60689c3129e1b8236fe547f9141b7171953b2e9b0f5857ca0c8e155db664306a

Analysis

max time kernel
876s
max time network
924s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O.v0.1.2-0xdeadc0de/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
232	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
71	discord.com
72	discord.com
79	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_4309209\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1646759925\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\travel-facilitated-booking-bing.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1825281885\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_65770792\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\classification.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_840821902\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1818622120\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1580837329\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_65770792\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_626162974\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\automation.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\extraction.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1825281885\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_281010060\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_281010060\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1920186490\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1825281885\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1580837329\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1881518443\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1189366304\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_840821902\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_840821902\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_281010060\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_4309209\ct_config.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_626162974\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1189366304\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_4309209\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1818622120\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1881518443\office_endpoints_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1825281885\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_840821902\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_83664621\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1189366304\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1189366304\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\travel-facilitated-booking-kayak.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_83664621\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1646759925\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1189366304\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1580837329\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_4309209\crs.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_4309209\kp_pinslist.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1818622120\well_known_domains.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1825281885\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_384691245\arbitration_metadata.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_384691245\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_840821902\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1646759925\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1920186490\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_83664621\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping232_1920186490\crl-set	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133866277759194834"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-805952410-2104024357-1716932545-1000\{C69D8DEC-E493-46B9-9670-D21E9EF6ED4F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
232	msedge.exe
232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2480	2760	rundll32.exe	85
PID 2760 wrote to memory of 2480	2760	rundll32.exe	85
PID 2480 wrote to memory of 232	2480	msedge.exe	87
PID 2480 wrote to memory of 232	2480	msedge.exe	87
PID 232 wrote to memory of 4624	232	msedge.exe	88
PID 232 wrote to memory of 4624	232	msedge.exe	88
PID 232 wrote to memory of 636	232	msedge.exe	89
PID 232 wrote to memory of 636	232	msedge.exe	89
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 1796	232	msedge.exe	90
PID 232 wrote to memory of 2240	232	msedge.exe	91
PID 232 wrote to memory of 2240	232	msedge.exe	91
PID 232 wrote to memory of 2240	232	msedge.exe	91
PID 232 wrote to memory of 2240	232	msedge.exe	91
PID 232 wrote to memory of 2240	232	msedge.exe	91

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O.v0.1.2-0xdeadc0de\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x254,0x7ff9756af208,0x7ff9756af214,0x7ff9756af220
      4⤵
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1924,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
      4⤵
      PID:636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
      4⤵
      PID:1796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1916,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=2980 /prefetch:8
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3528,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      PID:4400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:1
      4⤵
      PID:2612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4172,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1
      4⤵
      PID:4952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4256,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:2
      4⤵
      PID:4660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:8
      4⤵
      PID:5084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:8
      4⤵
      PID:2252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5384,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:1
      4⤵
      PID:1224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5116,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6424,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
      4⤵
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6448 /prefetch:8
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6676,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:1
      4⤵
      PID:2692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6940,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6920 /prefetch:8
      4⤵
      PID:4956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
      4⤵
      PID:2960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8
      4⤵
      PID:1824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5604,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6396 /prefetch:1
      4⤵
      PID:1712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5768,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6320 /prefetch:8
      4⤵
      PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3708,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:8
      4⤵
      PID:2280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7232,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7244 /prefetch:8
      4⤵
      PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5800,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:8
      4⤵
      PID:2760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7220,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:8
      4⤵
      PID:4152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
      4⤵
      PID:1080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7360,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:8
      4⤵
      PID:2980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:8
      4⤵
      PID:3328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6348,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1
      4⤵
      PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7128,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
      4⤵
      PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5600,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8
      4⤵
      PID:552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7152,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4992 /prefetch:8
      4⤵
      PID:4556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6104,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6924 /prefetch:8
      4⤵
      PID:5728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=760,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4244,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8
      4⤵
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6684,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:8
      4⤵
      PID:5948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6696,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:1
      4⤵
      PID:5204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2964,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7364 /prefetch:8
      4⤵
      PID:5472
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7440,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:8
      4⤵
      PID:3460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3428,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:8
      4⤵
      PID:6132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7396,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
      4⤵
      PID:4864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3124,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:8
      4⤵
      PID:5592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7576 /prefetch:8
      4⤵
      PID:3820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:8
      4⤵
      PID:3040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6800,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6784 /prefetch:8
      4⤵
      PID:5664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3328,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
      4⤵
      PID:5136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7524,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8
      4⤵
      PID:6088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7572,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=1016 /prefetch:8
      4⤵
      PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6376,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=7196 /prefetch:8
      4⤵
      PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4404,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
      4⤵
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
      4⤵
      PID:4720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6788,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=6852 /prefetch:8
      4⤵
      PID:2712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6848,i,9467307156773730310,3086119803557329008,262144 --variations-seed-version --mojo-platform-channel-handle=5000 /prefetch:8
      4⤵
      PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x470
1⤵
PID:692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping232_1189366304\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1526354513\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1580837329\manifest.json

Filesize
118B

MD5
ffa5fcfeb00002903f6cf667e9fe6a3c

SHA1
ad765ea344c8cfd95a591da8259fe412e52d13b0

SHA256
dd0679c622258bad2e2ddaec3470297259dc68b55b8c4f4d7f2f28a378826217

SHA512
8da9b780e9bc6785efbd56b51a4decc8703c9f1d41b33469153cc0aea8190c1b6a9001128c6022756a66ee539086ad6f787da84b6b7082dc51939077365e7beb

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1640053628\manifest.json

Filesize
80B

MD5
9e72659142381870c3c7dfe447d0e58e

SHA1
ba27ed169d5af065dabde081179476beb7e11de2

SHA256
72bab493c5583527591dd6599b3c902bade214399309b0d610907e33275b8dc2

SHA512
b887eb30c09fa3c87945b83d8dbddceee286011a1582c10b5b3cc7a4731b7fa7cb3689cb61bfead385c95902cab397d0aa26bc26086d17ce414a4f40f0e16a01

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1646759925\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1818622120\manifest.json

Filesize
141B

MD5
811f0436837c701dc1cea3d6292b3922

SHA1
4e51a3e9f5cbf8c9c96985dabe8ffc2de28dae87

SHA256
dbfb38a16e33a39c35ac50bd81782e4608be14954f1df69ac8272c0b9ce87a5d

SHA512
21e7bf2f8333b2900bcbcb871ede14684073249597d105095dc7d3f101e7ccc326068732f11d4a167365f245a3f2205793f520c7666d7f948e70919b40b43d35

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1825281885\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1881518443\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_1920186490\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_281010060\manifest.json

Filesize
52B

MD5
8c32b9f390fcc4f061885661dbe797bd

SHA1
c681595df03f9f74ec600e70069c879daf2ca923

SHA256
1431c36e66b4fc53ca74e9b10ea0213245631ad7543fef183a8dd2720a5b4ab4

SHA512
e8bbde18d5de7fe2a8162951d3fe75460efbee71afffb4c0c22f2088dee146fb6bfcccae18d4955608e60a7df716eeb47c0687f45344b45130b368eeaf316418

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_384691245\manifest.json

Filesize
238B

MD5
15b69964f6f79654cbf54953aad0513f

SHA1
013fb9737790b034195cdeddaa620049484c53a7

SHA256
1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd

SHA512
7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_4309209\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_626162974\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_65770792\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_83664621\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping232_978936819\manifest.json

Filesize
135B

MD5
4055ba4ebd5546fb6306d6a3151a236a

SHA1
609a989f14f8ee9ed9bffbd6ddba3214fd0d0109

SHA256
cb929ae2d466e597ecc4f588ba22faf68f7cfc204b3986819c85ac608d6f82b5

SHA512
58d39f7ae0dafd067c6dba34c686506c1718112ad5af8a255eb9a7d6ec0edca318b557565f5914c5140eb9d1b6e2ffbb08c9d596f43e7a79fdb4ef95457bf29a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0db1d88802048ff847bfcf47035335bd

SHA1
bb54059e5b145da464f6521ae67353889ce00771

SHA256
416525d2bfeaeab0950175c0eab55ad35e84518ef5299f10565023800788cf9a

SHA512
32c5b42febdb38c3a30eb5179b8aa20a5e731b0e83aab16ec73d27b4108bfc89eb6316f71a988388cb5df19267ba823f6d0220fab5584667ba0adb0da1152a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8734b4a181214bb62f91cfa36c7e2c98

SHA1
9cff323f10778a23d73ac3dcffc038d3bf661b78

SHA256
e06afe980fa56c8dad3e7c6b8d0d8f1e7eb9a4860ac715e966026fb7631c3ba5

SHA512
e8648a54da9aa24b6cba1f0377a0ce33979ea097554bb6347f252cad894ad4134e1fe839abc80eb48e2510061d5c6937e80374d32f95afd4cc8567b57694ac36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
b94efaba1a88154fc221b7c22acb67da

SHA1
08d4d46ec03dea438dd21cbc6d812c8dfe839d09

SHA256
ae840ef0e56bcd9f1827196390028ecf78c8296b95cf9d2d15853a94534361f1

SHA512
d5bd74c696d89d69e11482229fe661200d565bd1b16304ed1de56792dae4086d4f0dd57a935817269218a08b16ecdf2d2b8feae1c389c201b58299d925e058b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
352B

MD5
e4b3998554f922489c9f6989f7a68a41

SHA1
596e3f2ec4a8cd36473def926f8d6993bb43be69

SHA256
94334eb7c0022996c611d5ff45c9445204241e5fd425af35f7b62a2dcb90e0c1

SHA512
5960850f2094e3abe6006eccfd956aa5e7033860d69d74c2f96df3b2b17238e47e17fe7abe69aa996624664860aa0651907e30159bce388e90eb845b20cb86e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b2b826d7a61812ada383387fc1977060

SHA1
54a8089df4daf8b3bf2e7211a2fd4f67d46783d6

SHA256
034a6c37a8ce8b406b5ffe6febf85a4724686fd03c023081e15b411a4b486b95

SHA512
3d507736900e88b8bfc6d253a4eeb9872ae3c41a1ad3ea8573cb557e2971ef8b34a02f50ae1ade78dfa51f015125d3da1d1056f3914bab6ccfb2bebef4606a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a55ce89a8a3589c27fb6bda6bfc1f52f

SHA1
5ab04ed65958e350e06fda134eb3dc843b0a07f7

SHA256
bfe12a9b9f9656b1ee9ff8e0a4eac6c6e1598f3451ea301fb182b75f653d9a42

SHA512
527a2d159f6a1bcccd3fdf0b4f8867628619688239ea2cb03779b23b4aa7ca2dfaf93611a148f5c315ca960e6f1c233dc79fef00304640bcd58bdac6d3e06615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58de45.TMP

Filesize
3KB

MD5
fb8ba87e45f7a2df092369e0182a0fc2

SHA1
5d58e199cc82ccd9c807e23eb77a232f82806f2e

SHA256
642e7c74ac200c210da439328b64d3e4384500fc89da4b4ea1a97ae236d8ed7c

SHA512
74ee35f10fc5af233d2c3290c905b8d37661ea3c3935e367ac6d44edf51fc34a46d7cc2cf7d626a5f4fb98cd59900f8dde04e2e504061d989ddb157b115db8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
65dbc4b8dd27f62d44a4fc2bc6e0785e

SHA1
0461099e3b8f57cbda77cfdfa2bb25423a236e9a

SHA256
2f693e75c91a36ce0dfd432c4eb5b3865f0ee77dc93075dab4a65970b81ed648

SHA512
610470247f06294896ff553b31562c1f9029d6aceac3274af9ee0d0de066d9ca81c232dba42fd87a9429bcad00128b01fd387554710eca5112671ddba00571fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\eda61ecf-7955-4553-a4eb-3a687cf60894.tmp

Filesize
9KB

MD5
6ce9cd5978b3f2d8e6877030cf21a296

SHA1
7ce49dcf39bd4e7704de50006884de15cf17332c

SHA256
3c8b143119936255391d90d4e86c4f77624a38ee23b873fa585f160c5d79cb65

SHA512
81aaaed7f0b08f6ed5cc85c9550ef10325f52181ddbf88e56eeeda13be3e29c91a43f1f53d4f3806250d1733a6e97aae29967194283e6ab0d30cff2fd2b110de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
32efab8aa37355caf0fe3ec379832dde

SHA1
55684d486b165f4e9c55e970dde890cf3a9992f6

SHA256
1cb6f082f45d64b0d94e1d766965583786eb663df3d5be95905005a5f07d50cd

SHA512
6b349ab324b4efd04c623a7e9c36698cf324a0c533106635af5b54804e09e85f739045bd7123119177cdd5dabc1c707bf4a18fc5a7371a4c3f2f470de48736bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7fd6ee8ab2ac7ee4c6f20a2ee50edbbd

SHA1
53a8a29c63875b4d066559e9f9698ab82b43f944

SHA256
3be7cf9bda0b1dc5a4d6730efd85fd4739744b2af46387dddbdd187d522f764b

SHA512
8cc474e9cbe3498a0830550a005ac64125aa6c69681ad920b158c6dce91f3641cbafb39ed579c16f5ceaa8c6ed4596e95b6909b3d5a2d58cfc3f87f9e5ed25f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
eb4b764fca2d17af2e3233e525224478

SHA1
15234aab247a21cdfac25d1466fc31bd6c8657fe

SHA256
0dac1e65ebeb2f870afe0b7e196e74ec0251eab5e7f9d7db81d52ecc703b0e7f

SHA512
328f04cf9334047eecdd235f0f8b858ea485781ed382ca9828654dae35daa45b68cd512297999b7258033fa1be3b52b8923c3ca60e376346d5be196737551c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
da9ad4a411bb2ff1b6d0569d5e9fa856

SHA1
ef2e33ee1d75993ac038b0bafb8197519ea18f58

SHA256
1771bc0f48b9b664cf3c7d7ff0425eb4ce77dfe5ea56ed9630116540543aa3e3

SHA512
a7d484675ba310aa0bfe258694c5f040b82c2fe8906810ff2abfd68ef7c4ced894f04f557023be192e4d50b3afc32a5b42ea95bdef34108fb3ef2c4cde17868e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a28510ad-0cb5-46a6-9c6f-aa4da4147d82\index-dir\the-real-index

Filesize
960B

MD5
27f94c8bc39778c0aa81996d692d6c5c

SHA1
7b71fd1eda913460eb562590081bcf1f444d622d

SHA256
74bce060de6215c1dbacba26f2f3da8aaa04b92baa9f26d2238badf7a824c3bc

SHA512
a36bbe160ada129435eee6b4d13132c76f519dbb83502087ab4d063b08e4a35dc74f3a8a307cd47c4968a6a54555c843409737d4e778b9d7b6f63cb62ddcdec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\a28510ad-0cb5-46a6-9c6f-aa4da4147d82\index-dir\the-real-index~RFe5c8758.TMP

Filesize
984B

MD5
bdaca91b59d30bc0a9dc3ee5fd328e1d

SHA1
669f0b1ea99d656081421dd3bf5ff55f24b88e27

SHA256
3ea450dc0e1b9487d1c58d035ffcdc25b68c4947f6d66caff5c867ca2e0d6094

SHA512
ef58b218b738e8549ba4ec20a8f86ddfcd83f1cb50186e427bb835f9e4fd5709e0d41d46f4ba143c5fe4ba3a34b8d9949f7eda9a919b6fb5a2f50d83042c6589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
23f1bc8d6826dbcb0d45d74ac29e2a5d

SHA1
31a2b2d40d076e392f57e598403f50689d451f63

SHA256
755cf9ab9aa107b44b536d1621433b80ba74ec934c0c54b308eee95a5caf4ceb

SHA512
f1c4c35ad19d2d30730985617af5090f4004ed7a7b38318948c301da3156bb8448f323cb76323e50f6c0d5a2d02adb655fde5e1ee5148e5092f9620458163da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
2b440d4ff1975b6709546eac69e06e9d

SHA1
7c1437498962fbfbead664bed6fb3ece60f8df25

SHA256
61e477d41259bc664632ac89de5e83bee6a0a1a4da998b12103ecafed968d54c

SHA512
2c5bec58a71ce05b3f153f6a85d4b3c76cdeb1a761a13861a97a3ea74f0e8b9f9ad59f3c030cfce45cbb32b84426a760ac23b7997d39f5e0eb5b11e0a7d419c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.9\data.txt

Filesize
112KB

MD5
fd8717bad7cd0f60163e7c2b05210aaa

SHA1
1dd620b2a4b49d16a63d3b73495bbb0388cbdbc9

SHA256
d5facea6ed705ea08962d52a30ebf38f6d42aea50a7af21b103d0388b7dae34a

SHA512
7b3d3867977b04efce86c5cce45ae0125d25344fa85347a83977faaa9ecd205774a976be63d6af48b953b4ca355405aa090d6db482073f77d71607c948acb5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
70302cc613da8f75cf6564be1a025518

SHA1
1ab8d04c9d4da658fdc75778a7364ebce9bce3ae

SHA256
a8b73dbde978c240b5c4ff1be99cb3e51f920b50b8ff2f6fb923421424fdcfba

SHA512
b9eec9c12f29188dddc81f544b75e854bcbf7429bd1d0e125cb9071936cf36caedd84678195a78bce7becfb8cbf29b3179ab5848a0760866bbbcaaddafdc7111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
d825340ce011f8a50a869fac4cf3f211

SHA1
6adeba7f1ca2f9ad636e1f3766a9ce25120f7861

SHA256
13e6111864e961c7dd73e3cc706142bcdc7c3fb9925686653ba5f67db7f5f8db

SHA512
8cb213b536bd68b7621323c7967816b43d3cbb34137f727a3e1d407220112c2a94ff87787558af480c3573554859ee9cec9fd26426ddc17c69f45b8e165403a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58d6d3.TMP

Filesize
469B

MD5
81a4c85f3b5796df542afe3afec1554f

SHA1
e3aab2bc5daebed16f95ca1618d8650be44a9a20

SHA256
c2af8f535cde8a5c27a431f66d3d9faf48ccb1e3c06452524f99ceedc799866b

SHA512
783b83e1b3da941720cd09b047343ad7278d990f5596c7b21afcf3f528afce3661ed1fc359f4e46a6caa59059962560df26ddd612ae7502e09ec63b6c9c77b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe58d7fc.TMP

Filesize
2KB

MD5
ee334aba4dd4fb9caec2da190449504a

SHA1
83d86913e3555e9a83208a777607a621965e9d77

SHA256
762156ec3519d73a52878b137bd506781d5ce93e10336f2010ec52ea9ab78536

SHA512
5863b59c91b1045cb69c5a8feefc32d579f615c3d1480d13369aff2cdf521e7d991424c4edb61f58b1da763e0bbb98f02cc56b0d9fc01236db2f4acc799b58f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
cf1f5f9b3edc78e4418ebbc28dccdbdf

SHA1
aca7415e7806ff9d5cf6e6a368b4d5b5605f4f80

SHA256
001d0e39405b436689e5b1706265a1d395e76cd82589ae369abc2520bfb0dfff

SHA512
31f55ccfa30b2589123281adcea4ab32bc618046736f4603eb5f0f303dc050bbc450644733983df3f28c24e0c0483ac024a0db20379d46642b5e1fc9902bfa14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
82189e3e70267aca06d3bda0b09530bb

SHA1
ad0ba00b4afb029fca46f47adc3fe3a385ed9f1d

SHA256
b5198078b46b0b04b5edfe8456add8ae72a24f4c7514adf8baeaae9001b9eb84

SHA512
139b50b4ad4f9c3b301653edef1a820bc2d42b35122f14f825ce7bb86c875c66eb451477117b3702c479e4cf0d6d8b27d92c6c2903cd9eeef30b647dc42d35fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
aa485f0c25d261be5b092cd260c6de8f

SHA1
9b5a556df198aaa49785b1d5087eaefc9ee8ffe4

SHA256
783bda73b7ab7240c745aa44b4bbb1988e620e52c7deb7a3eda1a3a9ddede604

SHA512
826200128c080cd1b1537780e482bb7a42c2ba4db928feecd0a556e93d7cdda30e1580340a3cf4072884c69785e5d90e42c2c02c19d79d57829ac69dcf867052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
3a5eec9c3dc4273b367b77bcb9984b69

SHA1
01f7765bbf6e7b49b6e7405d8fd7ca86536da086

SHA256
892edef6287b192a08feca9bc55aa4589188e6c14516bfce4cf3d87728265c85

SHA512
d966fdfdde9a21e595be952ec2e8bc74c42f4e1ca4a05bb18f444b402e8c68b23748c875d8f62f04d74f2f36abe5b200d07441e820222ecf7108d5d4709410c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2024.12.14.1\keys.json

Filesize
6KB

MD5
b4434830c4bd318dba6bd8cc29c9f023

SHA1
a0f238822610c70cdf22fe08c8c4bc185cbec61e

SHA256
272e290d97184d1ac0f4e4799893cb503fba8ed6c8c503767e70458cbda32070

SHA512
f2549945965757488ecd07e46249e426525c8fe771f9939f009819183ab909d1e79cbb3aeca4f937e799556b83e891bbb0858b60f31ec7e8d2d8fbb4cb00b335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.16.1\typosquatting_list.pb

Filesize
631KB

MD5
c3ec8bf0a625c2583833a3340825f1cb

SHA1
582054710a312897117128ed59ddadc983525eb6

SHA256
7d10e035e0b2e152a1fe32a92b0b34295a979f7db2269cfba69d4aaf3401b77f

SHA512
175125259eb39225d0584fa4e3c5cbfc66bd22646cf32677f0eb7514a0abeb2c08118375210a69207be85e6e7ebdd9b6fa9a967d3c4ecd40ecd514e306873c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains.dll

Filesize
572KB

MD5
f5f5b37fd514776f455864502c852773

SHA1
8d5ed434173fd77feb33cb6cb0fad5e2388d97c6

SHA256
2778063e5ded354d852004e80492edb3a0f731b838bb27ba3a233bc937592f6e

SHA512
b0931f1cae171190e6ec8880f4d560cc7b3d5bffe1db11525bd133eaf51e2e0b3c920ea194d6c7577f95e7b4b4380f7845c82eb2898ad1f5c35d4550f93a14b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
4326d1b8c257f111aeda20621cce36d5

SHA1
02b2b50c2f6cf9b58f55b7b791ce356b2bf383de

SHA256
5f8695bced08e35055bbcc65dc14201b7a32c47d5c20558785372004351ac257

SHA512
bca7eb5c9f09d11041be6a44543b0e82bc83263203c7b4efbee099b5941b95b71bc630aa53f6511d835d94d71028d8a2d02f85051f418409b969394cd92f912e

Download Submit
C:\Users\Admin\AppData\Local\Temp\125c5431-8130-4f0d-8a16-4391f4594a40.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\cc1b48c7-849a-4a6e-aa6a-f0610706df20.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir232_868692602\652ecc64-c55b-4ace-8866-dc534b037451.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit