Analysis

  • max time kernel
    300s
  • max time network
    302s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250410-en
  • resource tags

    arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    02/05/2025, 10:53

Errors

Reason
Machine shutdown

General

  • Target

    https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:5968
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffe2c65f208,0x7ffe2c65f214,0x7ffe2c65f220
      2⤵
        PID:5956
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:11
        2⤵
          PID:4616
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2164,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:2
          2⤵
            PID:5256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:13
            2⤵
              PID:5568
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
              2⤵
                PID:2264
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
                2⤵
                  PID:3744
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
                  2⤵
                    PID:3848
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:14
                    2⤵
                      PID:5988
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:14
                      2⤵
                        PID:984
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:14
                        2⤵
                          PID:564
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
                            cookie_exporter.exe --cookie-json=1136
                            3⤵
                              PID:5896
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:14
                            2⤵
                              PID:5688
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:14
                              2⤵
                                PID:2908
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:14
                                2⤵
                                  PID:396
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6168,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
                                  2⤵
                                    PID:1544
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:14
                                    2⤵
                                      PID:4456
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:14
                                      2⤵
                                        PID:2012
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:14
                                        2⤵
                                          PID:5896
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6580,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:14
                                          2⤵
                                            PID:3136
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:14
                                            2⤵
                                              PID:2840
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1180,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:14
                                              2⤵
                                                PID:2464
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:14
                                                2⤵
                                                  PID:3256
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5860,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:14
                                                  2⤵
                                                    PID:4740
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:14
                                                    2⤵
                                                      PID:5644
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1252,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=880 /prefetch:14
                                                      2⤵
                                                        PID:828
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5528,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:10
                                                        2⤵
                                                          PID:5744
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:14
                                                          2⤵
                                                            PID:5636
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=3308,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1
                                                            2⤵
                                                              PID:2392
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3664,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:1
                                                              2⤵
                                                                PID:5912
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6328,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
                                                                2⤵
                                                                  PID:5896
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7092,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:1
                                                                  2⤵
                                                                    PID:3228
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7112,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
                                                                    2⤵
                                                                      PID:5160
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7036,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1
                                                                      2⤵
                                                                        PID:3776
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7416,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1
                                                                        2⤵
                                                                          PID:1492
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7584,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7604 /prefetch:14
                                                                          2⤵
                                                                            PID:5984
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7624,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:1
                                                                            2⤵
                                                                              PID:104
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7644,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:14
                                                                              2⤵
                                                                                PID:2092
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7440,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:1
                                                                                2⤵
                                                                                  PID:6016
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7628,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2964
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8016,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:14
                                                                                    2⤵
                                                                                      PID:5536
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=3684,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6068
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6324,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4612
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7408,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:1
                                                                                          2⤵
                                                                                            PID:1912
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5024,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3692
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=6112,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
                                                                                              2⤵
                                                                                                PID:5076
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7456,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:3492
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=6728,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:712
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=5584,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:2632
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7056,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:3400
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7396,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:14
                                                                                                        2⤵
                                                                                                          PID:2912
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=5472,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:4604
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                                                                                          1⤵
                                                                                                            PID:1524
                                                                                                          • C:\Windows\system32\cmd.exe
                                                                                                            C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                            1⤵
                                                                                                              PID:668
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                                                                                                2⤵
                                                                                                                  PID:3496
                                                                                                              • C:\Windows\system32\LogonUI.exe
                                                                                                                "LogonUI.exe" /flags:0x4 /state0:0xa39d2055 /state1:0x41c64e6d
                                                                                                                1⤵
                                                                                                                • Modifies data under HKEY_USERS
                                                                                                                • Suspicious use of SetWindowsHookEx
                                                                                                                PID:1004

                                                                                                              Network

                                                                                                                    MITRE ATT&CK Enterprise v16

                                                                                                                    Replay Monitor

                                                                                                                    Loading Replay Monitor...

                                                                                                                    Downloads

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0f49d960-25bf-439b-8eae-e2ef7e54ba29.tmp

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      MD5

                                                                                                                      bd6c58a52af88bd60e4b42abbec3b6c0

                                                                                                                      SHA1

                                                                                                                      46b376ed3e40523a6eea4d88f546166d34057a92

                                                                                                                      SHA256

                                                                                                                      7d2bb34d26aa146f9c52cd5c70279c25f1847b11c625ce4d34f385b31644599b

                                                                                                                      SHA512

                                                                                                                      be8294752bab018fdd3d8390886eb84aa17ff8161cc04e7fc549b22169f5dcb7e7b596ee9cf678552ff5f63a4062b11d52ec7a41e5a877f20e6f55089e4a9a0f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                      Filesize

                                                                                                                      280B

                                                                                                                      MD5

                                                                                                                      978d790ea9bbd3b3113b1d32773304fa

                                                                                                                      SHA1

                                                                                                                      61c9b3724e684c2a0507d7c9ae294e668e6c6e58

                                                                                                                      SHA256

                                                                                                                      36c686a276e904607d2a18c2a2fc54467fb8dc1698607f5d5a6cefb75aa513c8

                                                                                                                      SHA512

                                                                                                                      d50740255d20d2a5e6abdc78f4fe9ef6e832f2ffe9ecc200916a73db1e0dd37d67d88996b315e128bf5b77bb110e4e8c29905aa5d90b83019be2cc8127d0dfc5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d1a87e66aff9848_0

                                                                                                                      Filesize

                                                                                                                      228B

                                                                                                                      MD5

                                                                                                                      077d3289c0ad1fe7fa9932887cfe12e6

                                                                                                                      SHA1

                                                                                                                      04b9f1ef39ac3de100add5681c171d8e40431488

                                                                                                                      SHA256

                                                                                                                      cf384c11221c2f72319974356aeef1be8cdbe05a66a2700565bf0a57736bff6c

                                                                                                                      SHA512

                                                                                                                      391827f68ca7af248cc1a11be4d32eb45e814c2dadcbd9dd1d95ddb18a4cbd6e4e8b2f4d0eb6229a19e8f2b19f9c1cb9ffb58e379e9ec0e344ef8c855ca05fc3

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      ecfe92074b008887c549ba61f4aee0f3

                                                                                                                      SHA1

                                                                                                                      fd79aac8050b0f4152fedc528ec3257299468b01

                                                                                                                      SHA256

                                                                                                                      64333202eeb42a4b7beed97c2829f3cc63c2a03b3bf1edbe04573eb297bd7985

                                                                                                                      SHA512

                                                                                                                      4f4bc0a0d38bef00eaf9bfa179870213e2915c43391f0cb79b7abee0db8478d7e26d74de4b254ded703f8179e2cecef209fc37b761ca19d310bceb26fd3c87ed

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      9adddde7559ebb0d4d4e45796922af1c

                                                                                                                      SHA1

                                                                                                                      14072eb37afae482321680406325d57c797ab57e

                                                                                                                      SHA256

                                                                                                                      7f2bdb3bb6ec8ac4a2855248cd87152e55adcb5d39742d1ebdda77ad09787543

                                                                                                                      SHA512

                                                                                                                      d68811a2e26b3c9dc29aeb203aa0704998c134bf67666a8235b1a841e4e03ed3dbfff936a8e7834c547e3c5b67e989806af5afd05146a1514beab122b3b41d7f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                      Filesize

                                                                                                                      5KB

                                                                                                                      MD5

                                                                                                                      2e7a4bb53b7cffb6302ef6de5738ff8f

                                                                                                                      SHA1

                                                                                                                      fca5b0420af8fb4747b6c30860e626e7acde8bda

                                                                                                                      SHA256

                                                                                                                      809d1addfd82be7c16207f9e8c50ac8c021d66cfea4bb05530a94570771a4554

                                                                                                                      SHA512

                                                                                                                      2dbe0e4a38ae773cb4d44678b34b89fe0cd1f010d7c10b1678b1fdf6bcc6c1b7fcd63902ea0c5e51330aa710b96efb211d669772e545aba67d550d38539dcdd9

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cda0.TMP

                                                                                                                      Filesize

                                                                                                                      3KB

                                                                                                                      MD5

                                                                                                                      763c68576cf180c251b124a510cbfe41

                                                                                                                      SHA1

                                                                                                                      f31d31f423fb63340021954bba6ec02c8fb5183f

                                                                                                                      SHA256

                                                                                                                      9dd2ea9ea9badf94b83c0d053452cd50e6bf4536b10ad869ee8e5befa2e7396e

                                                                                                                      SHA512

                                                                                                                      24350848a4364daaed5f97fadcfc98e46f0dc7c1f38eae8f36da6e3c7925f971daf8111164e312830fd7c9c0d940005d1bf77a5ff07c3decc8481c5124e2fb58

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      99914b932bd37a50b983c5e7c90ae93b

                                                                                                                      SHA1

                                                                                                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                      SHA256

                                                                                                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                      SHA512

                                                                                                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                                                                                                      Filesize

                                                                                                                      108KB

                                                                                                                      MD5

                                                                                                                      06d55006c2dec078a94558b85ae01aef

                                                                                                                      SHA1

                                                                                                                      6a9b33e794b38153f67d433b30ac2a7cf66761e6

                                                                                                                      SHA256

                                                                                                                      088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd

                                                                                                                      SHA512

                                                                                                                      ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      9KB

                                                                                                                      MD5

                                                                                                                      00a1750fee285153f57bc190ba3da1c6

                                                                                                                      SHA1

                                                                                                                      5796661cb02e7c66c3084303209c77797b67343b

                                                                                                                      SHA256

                                                                                                                      cd56c698878a3b7ddd18ab268aa13d646d6a0f8abb49ae26eac2f075148c6239

                                                                                                                      SHA512

                                                                                                                      07933899227136cf4adb1a65f9455a78555af75a6b309d65aff9ecf4339589b7765b45694fdb08651ae093594c1385aee58e0ec0c3245e081332d991428074f0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      17KB

                                                                                                                      MD5

                                                                                                                      76e2849cbf1f424200bee2943f4507d2

                                                                                                                      SHA1

                                                                                                                      a929fffd41746f36ff0c767323b223aebd2bfc6a

                                                                                                                      SHA256

                                                                                                                      595e170e0625e2558372dae080145950fe037ce6d6bca60802da6dae8562c44d

                                                                                                                      SHA512

                                                                                                                      01e32237debf22afd5ee892b3172b7e3e3fd1a67481be9a448087bee6a04df7ced9ad858813220d940f8005bd2779dfd2007e179df14168550b9b2af4e500552

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

                                                                                                                      Filesize

                                                                                                                      17KB

                                                                                                                      MD5

                                                                                                                      14da9a7f0b3bc08b83581c90dd4f878c

                                                                                                                      SHA1

                                                                                                                      4b9f61db35e815efb800feed5eb5854b52fc293c

                                                                                                                      SHA256

                                                                                                                      1ba5128f146d642380b1132b60a5276c1026ec1c8f4949fc3a1d2232e17438a2

                                                                                                                      SHA512

                                                                                                                      360308b175b270cb3b2f44c0d161f92e88827733f49dc24f2a6b61829f60cdbdf1860caa36ecb2f965671e5e2ae389a597832c181b50ea7f00de0fdb4a619cb5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                      Filesize

                                                                                                                      2B

                                                                                                                      MD5

                                                                                                                      d751713988987e9331980363e24189ce

                                                                                                                      SHA1

                                                                                                                      97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                      SHA256

                                                                                                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                      SHA512

                                                                                                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                                                                                                      Filesize

                                                                                                                      40B

                                                                                                                      MD5

                                                                                                                      20d4b8fa017a12a108c87f540836e250

                                                                                                                      SHA1

                                                                                                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                                                                                                      SHA256

                                                                                                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                                                                                                      SHA512

                                                                                                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      21KB

                                                                                                                      MD5

                                                                                                                      d97a1479ef8e9adccb8901468f83e2d7

                                                                                                                      SHA1

                                                                                                                      8f4d9d916f072139ebc821d57a525b0a0b5dc879

                                                                                                                      SHA256

                                                                                                                      60a2de71f10258cd441d100067a25fb393344304bc66ca294e4c0151ffccae54

                                                                                                                      SHA512

                                                                                                                      d16e7bb382ddc0e79e7d181eb694251379d65f784e6313721362a470d0e658d4bbded9283ebe0e476d9bb8dcb841d297e9ffd183d9b27f7442f0479bcddabd64

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      18KB

                                                                                                                      MD5

                                                                                                                      16a3f9a135918cc5e707687d71b25bc1

                                                                                                                      SHA1

                                                                                                                      150d393105656ab2da282598c31997570e9031d0

                                                                                                                      SHA256

                                                                                                                      69fabcc5aecfc882f156393a9f750df6064d308e70cc985733b640e399e3edcd

                                                                                                                      SHA512

                                                                                                                      f6688fdace7a3e733b2d1bcadbf0a2b21f1474af64546aa232e10f6a8e4d5d70c666ac2e02fe4e1bea86ecab37ecb9191a0a1685bc8bd499fe0771ce30b337a5

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      21KB

                                                                                                                      MD5

                                                                                                                      3c205eaa1fa4c70a53fc682cee644f46

                                                                                                                      SHA1

                                                                                                                      097e38954ddcfdc4f8ef2c218e65a241d4921932

                                                                                                                      SHA256

                                                                                                                      be7f529ea2933f32c728d64179b68e514bb3bdd76507efe86f605f6e3b74c953

                                                                                                                      SHA512

                                                                                                                      af2f108f81dffc3e822f39042434ea910c14741c1704d27505cecab79f763f82c7d7983f0af25f248d7954a7e8f2df2f122f2a4aa233978874dce75a77c6e5f0

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                      Filesize

                                                                                                                      17KB

                                                                                                                      MD5

                                                                                                                      0a9d4b975c4486555b2ebcda136dafbd

                                                                                                                      SHA1

                                                                                                                      423843f8b6bebb862e75f8e33bf44a2d1caffb12

                                                                                                                      SHA256

                                                                                                                      06549a02046a3410d99a4e6e9fa12901e0ee83edb1e6fa4efc752480decbfd0f

                                                                                                                      SHA512

                                                                                                                      4dbab4950f56c9ae2cea86c17d6fdf4f6c79a365656f85309f68ba02548be95417412ecfa77af782f24e969dfe4ab9524846eb2b05dea3e4cbd40bed15b4d000

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                      Filesize

                                                                                                                      37KB

                                                                                                                      MD5

                                                                                                                      3c9a014e99da4692a52a4a0cac5c6861

                                                                                                                      SHA1

                                                                                                                      796e222022ab199eb0625be1bf5a4a813b941605

                                                                                                                      SHA256

                                                                                                                      bcca782ab1ed409ae127005ebc1634544bbcdc12326f2b0f2dce2fba96e75b81

                                                                                                                      SHA512

                                                                                                                      28ca90e69b91ce3bb47f535fc5f07ca81fc02c27b0b2ac7be019a294e23496469f5479b9f210a61703e55b651feb8787945d055e73b999708ea9215e0394fa44

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      3caf83b8532d2ea7842a3e37756bdc5f

                                                                                                                      SHA1

                                                                                                                      1913781fc4cfd97e24f7d076b84aa701da8e817d

                                                                                                                      SHA256

                                                                                                                      1bb6816eba2a71d94a130c43d7b53541a8ef2d2c2ca945cabbb1efdec404988c

                                                                                                                      SHA512

                                                                                                                      5e8db452f881621e1f0652ff35a4f1e06cc0aed9c5c97e85677efb81b8c46fc40726233d098b2e11f9e18ad37c7380df3f2a6dfb03f2732053155544235cb7cd

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                      Filesize

                                                                                                                      467B

                                                                                                                      MD5

                                                                                                                      1f0554b5dbda292d49ab53877b0fdc67

                                                                                                                      SHA1

                                                                                                                      1f061892b25d98de31b0d9e5de0fccdf7b04ab5b

                                                                                                                      SHA256

                                                                                                                      4a3d3e646d6d893a6c84f4703f5984529cf46fc5057b29af6c91220382701020

                                                                                                                      SHA512

                                                                                                                      7e22f2e1db2d38c8acb3fce9bc5340e9dedc53092ed4091fc33746496e858bc48128640285240d0ed6e96805967ce41ae0d5976be22cd5b651d5330296e35223

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                      Filesize

                                                                                                                      900B

                                                                                                                      MD5

                                                                                                                      ab79fc6f26a662e69b4d278321f08bd7

                                                                                                                      SHA1

                                                                                                                      17227002230b3652feb23de460646cc1055e5c73

                                                                                                                      SHA256

                                                                                                                      f297d4c6ec995fa61255d49b14ebabafa331c3ea06ddf3a5ba74758d41b4305e

                                                                                                                      SHA512

                                                                                                                      ae8eed24fea764f19926f9ba7d34b8fc11bc8e29852b9f25e11a7e0e7bfd459037e26d2bdec137d29d9cbc29a32fcd4ac13362ce4dc7dd3ad972b33cad16a9ef

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

                                                                                                                      Filesize

                                                                                                                      23KB

                                                                                                                      MD5

                                                                                                                      c18475a405bff1922ca859c0c7624b2b

                                                                                                                      SHA1

                                                                                                                      ec2a81ad389ce994bb037107020fd5e901e537a6

                                                                                                                      SHA256

                                                                                                                      c72dd533c544638f91b32780b03d166808245a2d423bc6cc06e6c4c3fecbc450

                                                                                                                      SHA512

                                                                                                                      8f8693273df42df9efedcfaa6bd1ef15ba4ed529d74a25b6443177600c94899539bda81783a963afd21e31c380b1788f67932a08b243cf104b5cd96882400fef

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

                                                                                                                      Filesize

                                                                                                                      22KB

                                                                                                                      MD5

                                                                                                                      3f8927c365639daa9b2c270898e3cf9d

                                                                                                                      SHA1

                                                                                                                      c8da31c97c56671c910d28010f754319f1d90fa6

                                                                                                                      SHA256

                                                                                                                      fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

                                                                                                                      SHA512

                                                                                                                      d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      54KB

                                                                                                                      MD5

                                                                                                                      40e118c25f09ec5b0e8dc47cc504e654

                                                                                                                      SHA1

                                                                                                                      a22a78d48561192b1b2edd6d8dc0cb7818c24937

                                                                                                                      SHA256

                                                                                                                      8416789467c9855685399e91ba85c838d62092d5f6fcf38acc7862a2be892fc1

                                                                                                                      SHA512

                                                                                                                      3dae29580674e3985eaea0382cdcf26278b502039efc1469358edc478ba8376f0449be3ae26dadd8327ff49b9fe82222d203d6b58d489661329463b557c15c3b

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      54KB

                                                                                                                      MD5

                                                                                                                      c9dcd637968f913b5306c8dd1145297e

                                                                                                                      SHA1

                                                                                                                      76ed6b8a983981b6c552ba02c9ebb50138e6fc96

                                                                                                                      SHA256

                                                                                                                      1b657ef4fdad2ea02b1ecd04cd90058155c09e8265a95f1ac2a0718d30b0ff99

                                                                                                                      SHA512

                                                                                                                      b37d41254b599d3836573513e4a797c39d7591aea54692998f16520624d4f1379d5d8cebfd3f062e65d2a56c469c3bdec1fd25d912e95e9b71ed902e45402be4

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      54KB

                                                                                                                      MD5

                                                                                                                      e43f473b23fff68ca2c3cb994a15dd68

                                                                                                                      SHA1

                                                                                                                      3429f2d536f30eb6fec4cdebbdb12753aab434e2

                                                                                                                      SHA256

                                                                                                                      83214621a11f866497158dcbd171b5838798ba2bac0e15a897ce20bac65e29b9

                                                                                                                      SHA512

                                                                                                                      97371b309c5d76737d8ba7fb1fd6d4a76966777cd92d9dbf56b667176aa03b31a48f06b0f0d0a794d4302fbc90a97cdbe914d54cc78a608096d0a63ae70e4204

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      49KB

                                                                                                                      MD5

                                                                                                                      53c7852504c426a0e396efb07e24beb9

                                                                                                                      SHA1

                                                                                                                      b2d667154a735abb4861c86973de222e7bf13349

                                                                                                                      SHA256

                                                                                                                      d7fb074ec935334e2cad466e3bd1cd167d62173c0290aeebf7a814ad094908e8

                                                                                                                      SHA512

                                                                                                                      b109f01150fabf3f5c986e2a0d800636a29f42701d276a7c3c39a7b2484b92fea75ae686bfb3d6cc0e60c7526347e9cf3f6cfa4bbfe0628ea83d30a40a3dee8d

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                      Filesize

                                                                                                                      40KB

                                                                                                                      MD5

                                                                                                                      75d234ae1b59bb2987a874d038f7f14a

                                                                                                                      SHA1

                                                                                                                      c527a2a03b563bc93536ea4c4d1febb44ec2c1d7

                                                                                                                      SHA256

                                                                                                                      718d424934eb9738a23e8b021c79ca6ab62183b7569e5f12658512960478f6d9

                                                                                                                      SHA512

                                                                                                                      be99ed948333bb6a881d77922280413fa68dee4efbfeb853643d5aa649fef4921b2b6a693fe5b69fd5cca1685c29e55780797292426b1f6d3eb18bd4aa410859

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

                                                                                                                      Filesize

                                                                                                                      392B

                                                                                                                      MD5

                                                                                                                      ea648cc2d4c92f5710082fd874819e57

                                                                                                                      SHA1

                                                                                                                      893a72a77ced19049433f6cac3473e7db1832937

                                                                                                                      SHA256

                                                                                                                      2886b96d53d0439ce9cb14cdc157865846e40dd3b8308a0ca3665b89f68c9ad0

                                                                                                                      SHA512

                                                                                                                      e6d6e4c26d756b08efc87d84f6f456fc6061efe71601c25355fe313051f0c1e4f91213cacefb7e9272a0de520697430684d74878b5bce80e19be17b5cad2a507

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5a3327.TMP

                                                                                                                      Filesize

                                                                                                                      392B

                                                                                                                      MD5

                                                                                                                      1c6e9bde1a150b43dc34831f5cdbef75

                                                                                                                      SHA1

                                                                                                                      30ecda5509a187e1156e7ac20241874dc51d13b5

                                                                                                                      SHA256

                                                                                                                      77b2a48499cfa40733425ff3f4042dc7b5fc7eff5e16e6e8bd8ab115a6eea21c

                                                                                                                      SHA512

                                                                                                                      338ca2a0a8f32f3f0da6bc4f65d843a2c7da2b0f4ce8a9942a8394bf6b99d7d7cbca5f2b258106dd5470208b1f72270c94a9c3ad988e77a36dc7e519e583886f

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.1.1\typosquatting_list.pb

                                                                                                                      Filesize

                                                                                                                      66KB

                                                                                                                      MD5

                                                                                                                      45b4f63711eaa89d9c9792be8b19c2b1

                                                                                                                      SHA1

                                                                                                                      59c28d96b19377751accf132f1c42557e2e1fa8c

                                                                                                                      SHA256

                                                                                                                      9144637db432c2e17209b2893ba67278fd1acdad9231096674caf7a6b4236253

                                                                                                                      SHA512

                                                                                                                      43902e07f6eca8141d458e84d1fc136d850cdf1551597993099de6e2496d29686f8f93263be94abe023588ef5f979533d3e1baf29688c992bc902eea550f8256

                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

                                                                                                                      Filesize

                                                                                                                      153KB

                                                                                                                      MD5

                                                                                                                      b0917d8e6c5b6be358bff67f84eb8336

                                                                                                                      SHA1

                                                                                                                      a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d

                                                                                                                      SHA256

                                                                                                                      dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60

                                                                                                                      SHA512

                                                                                                                      cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451

                                                                                                                    • C:\Users\Admin\Downloads\MARCUS V6.6.6 (1).bat.crdownload

                                                                                                                      Filesize

                                                                                                                      4KB

                                                                                                                      MD5

                                                                                                                      b60fc6f6d510b82a30cbfe4b9077d884

                                                                                                                      SHA1

                                                                                                                      44c0eef3499c25b5ae1dd121cce632be7867838f

                                                                                                                      SHA256

                                                                                                                      cceeb92860e76b890cb6157660921a57ea21e9a3d94605d7596875e0626304bf

                                                                                                                      SHA512

                                                                                                                      0d92beb96bd58879c79d001192b287e8a75ef821f02edbcc15404e81a87e8b5f86c29e7820514280d046f20bf08fb4be7bb43cbf39c9bbcadcd4eeb363e6cffa

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\manifest.json

                                                                                                                      Filesize

                                                                                                                      69B

                                                                                                                      MD5

                                                                                                                      b721bdf2924d658186ac8868dbd2c008

                                                                                                                      SHA1

                                                                                                                      914aacc65bb7933bd73aa06f8bd2ca0b04de3858

                                                                                                                      SHA256

                                                                                                                      dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3

                                                                                                                      SHA512

                                                                                                                      4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\LICENSE

                                                                                                                      Filesize

                                                                                                                      1KB

                                                                                                                      MD5

                                                                                                                      ee002cb9e51bb8dfa89640a406a1090a

                                                                                                                      SHA1

                                                                                                                      49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

                                                                                                                      SHA256

                                                                                                                      3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

                                                                                                                      SHA512

                                                                                                                      d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\manifest.json

                                                                                                                      Filesize

                                                                                                                      85B

                                                                                                                      MD5

                                                                                                                      c3419069a1c30140b77045aba38f12cf

                                                                                                                      SHA1

                                                                                                                      11920f0c1e55cadc7d2893d1eebb268b3459762a

                                                                                                                      SHA256

                                                                                                                      db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

                                                                                                                      SHA512

                                                                                                                      c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\manifest.json

                                                                                                                      Filesize

                                                                                                                      176B

                                                                                                                      MD5

                                                                                                                      778202dc964e7fb0ab5bed004f33fb14

                                                                                                                      SHA1

                                                                                                                      932ed013275e2c1172575885246c937c7cca87af

                                                                                                                      SHA256

                                                                                                                      4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9

                                                                                                                      SHA512

                                                                                                                      9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948

                                                                                                                    • C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\manifest.json

                                                                                                                      Filesize

                                                                                                                      117B

                                                                                                                      MD5

                                                                                                                      a0fedd9b29991ae92455f05414e5fa74

                                                                                                                      SHA1

                                                                                                                      300c53982db6bc2bf1875a8e85518e93b94d1f15

                                                                                                                      SHA256

                                                                                                                      e3fede606090dcfbb6446f4da29cb6ef3afe7d0b0c8faeff52f7feb2557fdfc8

                                                                                                                      SHA512

                                                                                                                      63ce6bd825cb611f34ae5d3a71eee40af7afc460d5a6ece59d4bb86d37a38a9e6a519d30adb720ddedf332754a3ba5f44b578cac3a610ecb8182c0ac3912615b