hxxp://google[.]com

Analysis

max time kernel
300s
max time network
302s
platform
windows11-21h2_x64
resource
win11-20241007-es
resource tags

arch:x64arch:x86image:win11-20241007-eslocale:es-esos:windows11-21h2-x64systemwindows
submitted
02-01-2025 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

7^/10

steam discovery motw phishing

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1276	Setup.tmp
748	Setup.tmp
4652	Setup.tmp
756	RPGXP.exe
1196	RPGXP.exe

Loads dropped DLL 4 IoCs

pid	Process
1276	Setup.tmp
1276	Setup.tmp
756	RPGXP.exe
1196	RPGXP.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
185	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
2040	GameBarPresenceWriter.exe

Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in System32 directory 6 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\is-DNQHM.tmp	Setup.tmp
File created	C:\Windows\SysWOW64\is-LJCIR.tmp	Setup.tmp
File created	C:\Windows\SysWOW64\is-BOQAU.tmp	Setup.tmp
File created	C:\Windows\SysWOW64\is-EO8UJ.tmp	Setup.tmp
File created	C:\Windows\SysWOW64\is-REB94.tmp	Setup.tmp
File created	C:\Windows\SysWOW64\is-L8T71.tmp	Setup.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Icons\is-M0FLN.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\BGM\is-OLU44.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-0GKSG.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-PH1S2.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-9VVMG.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-B237V.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-F1PK7.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-2Q5D6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\BGS\is-9U8OE.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-KI1BF.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-RGR6C.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Autotiles\is-2HEC3.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlers\is-GE602.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlers\is-K7MG9.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-NQ9PK.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-1RB33.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlebacks\is-NQGI1.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Icons\is-GLVTV.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-PF44A.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Animations\is-9EJCU.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlers\is-FKJGQ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-HIQN5.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-EP6JM.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-85INB.tmp	Setup.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGXP\System\Data\is-0DSG4.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlers\is-MLF27.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Transitions\is-CVJR3.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Tilesets\is-SL2MQ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-C8PRQ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-SFHGF.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-TGOP6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Autotiles\is-9A7U5.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Tilesets\is-GF7L5.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\BGM\is-OV3B6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-5LE1C.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlebacks\is-OA42K.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-HRR2B.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-B5J0B.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-EOL4E.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\BGM\is-QOUJ4.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlebacks\is-2JC4Q.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlers\is-HNEJ8.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlebacks\is-GFF9E.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Battlers\is-7A9SS.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-HK4N6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Autotiles\is-LND2G.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Autotiles\is-B0FQ0.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-5UALK.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-O0Q3A.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-63CE6.tmp	Setup.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGXP\System\Data\is-28E1M.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-O1B4L.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-LT0J2.tmp	Setup.tmp
File created	C:\Program Files (x86)\Enterbrain\RPGXP\System\Data\is-N2J77.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-3VKU1.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-N8ERT.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Tilesets\is-MO0N1.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-9VKIE.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\BGM\is-ED9QI.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-U7LCR.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-58CAM.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Icons\is-HQ8HQ.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Audio\SE\is-OSN42.tmp	Setup.tmp
File created	C:\Program Files (x86)\Common Files\Enterbrain\RGSS\Standard\Graphics\Characters\is-94224.tmp	Setup.tmp

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.log	Setup.tmp
File created	C:\Windows\assembly\GACLock.dat	Setup.tmp
File created	C:\Windows\assembly\tmp\O7339CU7\CoGenDrm.dll	Setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RPGXP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regasm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RPGXP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133802955232367060"	chrome.exe

Modifies registry class 37 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rxdata	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGXP\\RPGXP.exe\" /n \"%1\""	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgssad\ = "RPGXP.Archive"	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	RPGXP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	RPGXP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	RPGXP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\ = "RPGXP Project"	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rxproj	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rxproj\ = "RPGXP.Project"	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\ = "RPGXP Data"	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\DefaultIcon	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rxdata\ = "RPGXP.Data"	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\shell	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\shell	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\ = "RGSS Encrypted Archive"	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\shell\open\command	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	RPGXP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGXP\\RPGXP.exe\" \"%1\""	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGXP\\RPGXP.exe\",3"	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	RPGXP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\shell\open	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\shell\open	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGXP\\RPGXP.exe\",2"	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\DefaultIcon	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Archive\shell	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\shell\open\command\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGXP\\RPGXP.exe\" /n \"%1\""	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	RPGXP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\shell\open\command	Setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{B6AAFFC2-427F-4993-9915-A78C95566C3A}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\DefaultIcon	Setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\DefaultIcon\ = "\"C:\\Program Files (x86)\\Enterbrain\\RPGXP\\RPGXP.exe\",1"	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Project\shell\open\command	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\RPGXP.Data\shell\open	Setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rgssad	Setup.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\RPGXP_Setup.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
3560	msedge.exe
3560	msedge.exe
3008	msedge.exe
3008	msedge.exe
4860	msedge.exe
4860	msedge.exe
2088	identity_helper.exe
2088	identity_helper.exe
5292	msedge.exe
5292	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5464	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
756	RPGXP.exe
5464	OpenWith.exe
1196	RPGXP.exe
2304	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 1464	4240	chrome.exe	78
PID 4240 wrote to memory of 1464	4240	chrome.exe	78
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 1196	4240	chrome.exe	79
PID 4240 wrote to memory of 2736	4240	chrome.exe	80
PID 4240 wrote to memory of 2736	4240	chrome.exe	80
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81
PID 4240 wrote to memory of 2220	4240	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa6b38cc40,0x7ffa6b38cc4c,0x7ffa6b38cc58
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3028,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3732,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4856,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4932,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3060,i,5955926947001959507,6826204375760367665,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:232

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa6ace3cb8,0x7ffa6ace3cc8,0x7ffa6ace3cd8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=3804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=8352 /prefetch:8
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9632 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10096 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9620 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9868 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=9620 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,6914925746672076725,6047861990352564522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E0
1⤵
PID:5296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5496

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap2458:84:7zEvent3652
1⤵
PID:5732

C:\Users\Admin\Downloads\RPGXP_Setup\Program\Setup.exe
"C:\Users\Admin\Downloads\RPGXP_Setup\Program\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2484
- C:\Users\Admin\AppData\Local\Temp\is-8DJBK.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-8DJBK.tmp\Setup.tmp" /SL5="$70336,1965725,140800,C:\Users\Admin\Downloads\RPGXP_Setup\Program\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1276
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\regasm.exe" "C:\Program Files (x86)\Enterbrain\RPGXP\CoGenDrm.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3128

C:\Users\Admin\Downloads\RPGXP_Setup\XPRTP\Setup.exe
"C:\Users\Admin\Downloads\RPGXP_Setup\XPRTP\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3120
- C:\Users\Admin\AppData\Local\Temp\is-D3NDH.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D3NDH.tmp\Setup.tmp" /SL5="$80360,22729139,53248,C:\Users\Admin\Downloads\RPGXP_Setup\XPRTP\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:748

C:\Users\Admin\AppData\Local\Temp\Temp1_RPGXP_Setup.zip\Program\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_RPGXP_Setup.zip\Program\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3128
- C:\Users\Admin\AppData\Local\Temp\is-5DFEV.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5DFEV.tmp\Setup.tmp" /SL5="$E0360,1965725,140800,C:\Users\Admin\AppData\Local\Temp\Temp1_RPGXP_Setup.zip\Program\Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4652

C:\Program Files (x86)\Enterbrain\RPGXP\RPGXP.exe
"C:\Program Files (x86)\Enterbrain\RPGXP\RPGXP.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:756

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:2040

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5576

C:\Program Files (x86)\Enterbrain\RPGXP\RPGXP.exe
"C:\Program Files (x86)\Enterbrain\RPGXP\RPGXP.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Enterbrain\RPGXP\CoGenDrm.dll

Filesize
248KB

MD5
eb321296cfe3e2b48fe4f1e7132ce370

SHA1
42f1359181252a3cb67bcd63c6f5d81c68df4974

SHA256
2d2bc0bcb0b321499edd7dcb7d8d9a398bd8982b3bd6a069737778019f26a26d

SHA512
e278454a5bb6c83e6f33522ca49e983fc1124787629ba051b278aab76279f7486af08b108cfa66727fbcf142ffbc780a698681f5c5b704cdc68121e451f9d178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
ff463997eee76ffb522ced584ba712e7

SHA1
e7659e3ebc06cfce7a15abc2a3f58530bd2fb095

SHA256
1343a94c4b3bdee628d90ac16a52e686dbabc29d3f4f1272ef1fda730e3db388

SHA512
1b2d857d01f85d967c883181c4d2ecc201b9a315e2bf70d3d37e47b132347e2d7a69915e1a686abbba4bfbc3b01102c8baacb3c6e13d293ac89986163a6123ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3983c207-9d3b-4056-8417-eac6abb33978.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b01efe56951629f50875a24983a9ef0f

SHA1
5b74887c38a889a7900cdc7aeab5659ae5fd0a02

SHA256
9480ff4439a34c477f19d97ae65b480008942be35776237aa598caeadcf30afe

SHA512
11c45cf7482b114565c6f875781ca82709106d4f080cfe4ebbff066230ba0bbad05340e9c13aec1833bf7808217ccb3bd1c35fdb385513bf1ac37e3dffd60975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d0091e5010944a23e8f9ff02b6201dfe

SHA1
6d06bcc19a08f342ad82d337efb7135a9ba14504

SHA256
6faa0be682460219a00579fc8148837b6db623aabe08c8993bf9fd1fc5a5290b

SHA512
fc9485399d7c197bbc5f2fc8c038cbe49c0fc551ae0de3881892cd9597eca9ecde4affd1a7301a968f3f01dad5f586db2935fc807c3f22e61327ba191fd29825

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29cb5e340ce157ba29b6b3c789f6c1f1

SHA1
353157d81ef9d8ad4d5d5e22fd95c02d97c22cfa

SHA256
05349ecfa77fde1002c1d655ea9350508333ba419bd3c04ef4b354e7ca8971bc

SHA512
b090e37e965fa8481cdd021fa19939a266c19d931a1015c45819b165447f35dc3700d5d9af3daebb89a623b54d008509f9e15b0e0d7e814fb0fb8d292694bdf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
772c24ea0f89a8f7c23f009c157d3768

SHA1
91fd83d3d529123997fb906ed42c6be22b623040

SHA256
6ac13e0a280bfdc50d4e80382836ddd46c64377e72aef347096fda8b4fba55c0

SHA512
e8357749770cbaaa34e6768c237a8476dd17136067243d420d8cdabd32e4a5067bef021e6440c5c5c894d163a5110a02406b25ede67ced16bb6cefb3234063eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9df83b95a763d450cbd144946ec74a08

SHA1
74ee61ce587a1fd4454fc398af58be1241d7bb89

SHA256
49a1c0cbc75c57323f79e343d2bd5488499ec2952a08639ee09a78325c10246d

SHA512
89d2fe4e434960e2f38e4e613789fbe7e8af4c99aba56148fa4cc22afae322bc055415e072f0e1d8e3127d265520914f46bcba977bcb2746ce08d62c3b15d688

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc909cdc23f3576a987e4e6ba7dbc331

SHA1
a4c9029a9a9d51e797e1917cc74cbc0a149ac589

SHA256
38ef89909f87af05691efde4614115f7ef438e02ac63a46170d15e4aa8ba9cbc

SHA512
6a89e959c653f276b9c5699b0ff9c6938ac8b854ac10e06113852be96b05ecd92b33893b468ce76b8bda422524393f31ef48d88f4a197ad3f1a91fc369afe593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a2848458-ff54-4e02-a838-02789017d84b.tmp

Filesize
649B

MD5
9215f905c70f481339ad3d03e36b0f82

SHA1
abc12053243cd4e76f2dde9eaaf4e8bcd9977356

SHA256
e70fbe6b4defdf2db2d42373b357ef849430ba0cc74420d27742bb04ce4b6598

SHA512
2c13ae2bb8af58a694e6ccfe626ffb8cc42f426db649651f1b7cb624c9fd209e6dcce60c79a7cb09cb11bed17115ab88a26a4311932af5b32ea305b025b00f46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
6e82a39d94ece24774582350c0b5afa2

SHA1
a16a7ac1f99090b5f691526fded021318a9057b9

SHA256
114f7e3e07e0873de9ae2455c1e19500ec6ef1806fffa92451a9d2e740caf68d

SHA512
cf578710b82ef9b4bc5235648a462c76b4e53ac2ca1809e546b70c6a35dcaa5a3984a8ec975ea53ad5abb6c1699d2bbc56fe1398e287a2d1bd45fbbc08779ac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
0735983de998c8cfe10dc270167e204a

SHA1
0d311b845c497ee2fe3e05bb0059278f57818a66

SHA256
e121a40770ae39d509405a95df6fcd1dc4786e3adba3eced16b6a89c1525b862

SHA512
4ff3a30c4f522a9a6c9e04f3d33664d5525796f8bb0fe9910e5f2acffe48346b2b3412af5172db8a785efd217c8d35095d7f128fc27c9b57e2810011f7ea67a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
dd746c40cd473dad64ad3d14a27012e6

SHA1
271c3269d4ae71be1f3bd58d5a69d0eae79727fe

SHA256
7f5d36809282e0eb136fbacb6837e072b098a65282d92c85fdf4b7cd9c5c5c70

SHA512
8b1d44f93e1056bba7a94b5c22f3d9383cac6aab94ea50045f09b8a4c2de2229447faa51466543a1743034d54fd238aff4c879dfb4ad1040ce29defe0d30c2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
68db3eb37bd3d73234f57b7d1a8aff22

SHA1
21aa07f7e0b7f35b733228e68457647f47254b29

SHA256
5fddef8290b645392c2379b7c04bc476860719ca903e02e8cd23aeec3b16bbf5

SHA512
d8a0e7f15afb8221307f31516a30f8ad2a5c6ff0627805e6b7f7c04c6bcee5acc6ab4e043e3f733f6a7e1a827aee6f7c25fb55898ddb69161094e1803b256a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
16KB

MD5
144fc04495ecb8dc94d13a866ab0f3d3

SHA1
c4e4e25b100b08c5777263a99709ec4b74652ed3

SHA256
9ec1bb323a1726e8c749002492e873a76c31ffdb7be05a3043d9a978a2ec8503

SHA512
add788c2c78d5ab09bfe897a52ce20345d72b5def5881f63af77933858da3ac1b21b673b957b657ed4441450e9f710a0dc5a90f2d5438ed668e8cfbfce83bd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
ab7532c8d5e38228215da168e80637af

SHA1
00d5eda03bb3dfe84356d39e2d445d54896c3797

SHA256
20ac4ead3e1e487b273d9a733b36efad29462dbe10644f65ee5a69d8aa971240

SHA512
38d0eb27d49db442b3acc674853becc280979a9d2d34a972cebd61b803e5b8455b4f949ab904079d640911db81706ed23b75f3f36cd3ea5aeb98fd243aecd6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
17KB

MD5
663d0d0966d3e0fe61cb9cd631c35c4c

SHA1
d371a2344f891ad2dc585f66eee08f4330634184

SHA256
97577b7db223876f9a048ad8833c7b55726ed464d8e9d34c303c171a6f32d7e2

SHA512
75be36c722dca266a10e3d8003d7b68906e25f369d9009c6778ecf2f3a4074b6c6307e37eafbd5e9cd755c2a850579df765a1d1d7be1caabd17bf0b426a65d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
32KB

MD5
09eff393b371c47802d291ce7f7ee75a

SHA1
6b7c23d697f51e7ffcc5fc46ff075b7181091ce7

SHA256
300e70c65cbf1f864368b8a71b5cd347e10be6758c836bce3682c44ebbad8f91

SHA512
8daab48dd978954b033e901e47f4019b0189188da7604b4aa773d91ee8456e32b2cd403e1139ecbd0a5f902e45226d466692af8567b67977c253f92d985992b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
94KB

MD5
fe87159e1bf34bde26ee882153947017

SHA1
cea6b6b5779486e9aaf52245dda9f06aaca9aa0a

SHA256
92ccf3ab7281db1b1e2649b94e6ea8babc5208151f6437f86b40a9902abf4270

SHA512
29ac8cc2ca8c7e69de69f139239ff641f27dfaa4a0ba856d396e394e2951bdd8e2d9c4560e4c602f5f1f2392fd15beecda33ff606e1dc49d4e24818e2cec2103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
142KB

MD5
ae5028584b9890b405511f6e4c0735ee

SHA1
5f2adc275eec1d1cec5b68d148724c1a9cd162d9

SHA256
af4cf20244c67e07d40c530a620c7c34c45e3bb0f231b5182e9bee34760bf4d5

SHA512
9307c637c30e2b15097ba3dbbf512b04f571809a3d8289f189c8588d87ac5329c495e2df1494b5c621e0b336c4118f71917a094eabd60343aefaded9596bd077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
e36880853b00b66c0ef891574c77b2f4

SHA1
b0801cfa7cc1dd315a99d15ab479769fbcfe909d

SHA256
1079a896b22eb5c4119dbca270c9cb280f73ee0ee303e5b87a6623f2e117d1b4

SHA512
023aaf1837015672d3cceb1efd774eeda9dbd797b68910e9f2c2e24949643fa767f8380c8a089a81aa2abdd977f1ea9294ec20d7d59422c084a1a53ee2932c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
27KB

MD5
bc7321f62fec1792b4b4b06eb70b55ed

SHA1
1ec07a8dea6ba3e7cfbcfa03fd41e4fbcab88d80

SHA256
4568f3217ad7eca8b87555678b82e4fe003aa5df2c4dd7cd27f469961b3bf303

SHA512
6fb01025e6d815f26047d4f2c0eee18a992ed550b73b4d23733b2d00c70827e1407828986c2fe13f2f08a991dc45e555177199c7f226ac5aed5323bf5436fdd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
139KB

MD5
bb571bf406397e1859d4b33a68ce3c04

SHA1
51ef5990e472585cef9e690f0ad463dd7899bb0f

SHA256
9a26e4068556fc5b2cc30ceb75ab2a50e874489f1b8cdc4feb680e8769ceb320

SHA512
de890fe7e19415408455df3eec39c93b256a2e1e85674434f0eb91f1c9c128f029378e1a53b68b55167d27259ba5dc8cc4cdf6b4e9b322ff2c169b7a2015c36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
153KB

MD5
1b2731006f2b2597b02859e501bc2d4c

SHA1
118d27a703cef3fb083593a56bbc93e62420f30a

SHA256
59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd

SHA512
f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
014a1b0224fa841a945de432dbd13f49

SHA1
d00dd429de3ae8107d2112fdcdf82570fbcaed2d

SHA256
27cdba1a1d6be78c07d329f54a589d05627f6d1645040adf7fa529d76845e43f

SHA512
fe1a949cf7158b1a8e563c10f46f3c3440671d239abc423b37f24804ffbdc694e1b62581199e9dd8bfd180fd2f7bebd0e8e5ab1b4bff2f999fc5716a21918072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
89KB

MD5
49fe15cbdb28cfddb2eb9728b55a0234

SHA1
872fa13c65f8a94f542378c4a74576d9d713ecbf

SHA256
7e1d76d744a0a8df696e86c6c3bc0751627fabbd35531f412a8502141dc1d371

SHA512
6e7894db819a598d8fc47b4e87df551a1e5764e10980d868ace600840901b06c7da47c16157810acd6b407e875706bd64271c428f44d1dac1a36db1bd5842f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
84KB

MD5
c477de9f0d9de5ee2328f501d5b07a9c

SHA1
b96cfd2eb95b28e0988257d20bab5e6b7382842a

SHA256
8b84acf1710b6e96227e18960adef2d034936f08fa1a2daa36ca25356d49c03b

SHA512
55bedb7e7d06f8fae7f2238658b41c04e34dba3fffcff8e6242dbe5f41156454489c3e9f48059b919181d4585546c6c4ae1d95903182fac6c432e99ed6917069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
89KB

MD5
830a3c0d6ed6d821aa924e75aa8a5e32

SHA1
1d0c367a6cf7f5719fae91d29cdff400eeecaa49

SHA256
0edf6554aab5f4efb4e7cf02628a1f73b0905f17f09da09ac08c817d08c95fb3

SHA512
81ab0294e5123bef87aac5233d957f067c0b1d08745e08b2c2b11337ea37459bdc84aa0759fb25393823aae70fe23dc6c846d6eab052a1a23ac3898d6f16019c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
28KB

MD5
a762fb5a64dec4556d980f51ff3060c9

SHA1
6ac0b291cbbd8819e9a922c9c5228f76ad029983

SHA256
cfbdf62609fb4493b45b6b7a9a13c5357ab5e7447c606d9fd707dbca46359a54

SHA512
23169bb323a788ccdb915dac2a8d8c58b018c40941f2c7b10a3814a68b42ad3694d07d23e2eef31d77a7c16da355c98d796b94f82b8f352aa4825ec0c3e08b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
45KB

MD5
5f339ff8127ea962b8aa3a95709b6ad1

SHA1
340631518650a5f3beef366ee93ea20ceb5da39e

SHA256
b3ff14cf44c5c690b256a05bd28f7f5b193f1b03ae6a6d512dc267ebaa505260

SHA512
65e21ff5cb91fc5221bab0f952d6be06726ed9fc98d5d560b2d1e1bf2d25c3de44b1509a1962e925ab543dbb2d42eeaa7e572f9501d8e35d980e769f30b4d3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
124KB

MD5
b0a239971ddf9719025b7a239f274753

SHA1
460dd95d0f93411fe975d9d8922ced0d23db3fcb

SHA256
0092ec8c37e13040476723b1496c16879e34b1401c5a9f98d3cf79da96b40f7d

SHA512
2243413de3bf927a463763f6691def4643f130c4933cd2b26175cef3ef0ace6e80a3e41b9cca87858c2438a9e414aef261aefc154b4278a5aaa0615f2f3f4e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
217KB

MD5
d04206a14ba1f8b53c1df32815003894

SHA1
8cd2b8d57dc9a4ab7b828fc9fd2774c34be08805

SHA256
00b367d9e3c2826aa3535b5ae47b829ac73c9272c0ccd584bf5399a954e8a10a

SHA512
855d2b8f221b345dc9e4944c772a9d2935b940c2394776ce0fe2b59cc123d31c8647a0230c034489a60b9ed1507e71a3258cc957dd85f2942c8e8814461c35d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
a4f3afc86190a2d47f56664367af370e

SHA1
57613bcb2a288ef2508e847e7ba35d52f2e87de5

SHA256
52fd14eb766bc6676dd81e3bb50a4dad1891bb9a47e38c3ec620aa6c2b487c42

SHA512
bae75c59141ee60ef1fc2c745117fafea3d386b64f2f67c1022909f295228578bfc5e5e49de5a2f2efd57e75affc0a7d09fbee8fa50aadd82aff446773fc690e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
92KB

MD5
e1a2ffee1ce023b927348f24276e7b3d

SHA1
3cfe0a6cbcdce9616525fac7e5b551fe3d89e68f

SHA256
964ba1dd055baf031a17997cc132fab72aa49f07a91dc074b8cc01f60817c6cd

SHA512
c55ad79b7c35eefafd2f2727eb2b1c3879994807f14a434e1bf2cb1de67ac9fac50298d157eec5f3a5df54ba3cd833e2461e7aeec2881e715e093f3f019fc67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
33KB

MD5
b835ca1340baf3581ff06b6b06c64f6b

SHA1
e1b4d87553c04ff0b0765b0306d6824072431448

SHA256
d77b80dc1edf991da19208f0d83c5daed9802c1b29fd7ed89fb89ce10ca6b301

SHA512
6a0745ebeee19c80f8fdd989cbe4010c19f9202915a755e8b1cbb44c8b4bd4673d63a1b79f9eab59d34d39799f0f950e052e56a7b1b873946b8a6ea65c767bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
75KB

MD5
d9637784ae02c53659ebb918332c8dcf

SHA1
48d9cc0d29647d324c07079e0c60bf29528a998a

SHA256
b7b192a161829766b9e7821e51a97e58a39e6f83960816b18fa2d22cf3f44dac

SHA512
c527c25f33754576505310a465b978f0be93df50caa4646dd055178934d49f5c8ebecdcb20bbf9a8bd4021c2622e3c1333815577b7e6a08a1e0b6dc8aa166f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
50KB

MD5
f9bef1ceff547c295f6967a53a0b6a71

SHA1
4e7d27e213c8872af324f4664256534b87a20a58

SHA256
4bb9a5fb732ee1f6fce4b08e34abcf3660546a2e29978cdae07e4f93233bde74

SHA512
d615e8f9d58cbe309324e07285cd1995f26182efaf3d98d9b86d41ec42c4399e17296af53361a497c875d437c7715f90f6afd35dc3e1a34a367d8323d7e0bdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

Filesize
98KB

MD5
e9502f324692b7b90bfec468fdd61389

SHA1
8f08e7b6d1d9f3de9d33305b8a943896279a6a7e

SHA256
3239e67b7e4aeeb04b4ff2e5f431abb0521da5e4432227aef7fb7aaddbb86724

SHA512
4f835d08d237cf1c53e711cf4bc5050a2e0a9f35749dd80b3538842468059d36d6e5ec9df7d2707d64971cdc1fe3d6b9211ab9538934c4288b18f0ef6ebcf3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
79KB

MD5
f22fc5850a05b8c3f3ea1d2e07ee52d4

SHA1
1ab1d80e508cdf5214763eaefdad3adf073ab807

SHA256
d032e15310379a5158a61aff62c4fc612b9ff1f58138b53c9a9f7ae458ca4ce5

SHA512
2716ec34bc9c42908b69db863f7e81321d7edcb839adb4f46635bef75166c6bdf639df8c241b34508e822020b520e6ee100fc7c4acf6e031d200b06b97a5cb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
33KB

MD5
0ccf3bd954d63e00acc99c110604fb13

SHA1
8571e02e15ec8591b679d1aa2cdb54b4606240ad

SHA256
c96f62c737b5003e968d911a0296543aded61199e7861593b31516340c6f9408

SHA512
3e568b8e5c6e2a3195e3303a01fd2f826fa792bf351e1f0a4d441d9b4cb38d6b29c35793073b4c0a3bebcc338e255f75a3ffe6723e403c5111451fc3ee93481d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
119KB

MD5
1f66c646222de7949f1d218705e3de09

SHA1
354e28a67639b935e40bb4915d031b712440044a

SHA256
45169b3d6e0b16cadfa3793c7c2703b533758672a152a38bfeb7f48478636835

SHA512
9f444cf47f1cc3359cd207a9a4aa73951f20a09ddfc59db6d9fc782c5b3488e6b0426154efbc99fc21972021384771857500b2234b1b9137033364ff493f7e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
16KB

MD5
aae71d05f84cb03aae5d974d145970dc

SHA1
1e955db70bd2dadb27aa01ca943a0e4afde3a6d7

SHA256
d896ee61f8b96981ece0de6c58d14003df5d0b76377121d485fb44ad65e799b5

SHA512
601ad73687c99b7007675545f10eda786321049caa802769e325558682667d2958430b45b8a51d2884d7ff08c01fb99b8284b667e60553001835e598257b175c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

Filesize
77KB

MD5
86c947665224293531fcee9861e683e8

SHA1
5efa4559bc37273d732fe4a3febedc7b2a5d3a0e

SHA256
996232708fe36385acdc69f21b7ae88162aeb0ef5de8e642f0038b45a09da8e7

SHA512
9332035584a7c6a5cdab9165ee11f6bcf586c599eae5341bd717e3ecef95bc8c32376c6c286c5a09f4de5b8683aae616888e2c89815a68f834191ece0885d503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

Filesize
21KB

MD5
87312c82783a748aac50cb7cd9a7fcbc

SHA1
7dcb313753303aacc3c86ad800635be2614a4aaa

SHA256
957c2091dcc011c0342b8c233458260ebd08a43cea009d6dca8f87eb053fc49d

SHA512
833d19c7477141ad02276026295ddf51b9ad4432b26c9fb02233478dd233890f51fa9de3689ee91c0125e5148e73ef568b82466ceead66af42f75f1c29e4bfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\213e86c1da315ddc_0

Filesize
31KB

MD5
b666f23819853339c52f5adc8791f76c

SHA1
7f32fc524138a9ac5b0aceceddac16091cc4d36e

SHA256
878777dc32251b0462467543edf272d4b6b6673825f01e28fe44c17776d21dce

SHA512
4cb344ff02f622cd88a035ee4c2e9c58a85efdff198f8b31f684e98aefe194f7002133149543a280d0cc4b4e425431a9e36451f87a97ffb4c585f2ead3f6a263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
bc1fd980f061a950e59b57abdba5c52d

SHA1
0f0ec15d207976d2448787f63cf632d590dd9024

SHA256
fd26aebab1a3f354bc7dae0be6417975f9417f48b5d8115e25fa1eb7259eb060

SHA512
ca050b440e24a3bfa26c9fd38fbc999e2494bb338910966fae36e45114b71a8d2307482d18fbeef8717699a3a411c75e6cdbefde79224dc35e61dc934355ddde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\93c4d15b738d3af6_0

Filesize
366KB

MD5
f0c3f1aa575450ebdcbad2d479a24354

SHA1
e8caaf7534000c3f4a69a335b1ca62bea3687083

SHA256
13ddd785036223a68ca045949c9161ab519aa2ccf2465cae7479caa97434efb2

SHA512
06be8ac29630a80c175d16c0855300f6eeca889bf4e0fef1146b3b92e5e28ab3e9e117809d7e409bdd88320a3ab54429ddebb0cfa0d96d4f5c656fb4fa6c4883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
48c4b72f484334a87cef720458b90485

SHA1
862870989633e25b5227d4d7ff4fe0ecfa9d18d8

SHA256
ca8419f611b97ccd26cb657e4cf4b572ee6c496c0e9cfc05f99b240a3270b706

SHA512
5f4da5b3360f902e8d6792931a58116d15e78482a6cb9d6ef5f9351b47a560c22643527852471be3ee26a67d9b905a676c7ed9a160cd933280d808601a6d8dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
7b636a444fd7cc7c995b986f3954da5c

SHA1
7639319c2499b6cccd0b1e7e21160357f119ad44

SHA256
aae34ae8af514449a4ac6a2b1289a508fdd931d088046c4c32bee0c9dbe68a09

SHA512
e93bbe25da3b6e26797a8a57049342b4e41d641a4aaf9fc25c3ca9c59ade40f2ad75999666563d7251a4aa65e81f17a8df8dc3a0a841ce6cee51491c4e9ee599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
e3c687607318376d546fb1cf2d51657a

SHA1
f6b87d132cff6c3d0ff925319382636a70436f17

SHA256
0c246f114712e3b99397d8dca713bd3e42cb181bcb67d1060c744c699f86d78c

SHA512
c743dc301ad7eda07d0e9a372de5368f214de6fa7e548816ac9aba464acc179398da000b25d187309f11b982d979e9a04ff0353106599e6d7200b995ce5c401e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
c604a0dc40846159b2074d23ea7ad169

SHA1
bf718604bab2e1dffb18880a162317b37ed9568a

SHA256
d2f5af5c396a3924a536ee104c070387388fe2cf39759f7ff769d004b49b6f0d

SHA512
f989581a02ea2da7122b58369707cddead6260b47ad2ddc7b9391892ab581259b9ad54b110e2a531f6589b1ac6159d994e0030cc766ba2ddde8d7c21f1e87309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
bbdad9c3aa47935e5c6cb3eec9f8938f

SHA1
0b380e593bdf838555af4b4317455e39f47ba43b

SHA256
bb515b6490bb60c2c451991d6cb06d1d9ed3bff3018f13e5057c36bc8900b1b9

SHA512
a3d879066e247e51aefff0866694125c9b44deeb67f236e6bfbeb68f2239b77c2368bdb027d606be1b9a60d5b621c1217b6c7db402c64e03e51112bc92970fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0de5388be4fcfbb2e7318762cdda660

SHA1
a9b9109034408f02db1f6d1d32774d07ad65dbc2

SHA256
bb9bf4a2e0a07cabd784fa009f5d0f0852f8c17f46fcdaab2392264719d82ce3

SHA512
4fc430aba01c0e2d5cbf47125fd44d1db52cada8b74c7d27f1a1342d632257f6348b07ae4a68e6d9d884a91cd4eb48885ed48b892343e8ecd39a306c9f8160b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d514a9604f87bdb750c318d107ede4f

SHA1
9bacf56f764d6fac520add921a725ee7e345e6c1

SHA256
6c92218ae8729f373fcde596eab509d30ff126eaa78485106c0c8634112c5a50

SHA512
0db25f6e951fb825a7bd7333cf7c0efbc1f87c27301e1c62f09149e18cfe58e1d292a82415dd4e0aee0f25162bbe3b00a3b7f4a5716c14838ee5a14af9467915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
a441fcb8c2f3da843f31cc638267c5d3

SHA1
c85ceec183ce62d5f11714b6a73dde7f237a36b4

SHA256
132d9c03993617e0a894ed922826dd7c2612b09623aab38de05281947baa99d6

SHA512
12cd27d1f4ea24f3c27f8fa52abdab2314904a37990fd4e498e3295317220d97ffa8071b62afbcd93e6ef990da1ab164e4f70d410931afc02dc9e026641a8c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7249420c77a0dd4a44e378d6e50418e2

SHA1
f7c42d4f96e5b0f9f8e3b4f7b553a7f498c4fcfa

SHA256
242b0466805b3e2e8d3a44d4173762b25442ca52cf3668e6f5880b80051592d6

SHA512
9626b042ec07a02f8d994402bdf538d9c01a4a45dc61203fbc50732b4b2380b6eab72b22a05b32fc625dec726e4bd1d620e6248e1cdb7623c12004588acaf4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
0403188cc2bfa0c9c3fa1348c268bcfd

SHA1
1955d5ac2b5edf6b6ab0ec1a83d4d67d1932beb7

SHA256
dae7a1481ee61f14c55268c8876c63b15419594f6b1c38e173cc059e8d557a6b

SHA512
fbb614d851e492750ad3b3161e754deb0a6083c12d8431d3afb94cf45d3f96aff76e689a84cbc4530a9c0217689677de066be2e7bd4f9ee5f2a9f337e2895a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
cd2c1ac08baceac868a80af32f376974

SHA1
9aa89e5ffee5f0cdf3dfd342c5175e4419689d7d

SHA256
bd233b2b47678a21ffa8d7ac4fa5422b65662e68b404c9ee2849cc21c2162f6e

SHA512
59dba4c6fba43ff64a4a2e241f05cb2fab07411334cdfd03edd9d1f71f5c6d50fc2ef608b683e3361f8aa8004a97263c0e038eb3ebf48b39c08fec100b99752a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
12932a604a395ae27a25a32297fb3fc7

SHA1
71d4d927bcbbd7700563368b62279aab309171ab

SHA256
fc1b41ec934ed6784555a5ff8b6795ccd0d6b1d316a741de4011dc60728ec5d9

SHA512
e2ad975f902cb42e46d33c202e1913290c24cd98477b618c60f677546b33863a20a112d3ed648fab3b027875168a5f0c9e2180c7278bcd3a30f96c138eeca5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d15fdf6098fb438148d5c248f4d19e51

SHA1
24b74068eb9ab8a5b63da017e1a5109a8ee6e196

SHA256
1709ba777524d6b415f4b70718468ff518aacc0722925cd5fa1644921f9140fa

SHA512
f00b7b09f93d182f51a0500ba866c99b182b38ed26f56c07c00318361f077bda355f5b613769fbbfe293b914c634de221000d975e5dc6810bd3566fe18ef5d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
38a50aa8795466bc2956de335b38f9af

SHA1
022ebb16311d63d122d7c073d23c1ade0361ecd4

SHA256
2a12d177b27b5d7c3f0dcf29a134c9c5f70281446acc05fd52e75fde92939d03

SHA512
feac9c8bb7a37176fccaab2d7d09fe88f7589faa851d65b18050a8c8aacf3169a459bf97375d9b6f3755bd33b1109d5e44c3d8b480961fe2b497f368c3c64c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a010d9f99210afe4cb44535e7eed1827

SHA1
dd66fde0e8fe5502fa22c933f51ae6bffcffb3f7

SHA256
ca7f2942b608909c6781834f39ce923f58c1e1dd9e3d2cee12ea03ca4d2e1760

SHA512
681fc8c48bbb2f9b9afb4470a6503d2acc8e909d4f5bffb1bc0a11d4e82930b6968035dce83101b68bbf36be5ddb7dbe999b6af92383c3568914a7c8ccd53932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5944df.TMP

Filesize
48B

MD5
370ef133a0e065ee6bd5cc4f32be5529

SHA1
1a08ae54e21ffd8cd4536e32fd4bdc3a01dad226

SHA256
62c178f055c12cf5abc40fc839698d790397313bcb984bf8344a3662bde9d782

SHA512
670777f9dd6ebd138b6c5cc986bb7206899170bc44fea67f298a25c07b0e58bac796c93c101846e428584a15a7c28019a2afc5cf0a138bfec95c4dcd64b16dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5267f2e06ffdfaba3ed5bb318a35e47d

SHA1
0298684f88509ef6cc5e303fe3d2bf7585a0e03b

SHA256
6f4d994073123edb6534c57c857677017cb279a236fe0055bb819247bf90ad60

SHA512
b07ad34578bae59d9080f158992f00f1b9e744166f62b7e0df8bced50675069505d14d9c5f0923ac772f5d9c34098b6c722eef13ff4bfb0c26e84d4791109873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
790f6db1964b20ec167d7d1cbe084297

SHA1
cdf07ef55fd74c248a43ea010431151ea6115bcc

SHA256
9004f4bec8fb9da00dc610c2d502caa436dd5ef9de702d4c5151f1b54c27622d

SHA512
f20d1675bc2600b9883971043745df345134bf0a1cdc25fc2ddefbd892800a1f4a71759f4c5696d5165af71c0ce07d648551320e84ec9aaeca5bb1e2a6176bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f5dcabedd16227081d950a3bff75b6f5

SHA1
1048609070e05fbd3514aa4be77f414bef6a7092

SHA256
26b96ffaea8bce4342ea1c55ea4e50833b7888b1b598149d35b4ee71c3532a63

SHA512
4b867368fc30ef3cbd4c022afe3831308442359eebb83b17a51d12a52f0d5badbfd578fc841ed01404e02d34bda767d982697b122db7a37e8b9d8bc057fb9463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f9bd08fde0fc811b9b65b49911ac38e0

SHA1
d7e53d3fa9e7a58b720256e0ede64d7942af6a52

SHA256
bfb9c9fd4abfb585f2c3f44a2746ea10c138c8ed82b5338e0ea488b0fd6f02ea

SHA512
8849412b36e77bf7e4f1e46de0167d8dd03cf2f7d3b0a142883677d6f3a740e6c7b3c228278d6fc285fa99a355d2863894004ac1c37d262c13b40b324e9bc60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e79fbad8e87abf269f8fc11ecc0a4d9c

SHA1
bd061f5313279988ad4770b3742ef42dc088ccd5

SHA256
0c850e46afa5fc7e60e341472c2db7ec5783fd5d6f3c381923103bbee52d4ae1

SHA512
d0e9bab9a93b2a4e2cd41c45043aef15e547ac10ca23093937d5d49f0986028f447eecfe066cffb4dd91e50ecbb756d26960133fa04fd87ae2eeeeb81e2ee6ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e318.TMP

Filesize
2KB

MD5
50cdfe4fc7cedf8750d3411e52ba11c5

SHA1
2d8d20e08885904225717bc72038424887de6836

SHA256
3adb04c3d99c39aa28f2e0a648a30644e83f8531038618283ce3ae57f23f530c

SHA512
bca2e23b5e5cad95c2a489d1b07a24a250b3921e699a6647407d9ecbf9399b986d158b2abe0802ba166d9175ed8107fa7b67991a60538467bbc15214387b16b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eed58666ba00510d84bbef8e168241c1

SHA1
c8c90b129ffbb9421ba5667bc31c636988044447

SHA256
2cd4c4d994622f5d4235d810198d0934bc5d8cab1c977bcc0bf17694df88144e

SHA512
0485a432b782d5108c368da7984c8a83d1ed0bab5d2f149fd54b5983672564c8499840a4a56e28f558794c0d53cbe668124dcf56b2d42c0f30b365c9184712e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e9bc25126fc0eb883cd37a370a85e2c

SHA1
a8b639df048365d99d94f76a529784e0c535a1ea

SHA256
140a7c87557677ac055cbbaf1480f75f8d474b3ec50c86a76d89fa44e014c0c3

SHA512
d36a736c0358480e6c2b60eba788191e8c9ea2dbb8dc180352992b7c5cfe4d2df32cbef50412de0df014226aca0bf3e30a5a481e2c7f3d19f9d35747523fcf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e7f5d306406bf2bf15d1e877ff479a0d

SHA1
3ab75fed152c90ff95ef2df05ed9aebd56b0daa3

SHA256
5366bfd54c59f3503de765e27a5c2146782aead281b1ad16300275bd3227d1b3

SHA512
d4b982e04a932978b46d255e60d8ace1e1ae4770c22e7a95f9698889fb9bbd9e83a3e2249bee229df1aab934157ab534b4b46f15326673cb5d2ff89dcf03268f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ODMOC.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3c1afdf9fd6db7b41c58a2650e6d4cdb

SHA1
f70345f97b16d76727dd8ceddeb3501d3b17ccb9

SHA256
d3d28f6bb40c0c42bf9e7197104f003c81b6df907dfe698f844d094a181e3e28

SHA512
9912389567c989280aad4858d017acdf619015ccafffc0f9a1192359af197fb422e276e1cfa04823dd7af3ac9395131afe525a0524d22547ce9bd418637bfe91

Download Submit
C:\Users\Admin\Downloads\Sin confirmar 38844.crdownload

Filesize
24.1MB

MD5
f443c89a983dd171c73f2794cc3279b7

SHA1
31119ac944b2c9679c6585c2043549eec52814cf

SHA256
e301e8853cbf24d9861596a2e9a864c7a402eed24adc6b5ececccae6a6f5e402

SHA512
58005e0e1007b43b291f402dc1cb861cac0b863e74719666e39fd8428aba17563b71d85a1a72d069705c2b7decd70da1452ec89bbfe077d75ae1398e279cf9d9

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/748-4155-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/756-4181-0x0000000010000000-0x00000000101F8000-memory.dmp

Filesize
2.0MB

Download
memory/756-4196-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download
memory/756-4198-0x0000000010000000-0x00000000101F8000-memory.dmp

Filesize
2.0MB

Download
memory/756-4180-0x0000000000400000-0x0000000000731000-memory.dmp

Filesize
3.2MB

Download
memory/1196-4199-0x0000000010000000-0x00000000101F8000-memory.dmp

Filesize
2.0MB

Download
memory/1276-2338-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/1276-2341-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/1276-2335-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/1276-2324-0x0000000006010000-0x0000000006054000-memory.dmp

Filesize
272KB

Download
memory/2484-2342-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2484-2334-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2484-2253-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3120-2355-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3120-4156-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3128-4179-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3128-4174-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/3128-4166-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/4652-4178-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/4652-4175-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download