ef91ade0b280c8d468e53c5ea2eab05bc8c3b2731

SHA512
8017b34e0624dcff8b2908ab6a90ad7d8a266900d0229cb94cb4e4b8fbbf55b5a3d4f7fccdefbb46052fed8457fac64d5d2a37fd64e6db51446072c161a9508e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
144KB

MD5
8dab59a18814173f6fa3cf8b7d61f661

SHA1
ca10bae3cf0b2f9da28c1272ad6e25b9d93fbf16

SHA256
4f7841ec1fb56850c2257efea5b8e0f6c357aa550f2325073b626bbf59e24d28

SHA512
cc18f9f29e12db6b1dd06212cc484a166514170773f274520fc01965292ea2faa0a9c5ecfcfcb643b12d00db9b693b3d3d35185e8893d98e9d6fa0dfec8be2e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
28KB

MD5
601c107eaaaacb1dcab4a9dbcd7af044

SHA1
be8f7bd39f58cf8ed8c130f4fa8a4d21ea7845d5

SHA256
c6850e18d9487817f5f4bcd6adc5bf3bd0318e2c23281fc1d473bd327dd3fec4

SHA512
ee49faef90894737f97b1c10b45319c9214d27d99d33b103ee43e135feb71adb912dbefb1c007f89a679edfe513e92449c7aa6670797bfadfe6f150d820f5440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
18KB

MD5
73b67f4f67b8825e832cfc1e2065e905

SHA1
f40c0260ef5a606bdde8ba78e364008b8fdc0065

SHA256
6d13bf40f76865f8e7b49f918af6d1fc0da4a0768c6e0d1d67d7683850704b5b

SHA512
0c1f5a7e666dc59f1d41c0854bb5f77f76473747f557f3000b1787c632064b5224419d89f040646e2a0a81f3f18658bd35222e07b106509ed9d05853ba384c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
20KB

MD5
efb9f6a1680c9d3ce3abe4d5a75c7c6c

SHA1
a454374b7f43f129d4245e73c2048849a78768c9

SHA256
96919908509422207d3fe3dbdf26a7bf0da651dae2b8481c4dce4ef0812add18

SHA512
1d6fa00634b899162a4e97adf05cdb97ca1eeaec3f43bdef4412ccbe4ae560ee19073817aab38508b724f177e7942b07982acbf918750fad0385d3b5db3d124a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
36KB

MD5
9a56f4eb7af045f304951ceac625d949

SHA1
669b2ef84c7cdd419c9dc893899f429fead33109

SHA256
0b81403335bc3a5ad450bac7ab9c397da343fb3d41aec9cabbce5bef4e03727b

SHA512
91666500a50f49fbae49bef7b531ad9bb816db1ccb877f36313f4db5621c871f83488f24390524868d2160b865e4ca13d170568e9b2c410151b6d7a7d66d42d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
24KB

MD5
fbed73500a96221ed192d65fc6ef892e

SHA1
46d3d36b5793dbb23e18badbf905d83c656dcc03

SHA256
cfae0206fd27562c98e51cc31ebbab697880fd8ccd1c976921dd0be5bc4e94d5

SHA512
b345c26ca8f534ad1158b878cce840079dc2501254369f0027fcf803325bc3440965d0124829e54ec787b4689d242843eb4d1052189d694519b4d0593c1b5fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
21KB

MD5
a032a907b90f136788e746d0428a0359

SHA1
0b4fc6d4fe1bd7e0f8f5c87dae50ad1a43351b67

SHA256
2a354649f57a81405daccfd6b5785da5f73ba638f2db591992cb7b739dac3135

SHA512
58668f356d289927edb51d4f56adb6293de305ba7b527e4fc3d8301566a43179312c877369c318609dd81bc331e54d2d38502852cc5f4650566a5aa68c3d5b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0346e514baa3eb7f_0

Filesize
227B

MD5
7583c7d9b7fdf827ab8120a5d83d84fc

SHA1
e448b7e7f62d9eb6769d9ef53a4140f98789367c

SHA256
2079ab1bb943c0daaaf21d17ec70610b40e188c2142693209cdc0ed4b2c9c15e

SHA512
d820e1fe68bb076c6185ead16685895018d88fb8e8fa6c6d7388d0be3b5f054ba96dd4f8e0bd06855df41bdcf74ccee5a5736fdd1bddb02bfa630e56cf94b665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0346e514baa3eb7f_0

Filesize
24KB

MD5
e0815d692a75f19e3de1e75d844a6e75

SHA1
0825d2d94c36ce316e274b7964f680116f51b356

SHA256
deecd1deb3cceb2d369d99a6b4e93dc0b2f2856a353fa56c479fd80132d2b778

SHA512
cc0bd87dbdc9caac1489935f6fdaec247ad5f44e9cd6346a7cea4686f5b446b22274e64a4b708dccc3ac6098ed27932dfadb95edd087796442608beae1651d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e4a4370143d83d1_0

Filesize
269B

MD5
2b2a97fb1de37a933dac13f3bdf48fb1

SHA1
88c185f89e2def31c1f01b6cf14ce62b7cabe5de

SHA256
c144dbea97367dc4c19e9d0044bfb312716cacc4cd1061b37558b5962733f77c

SHA512
681d61dce141aea502986b744e9f893ae835823c3d173f039c988fe1ff266a5b70ec84d0d28ad3eafb7d4d4b2db2a8fd0bb1a10c57a1f8201ae25f7cebc9ef71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0fb58a317ebb8a87_0

Filesize
250B

MD5
9b2f2c9bd241ab79aab1580efad963b7

SHA1
45852774c4af98beb32f0f5d63c09d090b7f43b0

SHA256
4dda0f27e5644d09e4b031a031ec49faf0560c462d792e482ca6bd908c2f7779

SHA512
a9bc8bac2b1106bff9925049948fd16b200e9a88adbc2c78a54fd5df54b426ed1a2d98523d3a771d9c8611ce1d2547c249cdb1a63ed7df5114bb3531384e9860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0fb58a317ebb8a87_0

Filesize
8KB

MD5
9d33336d1a4c42e98a83a8e80ef4adee

SHA1
f8a2cbf49fe422cbec1cedf609308b58a8bed732

SHA256
8f23d27cd34a08af3b562b2ba9eb1fde325efaddb86804d7edca69933ac4c8b1

SHA512
acf56c4dc232f84c4b88dc7403b82433b2b99d31bc7e2f75bf5e936a8a6f89d302623d3aa1aed633774d724dff6b2112d5002bf2fd8668d2c9daa3388a8c6176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f660ef002b76b62_0

Filesize
211B

MD5
aa511780999db6bd0bd6b7eb360e2f59

SHA1
9170005010a821fcac922a5d44247dd154c04efb

SHA256
448b0b0e5b20d8408261374eb4a5f364a802dc0b10f0d14963bf7ec2c643c99f

SHA512
6c95fb35e4991055f49caecd0108264633615f475a6624af679633cfac28dda1d6ecf7a450bb98ac466544ff233d6ccae832d293987cceda4ae7849a1b0bfd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4f660ef002b76b62_0

Filesize
39KB

MD5
a524e4ebf417a33717dc89d23a76db9a

SHA1
6d7873cf8a3fd3b809b7b1ac948ebd3e7f911bfe

SHA256
af2fcd2720ab0f515c1d23d516c17dcfe22d3186088c6f9880273eecb273a4f2

SHA512
a02d353c6f3a14fb69ad0b71426f236e395d25d06659df940ddd457ccaa536c6fd257d752bf7a4ca89ee8cf59f4500ff8d47976f1fbc7394301cbc76ea744bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8891b661ecd6fb56_0

Filesize
214B

MD5
4c14f0be0a1a5c606618ac0e4e4bc463

SHA1
88cd2a84b55cfd719eaaa54189055b0d66b14a00

SHA256
f491dfd6ef594b34ed2b84724bdc9c86716845a3c95421c0ddd761955ededfb1

SHA512
069d65675c907e178759c4fcc1c0bf5508cc994097f56e87919d4a341bf2f3866ad9cbfdb4cde7aafbdc9f100edb56679c9c947636e5e69dfa41ade3dd4a68cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8891b661ecd6fb56_0

Filesize
262B

MD5
5c93f10537f347a1a7f005bd1a627979

SHA1
ae2b956cc319c8b2693eacd5504d9d02bd7e99c9

SHA256
6aabc2e9ba6bdd17eeea42859d72f2671b142ed5eea8c27d69457cc303bde703

SHA512
b80513b5c10ef61429d735891171d8545fe5026599aef9259907304b6df4c1469836dfc5ed0f7676580fd91aeb459e74352f3a0eeea741476a562255fd276bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\956743ff5a975835_0

Filesize
154KB

MD5
815761460f85d6186ddd42e9accc1b83

SHA1
551991d4d7820740efca6eb0a58a7cfca5d08e91

SHA256
a0d5d46eb42ad6a66191207721102a0a094a7a340bef989667f946c5ba13188c

SHA512
401352041f9f65bbd117063d41111b11a0ac90179902bfb149e3176296241aeae3979fac5f516b478ce409909f667e91327011d2cba1806714ef2024dac7db8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa610d63257d55be_0

Filesize
255B

MD5
7c7d3fa9249971b7ddd79bf79d9df5f6

SHA1
7ce078ca3fba366375f01e2b4c2601e705d719e4

SHA256
025c49c4e191c86237a8f2ca9f31466ea12c45c8e40bdd96af2315398227641a

SHA512
f0473fa5323ac23e2007ef5c581179acb0249f4904ad71303887f04ea0fb1397b47f62dbc784002c6452e7cda8e2b61a8a6cacc28f002960bdc1cbe3b36925fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa610d63257d55be_0

Filesize
55KB

MD5
98a50aaad4a8904ccb89615bd284ee3b

SHA1
ea216e4beaf7a9483076641fb28ef63342424059

SHA256
fda4d0c01e171893c703696969da9b15d4713b6b4d6e8e8684e0ce1ae5a5987b

SHA512
0cdce85a4f5561d4386df22e460a8f4326c93eac018fe2a589760842560d88ac8f95d18b71f0489f474b9a8f629a61fcf8809ab7c2c84d9a2bb60437c9afb0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5b39ba0c2fcb1c8_0

Filesize
253B

MD5
c04571f09ca062ed4b88caa1fd0d8b4b

SHA1
d54c861d37aff3d964b9f02fd84b546556d48f3f

SHA256
2287ea4cb878c7e328011128f0e5c373acdc54611c3fd264bdb11a96a41aa75e

SHA512
a003869035c898dbd4f1df2c8020b0807b00b0791bea315c3b72c959e4d8964f1873dd63ad80833f6e4ab0f6c0682e662b6c0f52b9cb0588d88d58b6d113bca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5b39ba0c2fcb1c8_0

Filesize
301B

MD5
67bb3e5b3c7e5f9754ac9b88ad64ce6e

SHA1
8b93290d5b0f44fb110781cb1477783623b6df18

SHA256
f99ad5d728086e1b50ef11f2cb64449e351a3d20d6215dd0787701fadafaa24d

SHA512
8756982abfeb4ea4b76bf580ed3df2ecacd22c4c3a24dcc77acbeabc4639b24c23a28c320b514a48183644a6139f812fe47aad3326daee435986c98271c5d14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb0e3adb8d25131d_0

Filesize
391KB

MD5
dd83bd8d5e4082b745beffff87838556

SHA1
e250767ae031c6676b7ac5de3fd113aa1e2afe7e

SHA256
aeb166ea47ff07561ef704c8248c03239284d143f563b0ebc929ff6bd252fc7e

SHA512
2435e21046670e157d6b7cf9d58584e8eca6eb4113be3719241a07c12aafde81cbc5e0769f36ee975fb7473fff20c3b9e4b2fe06569bad6b69b7757ff74a1755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f374b38180a4809d_0

Filesize
239B

MD5
8e286ab2160463094ac9aede67ea5c7e

SHA1
b083a796f4578832aed180907770247d6fab3021

SHA256
6adc7f38af14e1a30e5bb3765bb544cbce7037f44779cba7501ddbaaf26dca71

SHA512
10feb14d1507dbf95c43e9b0762fa809c90df23e9640b713ac3139aaa9dfcd20d4548c589d79fdff6522e22ba107dcf02e3ba7ebcb7455616174a425bf984773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f374b38180a4809d_0

Filesize
36KB

MD5
d5ca441589031dee99d09adac624823f

SHA1
b29d3019eee7d5edab2f7cd555c7c1f7f01e63c2

SHA256
492868fa6a27712ec963adfdb16d8fffc4a7ac442437ecac79697d0027f124e8

SHA512
67e4909b2372a329072573c0594ba7b69dddde35db45609bff82ba7a82158c23e823113aa7ad1ca92ebbe0f1c46b60a0dff62315a5fcf06fed42530f852cadf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
acd024bb0688dd0c9c6cc0c5c6d02c72

SHA1
4e09fb304a2eb281a666301a588f900c3e115cf0

SHA256
1542d205b02d6e88b03f70a55b152f12501aef7770832688b2f879c7457fa95a

SHA512
896a841a99b3d9f1ddb9e937d9f90d8bc19a1367df703e9b2a289771fd5d3919860bb39adbd04c00a28118eb59ade83d4963c36c1d6990308849435ec31e35ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5665684beffce839dad9839e6b912f0c

SHA1
1a4887ebaee009b3328c2d62126c091cb60517ad

SHA256
76094fb18d5be87f339213001a87ffd7ae7af4848492646e8129e6de77c16230

SHA512
e877538aeba7f6d7e8aa4056d657bc62dd3e408bb6146b1b376171ee6b6ee1603018878afaef7091f9ed5f560e8af27cae9d7b0b89777314330463a969893df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9035bb65c8309ca693adedd10c5f07aa

SHA1
b8fc734f9812468f5c00bb26622d1777e2b074d6

SHA256
57dcfe4102c16db3cf61c79d7042d41ee6e40bda86cb7f7c0f315e0b41878078

SHA512
e7c315049ec3a9d2b94003094540b7b6580c390c659ecff079ad12e785f8294e3202d7094783b658f0b9685b45c9fb0d348ebb36ed0bf3da68f661cdeccc0fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
89d74e2cc79822ca8991314c115563e8

SHA1
2a99b6f63519bf6ada485273e91aed8838d8d6f0

SHA256
bcecf859abb51821f8dac22b043be74f164d473d0dfce18b5bac4f903dbad523

SHA512
e5384e4f1867788efbd42f4154411c8d6b6d71217d870a652a6d89a3331e2f170d216a68d6b8eed38195773fcc1f9d834ee22d0b3c4876dc0776368bf23c531d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
c1727a711ef7405565641db9ae5558aa

SHA1
c1cca34c5c1ee6333693f395200683ff6fad227d

SHA256
9103408c42884816422d21c80aca635d0f5a12964b122607efb28886f9267561

SHA512
3dbcb42331190debd127a2bbe957d863875066d5999f33ae0efc6ba01019579f6782ebf7602ff7ed9af73af6e85c88dbf64761cf02520f5f20737be5a2b3d1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
8f2be827a0949405af654db7446b3e4b

SHA1
54c92d042c70feb7ad3c8788b7c3f64e68e882a3

SHA256
a7e166c51992635461745692ae8becd22e53ad258b71dbec612ab4da2b34110b

SHA512
95ed65e3178e3d43fee58b67bb37fd386db13a313b2c85dabe6d38b8586713b42c5606d81bea0296b535f84c400e32703ae749adb456e8946725eafc3df58f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
79befd87e0fb38b040965aa7bc5b8d41

SHA1
8f67fb82814998a2f67de0da9cb8572ffc9aec6a

SHA256
6f7daa442e080f4216a9714c07ddc643d6056e34740490e9186bda80fc3ce142

SHA512
b898cfa4e58686162dc0cb02e04ab70c91bbf5f1893f2417a1af085d950aaf5621ca944a0cc3117fe5458c1eb03a1b5c69a8970a5c62b565f2a0546c5df7102f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
32414adef1995621c85d78333a1624ef

SHA1
015cc8b8be44240b7f9e8d84e1337ca171e914b8

SHA256
2a2adcea68116d9e38fafbc291d9724a746f6ac2d31310b99f0b961b82166ea8

SHA512
1ff9b1606bc51566663a9988f591b76bf08c328601e827018f9c2b7622ae7855bdc44fd3d0ba0a67492e54960b23a1d998f1c5b0464b6da84cb414d1d5d10043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
829e90e611cb38bad650770dd200e032

SHA1
83c24a11df87f5ffed6b4e4e20a8016635a7ef8e

SHA256
27e70e80565917004c355dbdea745273bd2ae85dde117dd8e154e03eb2b39bd0

SHA512
45cd8c2c5669ae8168dfdfa9329b512ea494459fab3a3934896dae60cd9218e9dd6997fdf20b23d343df31ad9d19f65f97dda66f7de67e8977ab79bfdd26f701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
c15a8a95d0095479efb9d2e32f1e638a

SHA1
90e7f168d18633fdb39f5a74454484f10f6b0cee

SHA256
b291bc724272f08e70195ecb6338a9346a19d98b1f8d4a5201337549bfcd776c

SHA512
80a4a908d963a852e24097676e7a86dfa6882f18ffe1667ef4e5424b3224b884ff32bded8290841974b6bd56c10990264adbadbad50af957ac0a8b514af7cecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
532fdc991de17a25d5956bd2afb2e099

SHA1
943fe7cea94c0573643952fd1a27edbaa363e0cc

SHA256
7f8fef8b5047c5553b140f5c6a7e47939deee7b2c0bdbac921d65d2dc7cc2061

SHA512
ff25c7a7aa9b7e33d1c4690c8ea6d12e0a76e19398a5caa09de83d717d43f5785eee5dca73fedc5c0a24f33838b3f23d0f2d4a002d55bb434f5887b68d310028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
db3a5db698c470403f48a9edae6bce28

SHA1
0ea4f033d66fb1892636b3a944b24bd6e30480a1

SHA256
c0c2bce086e8e8ac7b1e4b1243d60a7fa99207d2b385b65d96135394f4475b82

SHA512
edb1c8828f39d7a87b70e3e2c5a33672457c01335322e94caf39716c8c5bf157e63d665686e245cc896da279873a357cd74445f9c94caa840be443083f3538fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
8c69c6f172479a5e4030c1cd38ed02d0

SHA1
09ddcbfe2750260f933c97a2827d85b1ec4fdd26

SHA256
ce6abe0716d360a4ecc703ea07249b26dadb2dafd5648e5bec63324bf5d7cfa5

SHA512
fcb8bf555d1fbdd9cba5e631da3a8d3f857cd576b338582edf85e39fb018d69ffc6f8a2083864fad58b5b1627f8d0aa1433b9ac80314010ec176f199c67df9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
3743f5789695dc9ebeae3e457437f06a

SHA1
2840b12214dfc2490bd95f74e3537ae0c6eb83d4

SHA256
3c98164043f524d6b0b57c19837dc2cfec4cc9d5c65fb8618cd6f43b4955220b

SHA512
6fcba49dc7ed64cb2fa506d6dd48025a9482c5c6ed03113c768e3108101e3631ab8a49ae3ca2b315b0849109cf5f46a48e90515cb0f1de2dd5131654b06f4468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46402aab1c65dbe6c49b3b3df2f53062

SHA1
7d59b60717cd8bef78e81eaf7db32827fb6a1b62

SHA256
62463235b234dce5ad7037377f6fcd0ce854ebe39f2cd64516c308aa8dfb3e28

SHA512
6ba901375d756c7fe09a653966770c7a0e50df303ca351829d80e924078329df2f4e8f0ca035334cb0e30fc0055da60567b13a4686b9519d8297f46199cb1081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bc8c076aff3e0bb75b5ec9331bdfa0f8

SHA1
0fddd03009afd687e4c56fbd47a3b2de69344701

SHA256
253bf5e4d2b72e5cf2b97bcadd1e30a024f9b9dd5c80931fdb8c8b6648faa6ea

SHA512
5da11cf2fe6439bdee48b47399576f16b593f011ea451ca837bdf538c12258624fd5c410e2dd580b439859626513f9bf61fbd03c698f6b838c6f7811aa028d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d131750d4ab035f454a57e7fabc1716d

SHA1
c399d209754a7cfcdc469dc5d1c19e7c072f1d25

SHA256
ed4dcf6f7968f626815cfaf0c1e73cde3b56e4176686a9c7679087e5e87b95f3

SHA512
8a0a9548914c138fdf8d97f78e70aeec860053f115b6c77319e825a2b895ad02efd5f8ddc4c3b761ff32688429cd3f29371d863ece3c4fd03c3ffcf040579b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8ca0cc915eea85c3e3e77a9027ec5e3

SHA1
0b265a3ef69d0d4a8768e9b8bc0f4a6e8b3f7a21

SHA256
581684beb1f072f29d862a9e10bb97b6a011578fc82ee525c05a822214463b65

SHA512
c69f4643440d5c501ef7e1e1a6bc7e71f1ec18063b1394bbd321eea9be40e1e0aa91a3cd545beda9b623f74d0bcd2bb440a03e1d1a6ad66a5fc67ea976f5735b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
91bc32272d2bc862bd41d2d73718012d

SHA1
ef3d0b72d6b8b1569dcf63c96c56a659f8227d57

SHA256
59ad69e35d492563932fee5a69996e7cd610825a77c65598d16fd5a40db8b1e5

SHA512
4f0a39087fa56a46ff4b4104fd697da735d55a35463b6e79224f10fde2541f8cd04682f4ca60853b916963022d8b6ec33f458486dcc655d444dbdc698933d9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b845759b28be4c7cacf51e94925578d9

SHA1
905053360843fe4bbb26f70e82a05b3a340c3233

SHA256
2d21cd3838c0c8255bda0e54d3edcedf8f359ce58f404b26f43bf07d2852a387

SHA512
7e5b7f4cd7bb532a8f8cc5887ddc2081efedde768afd12724300c400a9b65c183ff096644630ebe2232f07a507f2fc539b533b0b33a16a7ac757eefc4547a2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6bb2556972da595e51f1776db50b348d

SHA1
4e8b7f42cf03fa2dfba0c89a8fc5829338ef1504

SHA256
6cdef0de1c92a11952f17000ae8ae0ee2546b3c413c4392f9dd5897175156816

SHA512
f88b5225c30b9a0ae416766d09692a08221799636b5d2cab3ffbc67dd9fac53549e183d87e2da9c430fd7688ba4b725dd75d0e3140f2de13968fff7b3601cf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b3b47fde7cc46798c99d2bc6339b8985

SHA1
3f2884e10dc7b7f5c85d53891566d55d541acfee

SHA256
ead74d80ad0d679d94bd770ebd90bd709f48f356cdce38709788af6fd48d1946

SHA512
840d5572a88485e06911f128a4bc4a8045c3d8ba361f27dddb5bf43fe39bb777ce687cd7f9c74f95d6187556e5c881d6562ba9187ae649ce52b1e16922cfa124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d1034e73f510d666c61b671413f5f899

SHA1
fe723a50c843be9ee5d78c9583bf471d4db2be4b

SHA256
e92540d9beca988839a67fdf1b507abeb9ec5611f0187d0864963533d3931ac8

SHA512
2790225f730e3f501bb7a0bf84579e9ff1af11e9d2ecf41ef3f8e8763ecef20384b234d395a85c50148ed3b7fbf5b3c0b435d7c5d9a88f68c9c2d6f395b4e765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7137f52fc4ae2106322e8df6eef0c822

SHA1
779c80f892303b87c8ac67e4d2344917eab9eee5

SHA256
e99adf0209c09bbc82de4badea05f9d811255fd4191ba55068d88ac23a829907

SHA512
b597a72aaf3adbac211878f0ea2e1aeef3584f53348278ac446d52cb5822c3abe7a044d36a721e989b44631d9a05af61f3df8861ba9bb3802caee6bbd997dea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2a5c511f0de612908a12c9d758cfcc35

SHA1
2600f9aa15dcd3bcb06b5e06edf4d09d7c70dbc6

SHA256
076019441981cd6eadb969bd76a80de396ac1579db4b795093ed6da820422a64

SHA512
4fc4361390dda739ddb25f735247100fa45d7ce156164b493644221b5d1928dec7d1393ef7c69e2f7b5183f5884f213c5bc7c7478f018baeec6506fa878a345a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
f7fffc2da82680832d7ef936cc1cb0ad

SHA1
cd98353556bfb0ed4f56aed92da0dbe0f06c3a51

SHA256
63b74a1f77276b2f9b5e6bd51a99e5abfa07c652c0d2c92e10aad2354929c525

SHA512
dbb1ec5bf95dddc7a0007a8c6e4eca5a464150e7bebdcb45a6f48a021b78ccc890851fde95e08bd8415a5ed6a5e403c139b7912605c679a200a90673a62fef54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8c0812a4eec8c006fcd5d76d54c1d3e9

SHA1
d30b35b00e2be6f7e1e4eb94039aa2674c8a3328

SHA256
42457a2c55261606c043f8e1b4753c8b02f0dd637e3cc7fa79560fef6dc80605

SHA512
6af9408be4e5cdccf4d7bf3488fdd955b692936f9049a95e8a056296004a2ea6f4bd379f2831ba5812fcfb3af8d10d17ae59494b663b4d98da5f5fbd9a063bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8a0bb8bbc1bc5b76025e30dd0bd5d91e

SHA1
3adc622fb19749d773af48d1a00ef76b53de3f0c

SHA256
1500390a862c905d706b0e06f1b774cdd1d0103748906da1611ff9063e09217d

SHA512
c5e97114d2f69a09a0fed78558df8b96e59f7206ecd8ed120b0c285246c041ff0fc671a94166933ce5ff95842cf949413c7f4ecd3ce6ca89d795d0392e63433e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
754e06f5b018a32710d74ed953a73397

SHA1
5bc85b8e24c1036d84f81ffc6d7c2a1e6643ab67

SHA256
fd6ef75a89824099589458abc4666917e87db7f48ab16d696ad9b75be50c209e

SHA512
bdb1f8a23f6b3995f25f6de37451b69a3a09b522aaff7862fd63f98f5e11190c76e2ae2c2c52d708aedaa77acdca41d37d2b724482682495a8daae7b12d410a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2874cff05b6902263b1c5dbc587a7ab1

SHA1
395f3daa814b9608b6343513b6e6ad017d760b07

SHA256
8c407796af43f5ca477b7917b334353832a1e20697d75ffdc9267ff1159356b9

SHA512
30e5e8d03eeb87e1dd95309c382cccc230d704a6498bbba363d01be54edfb9f4596403664f8cade6f1a0598645f30af82e31959f4887a3721452c91f122c39f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
9cd9dc5c2a0272ea6ac163537090b9b9

SHA1
0f9ea7b48beeb73982376a69814462d935d99594

SHA256
68114ecc32fbd9476d7656b2b9bdfc3594fb23736dfcf77b76fce631b5ecc621

SHA512
f25c90bbd86d525d8fc2bd3945d87d7c0bc5c16cf6d1dffe8d1c5a392aa26ab1b81e029b4f905506dd7aa90a20b0349b86e96b19d71210f2c9c61d774ccbad49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
25536d1bd0d787cf154ece1ff147c84e

SHA1
48aac4acf4bd13c9bc0ee1a44f293daa12757929

SHA256
73d68837d1aeb1d3f18a833a71b89e9f94f36a310a989742637173d3be3e9a05

SHA512
ce9d3d0b03aee8b80108c86edba420c692aa83feef2ae421e58294cd02c48ebabd13913dd750bbbf4d449b6f58c1dcb91180e3b0e80c8e4107c8aee5f28fb628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
a091ad7e66e66b6c23fa8e25905a05a4

SHA1
80ddf2c68edc3d26a39b26b347f5c6719a2fc024

SHA256
2639cc2010f8ac29042fe0d6fb6d02cc88240535daf20a65dcc0a0abc6c2a28a

SHA512
109444f8140dbad0e8ed46c89c16f6427ebb13975b089d6e983a90fa62e768fce86893d938f774a72c13447256a0e84b51ff07ec0bb2948307afa467f33896af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b906b0fb84297983e4eb24885495055

SHA1
452cef2563d1afada2932392b47149c254059758

SHA256
9d6325df8f1262c248e8d18197745745d7b23b44088685bd8e21999c5357a69d

SHA512
ad2c90b9785168008cea555ee052e54d064366851850055ee1c7235d78719b2f2672d4b08d24b3aa0a1e281a3375c27abb815dffd121f44ee94ed0b0e5a7b3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
96deb7b54fdc0ddaae5dae67f6f28e51

SHA1
28f88b6093ab22b99b8c96e2a71ce27b9156bef2

SHA256
be4cca042b1438d91d375c051f5cd00fc475f690a50ff8cdfd070c6729dbbb11

SHA512
3241dcdd3b2c849c45b5e269a773d2a7450a3dd9b01ab6222dd2f96d3fe70b03d1331d078af16533a423784c9a22847a62603e468157c86671daed102348bd37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c63e594b87de29f51386654f4c32dae6

SHA1
f0a9448530a9830b8dc2210777394578ec5ff048

SHA256
aa576bd57fdd5f70794891ea4f78c174163f3350e40f59ea10f78124f158823b

SHA512
62b9b8c470dc65536d25c76043196838b8aa8481510be26e238a4a38865f81438e3c50b5e8165be3354b8c87c68c8990db7ec76590e52f2eaa5878dbc48950b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a7c53103629c2b272f4920c17697ca8b

SHA1
ff01a270b5e79901bf8d711cbe83018fc89a87a7

SHA256
41f97fb1da5b700ac9e18cd34a8e1353a4851f0ae2cb8da6ce7a10033bba2466

SHA512
3ee7f25e3acba5ea6aa0bfb1a219e78a9d35c2c786803da1d083a4f33592867fe77bd45f0cef7afd130f560d1e2e6b86990814f9e3650b81ac72501d828f270e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
99c658cee224a0128dda1f44661bf8fb

SHA1
004271b06d0f258b3772d9c8526a1c54b9a36900

SHA256
84093e6bf4a31ff0b6b0db451d43d2638e8d904a3f7283c52f4d45059aa1e286

SHA512
86ddefaadf2f4e3b8403bcfcfc5a8c3b2645d58e83f936ff1013d35bfddbd0024b57bdc3d0ff753241c22c287a88ca7d141f44e346f1962820465f8094b5b1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580cbd.TMP

Filesize
872B

MD5
c48205ff67f0759fbaf4249f0bf9b813

SHA1
0820a0d2023823a58158fd75131b9603fb533a70

SHA256
5bb950cdebfffb0ebc7f0c9a26439d648440473d983194ce711e685a5690c512

SHA512
aebcf7dd8985ef4e43c57e12f4286f90f27ac75f6375efe6e98a388012ba1ae6d57b8a3fb494160aa828d750689493b4c69cbd89955b78a0898c14c2dee9187c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d736536bf50862695785474f85c21b02

SHA1
a5aa25681551de7cd09a962b7a8b1b9f8a2fa65f

SHA256
aff02387fc203ce9fa604702a1e83752c82ec14acf4b7446540e4203ff37342b

SHA512
8e83c67bc0aec3428dc163db063a11e2a14b9c352938c35a27d13bc81a5b7e8791db4a709833ca8214a41af352cf254c708f5797be9532de7cf43899c1360885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
820dacbbf74077e1b4fe5140d88b24fe

SHA1
7e82374e8b67c0a89fe88a7571f159f0087ab4a0

SHA256
3c1a12aa558789ebd87a350f252baadd1066a7d3c6cae056b39c59ffa6ebfa5c

SHA512
399fb6a586d98e68156ce14b289b34251d38e34d62b5a070d599b262a60becd3eb6814b20567880c97b35c49e4193f9f5b6fd88e1874b3ba614ef2310114a3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7c1f3a6538f02d0c8594cccdc1e6591b

SHA1
02de0aa47b4ab32c606bdb7b91c872c7df26f645

SHA256
45c1e736c856b0ec636c2d37e2e4fb80db713659984b8493b1be2f1a1e828d8d

SHA512
52f63bb1a26c0c227b8ba42e5f107ccd7cfb19cd7f6d28759a01ec0fedcf2d1eca2ae012278e394b9be131366d276c53719b521317e2888f6b721bf214c0c899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a8c83d3c126ec65eb7a24d1a8b0a8397

SHA1
3f5200f0133cd75fb85383c028ea2a4e78cfbaa1

SHA256
2e063fe6eca61c7f05cc7c793d4d6f881033de637feec819fc52ff25f42f75c3

SHA512
9f66a81f8ea66de47465a8e3f4db358c01a7dd42859d64ab7c717d8d672f3827b195f7c629c08d667770eeca5bf9c65670b4f40befe498dc50022762ffa66f0c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\WannaCry.EXE

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
memory/2464-1903-0x00007FFC2B300000-0x00007FFC2B5B6000-memory.dmp

Filesize
2.7MB

Download
memory/2464-1901-0x00007FF616980000-0x00007FF616A78000-memory.dmp

Filesize
992KB

Download
memory/2464-1905-0x00007FFC44F90000-0x00007FFC44FA7000-memory.dmp

Filesize
92KB

Download
memory/2464-1902-0x00007FFC41230000-0x00007FFC41264000-memory.dmp

Filesize
208KB

Download
memory/2464-1906-0x00007FFC432E0000-0x00007FFC432F1000-memory.dmp

Filesize
68KB

Download
memory/2464-1904-0x00007FFC453C0000-0x00007FFC453D8000-memory.dmp

Filesize
96KB

Download
memory/5200-1927-0x00007FFC292E0000-0x00007FFC2A390000-memory.dmp

Filesize
16.7MB

Download
memory/5200-1925-0x00007FFC41230000-0x00007FFC41264000-memory.dmp

Filesize
208KB

Download
memory/5200-1924-0x00007FF616980000-0x00007FF616A78000-memory.dmp

Filesize
992KB

Download
memory/5200-1926-0x00007FFC2B300000-0x00007FFC2B5B6000-memory.dmp

Filesize
2.7MB

Download
memory/5200-1928-0x00000221E5310000-0x00000221E541E000-memory.dmp

Filesize
1.1MB

Download
memory/5796-3699-0x00000000737D0000-0x00000000739EC000-memory.dmp

Filesize
2.1MB

Download
memory/5796-3702-0x0000000000580000-0x000000000087E000-memory.dmp

Filesize
3.0MB

Download
memory/5796-3701-0x0000000073A70000-0x0000000073A92000-memory.dmp

Filesize
136KB

Download
memory/5796-3700-0x0000000073AA0000-0x0000000073B22000-memory.dmp

Filesize
520KB

Download
memory/5796-3698-0x0000000073B50000-0x0000000073BD2000-memory.dmp

Filesize
520KB

Download
memory/5796-3737-0x0000000073AA0000-0x0000000073B22000-memory.dmp

Filesize
520KB

Download
memory/5796-3736-0x0000000073B30000-0x0000000073B4C000-memory.dmp

Filesize
112KB

Download
memory/5796-3734-0x0000000000580000-0x000000000087E000-memory.dmp

Filesize
3.0MB

Download
memory/5796-3740-0x00000000737D0000-0x00000000739EC000-memory.dmp

Filesize
2.1MB

Download
memory/5796-3738-0x0000000073A70000-0x0000000073A92000-memory.dmp

Filesize
136KB

Download
memory/5796-3735-0x0000000073B50000-0x0000000073BD2000-memory.dmp

Filesize
520KB

Download
memory/5796-3739-0x00000000739F0000-0x0000000073A67000-memory.dmp

Filesize
476KB

Download
memory/5804-2391-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download