hxxps://discord[.]com/channels/1299358203980550214/1325598384987308102/1351854751075270738

Analysis

max time kernel
1799s
max time network
1802s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
25/03/2025, 09:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/channels/1299358203980550214/1325598384987308102/1351854751075270738

Score

8^/10

agilenet defense_evasion discovery motw phishing

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
583	5612	msedge.exe
1016	5612	msedge.exe

Executes dropped EXE 1 IoCs

pid	Process
10144	playit.exe

Obfuscated with Agile.Net obfuscator 8 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

resource	yara_rule
behavioral1/memory/6020-4006-0x00000246EDC00000-0x00000246EDC20000-memory.dmp	agile_net
behavioral1/memory/6020-4007-0x00000246EDC20000-0x00000246EDC40000-memory.dmp	agile_net
behavioral1/memory/6020-4008-0x00000246EE480000-0x00000246EE4EE000-memory.dmp	agile_net
behavioral1/memory/6020-4010-0x00000246EE4F0000-0x00000246EE54A000-memory.dmp	agile_net
behavioral1/memory/6020-4009-0x00000246EC1C0000-0x00000246EC1CE000-memory.dmp	agile_net
behavioral1/memory/6020-4011-0x00000246EC1E0000-0x00000246EC1F0000-memory.dmp	agile_net
behavioral1/memory/6020-4012-0x00000246EDC60000-0x00000246EDC7E000-memory.dmp	agile_net
behavioral1/memory/6020-4013-0x00000246EE6D0000-0x00000246EE81A000-memory.dmp	agile_net

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 12 IoCs

Web Service

T1102

flow	ioc
8	discord.com
109	discord.com
110	discord.com
195	discord.com
415	discord.com
420	discord.com
1789	discord.com
7	discord.com
285	discord.com
286	discord.com
419	discord.com
1790	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
1092	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	5612	msedge.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\playit_gg\bin\playit.exe	msiexec.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Installer\{8C17366B-843B-49DC-AC1B-748DC264E06F}\ProductICO	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-de-1996.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-hub\ko\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-notification\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\pt-BR\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\Wallet-Checkout\load-ec-i18n.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1336908946\shopping.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-hub\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-notification\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-notification-shared\fr-CA\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-da.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-ta.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\app-setup.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_308885087\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-ga.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\hu\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-hub\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-shared-components\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\Notification\notification.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\wallet-webui-560.da6c8914bf5007e1044c.chunk.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\~DF0BAE4DF298EE344F.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-en-us.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\manifest.webapp.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_2090076470\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-shared-components\cs\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-shared-components\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-shared-components\pl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\Wallet-Checkout\wallet-drawer.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_2090076470\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\da\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-mobile-hub\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-shared-components\da\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1748284533\data.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-notification\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\Installer\e6cc37b.msi	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\wallet.html	msedge.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1431030728\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-pt.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_621202130\Part-NL	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-hub\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-notification-shared\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-shared-components\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\fr\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-hr.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-cs.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-or.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-ec\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-hub\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-notification\fi\strings.json	msedge.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 6 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (4).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (2).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (3).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000863705d3f43de89a0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000863705d30000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900863705d3000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d863705d3000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000863705d300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	Xworm V5.6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	Xworm V5.6.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133873685697347152"	msedge.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\NodeSlot = "5"	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3712238951-2226310826-298817577-1000\{E3AB7208-DF03-48BF-AB05-E1E952DE0615}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Pictures"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000e0859ff2f94f6810ab9108002b27b3d90500000058000000	Umbral.builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\LogicalViewMode = "3"	Umbral.builder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\Media\1 = ";CD-ROM #1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3712238951-2226310826-298817577-1000\{7E369D3E-5FB9-4175-A064-1A50A2D92F54}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Umbral.builder.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	Umbral.builder.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\DeploymentFlags = "3"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupView = "0"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	Umbral.builder.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	Umbral.builder.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Umbral.builder.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0 = 98003100000000006d5aa08c110043414d4552417e310000800009000400efbe6d5aa08c6d5aa08c2e000000845c02000000010000000000000000004600000000000aa6e900430061006d00650072006100200052006f006c006c0000004000770069006e0064006f00770073002e00730074006f0072006100670065002e0064006c006c002c002d0032003100380032003400000018000000	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\IconSize = "96"	Umbral.builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B66371C8B348CD94CAB147D82C460EF6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B66371C8B348CD94CAB147D82C460EF6\Binaries	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	Umbral.builder.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Umbral.builder.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	Umbral.builder.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\PackageCode = "082D93E786FB56547BF685B7754256F9"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\SourceList\Net	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Umbral.builder.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1092616257"	Umbral.builder.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\FFlags = "1"	Umbral.builder.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B66371C8B348CD94CAB147D82C460EF6\Version = "983066"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4AEF046202130BD4399AB6404AFE7E2D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4AEF046202130BD4399AB6404AFE7E2D\B66371C8B348CD94CAB147D82C460EF6	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Umbral.builder.exe
Key created	\REGISTRY\USER\S-1-5-21-3712238951-2226310826-298817577-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	Umbral.builder.exe

NTFS ADS 17 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (2).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\XWorm-5.6-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\playit-windows-x86_64-signed.msi:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tunnels.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\add (2).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tunnels (4).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (3).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Umbral.Stealer.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaSetup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tunnels (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tunnels (3).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\EzExtractSetup (4).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\add.htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\add (1).htm:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tunnels (2).htm:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6020	Umbral.builder.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2452	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2452	AUDIODG.EXE
Token: SeDebugPrivilege	6020	Umbral.builder.exe
Token: SeShutdownPrivilege	9940	msiexec.exe
Token: SeIncreaseQuotaPrivilege	9940	msiexec.exe
Token: SeSecurityPrivilege	10004	msiexec.exe
Token: SeCreateTokenPrivilege	9940	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	9940	msiexec.exe
Token: SeLockMemoryPrivilege	9940	msiexec.exe
Token: SeIncreaseQuotaPrivilege	9940	msiexec.exe
Token: SeMachineAccountPrivilege	9940	msiexec.exe
Token: SeTcbPrivilege	9940	msiexec.exe
Token: SeSecurityPrivilege	9940	msiexec.exe
Token: SeTakeOwnershipPrivilege	9940	msiexec.exe
Token: SeLoadDriverPrivilege	9940	msiexec.exe
Token: SeSystemProfilePrivilege	9940	msiexec.exe
Token: SeSystemtimePrivilege	9940	msiexec.exe
Token: SeProfSingleProcessPrivilege	9940	msiexec.exe
Token: SeIncBasePriorityPrivilege	9940	msiexec.exe
Token: SeCreatePagefilePrivilege	9940	msiexec.exe
Token: SeCreatePermanentPrivilege	9940	msiexec.exe
Token: SeBackupPrivilege	9940	msiexec.exe
Token: SeRestorePrivilege	9940	msiexec.exe
Token: SeShutdownPrivilege	9940	msiexec.exe
Token: SeDebugPrivilege	9940	msiexec.exe
Token: SeAuditPrivilege	9940	msiexec.exe
Token: SeSystemEnvironmentPrivilege	9940	msiexec.exe
Token: SeChangeNotifyPrivilege	9940	msiexec.exe
Token: SeRemoteShutdownPrivilege	9940	msiexec.exe
Token: SeUndockPrivilege	9940	msiexec.exe
Token: SeSyncAgentPrivilege	9940	msiexec.exe
Token: SeEnableDelegationPrivilege	9940	msiexec.exe
Token: SeManageVolumePrivilege	9940	msiexec.exe
Token: SeImpersonatePrivilege	9940	msiexec.exe
Token: SeCreateGlobalPrivilege	9940	msiexec.exe
Token: SeBackupPrivilege	10076	vssvc.exe
Token: SeRestorePrivilege	10076	vssvc.exe
Token: SeAuditPrivilege	10076	vssvc.exe
Token: SeBackupPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe
Token: SeRestorePrivilege	10004	msiexec.exe
Token: SeTakeOwnershipPrivilege	10004	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
9920	chrome.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4744	MiniSearchHost.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe
6020	Umbral.builder.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 1548	2216	msedge.exe	82
PID 2216 wrote to memory of 1548	2216	msedge.exe	82
PID 2216 wrote to memory of 5612	2216	msedge.exe	83
PID 2216 wrote to memory of 5612	2216	msedge.exe	83
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 2092	2216	msedge.exe	84
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85
PID 2216 wrote to memory of 4340	2216	msedge.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://discord.com/channels/1299358203980550214/1325598384987308102/1351854751075270738
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x268,0x7ffcf8c2f208,0x7ffcf8c2f214,0x7ffcf8c2f220
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1856,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2136,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2400,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:13
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4852,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4140,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:14
  2⤵
  - Modifies registry class
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4856,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:12
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:14
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:14
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6016,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:14
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6332,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:14
  2⤵
  PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1128
    3⤵
    PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:14
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6408 /prefetch:14
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:14
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6596,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:14
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6592,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:14
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:14
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:14
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:14
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5668,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:14
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6436,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5952,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=3384 /prefetch:14
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6560,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6092 /prefetch:14
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5960,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:14
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6108 /prefetch:14
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6500 /prefetch:14
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6448,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:14
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3332,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:14
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6260,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:14
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=3272,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4992,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:14
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6896,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=6956,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1056,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:14
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=6720,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6876,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:14
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6756,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5844,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6664 /prefetch:14
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=7288,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=7452,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7680,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=7760,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7656 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=7260,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=6892,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=7228,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=8424,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --always-read-main-dll --field-trial-handle=7312,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --always-read-main-dll --field-trial-handle=8756,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=7388,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=7744,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8564 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --always-read-main-dll --field-trial-handle=8056,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8720 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=8948,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7392,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8964 /prefetch:14
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7392,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8964 /prefetch:14
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=7340,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9108 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --always-read-main-dll --field-trial-handle=8584,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --always-read-main-dll --field-trial-handle=9112,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9108 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=8480,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=7356,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --always-read-main-dll --field-trial-handle=8968,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7792,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7720 /prefetch:14
  2⤵
  - NTFS ADS
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --always-read-main-dll --field-trial-handle=7120,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --always-read-main-dll --field-trial-handle=9132,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --always-read-main-dll --field-trial-handle=5812,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --always-read-main-dll --field-trial-handle=8992,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --always-read-main-dll --field-trial-handle=8732,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --always-read-main-dll --field-trial-handle=7116,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9256 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --always-read-main-dll --field-trial-handle=9272,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --always-read-main-dll --field-trial-handle=9568,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --always-read-main-dll --field-trial-handle=9744,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9768 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --always-read-main-dll --field-trial-handle=9880,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9864 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --always-read-main-dll --field-trial-handle=9672,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9244 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --always-read-main-dll --field-trial-handle=9900,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9680 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --always-read-main-dll --field-trial-handle=8796,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10048 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --always-read-main-dll --field-trial-handle=9988,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --always-read-main-dll --field-trial-handle=8932,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10228 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --always-read-main-dll --field-trial-handle=10280,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10392 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --always-read-main-dll --field-trial-handle=9684,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9956 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --always-read-main-dll --field-trial-handle=7208,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10392 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7400,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9628 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7668,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --always-read-main-dll --field-trial-handle=7140,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8612 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --always-read-main-dll --field-trial-handle=10488,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10732 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10504,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10712 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10704,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10736 /prefetch:14
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --always-read-main-dll --field-trial-handle=10268,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10900 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --always-read-main-dll --field-trial-handle=10524,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10452,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9924 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10624,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8844 /prefetch:14
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10476,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10952 /prefetch:14
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --always-read-main-dll --field-trial-handle=10496,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10100 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --always-read-main-dll --field-trial-handle=11224,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8708,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10712 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --always-read-main-dll --field-trial-handle=10264,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10920 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=11260,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=8612 /prefetch:14
  2⤵
  - NTFS ADS
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --always-read-main-dll --field-trial-handle=9632,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10532 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --always-read-main-dll --field-trial-handle=10256,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10680 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --always-read-main-dll --field-trial-handle=10456,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10600 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --always-read-main-dll --field-trial-handle=10972,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10844 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --always-read-main-dll --field-trial-handle=10848,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10744 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --always-read-main-dll --field-trial-handle=11140,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=10536 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --always-read-main-dll --field-trial-handle=11148,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11136 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --always-read-main-dll --field-trial-handle=11528,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11468 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --always-read-main-dll --field-trial-handle=11076,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11028 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --always-read-main-dll --field-trial-handle=11748,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11324 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --always-read-main-dll --field-trial-handle=10536,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11712 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --always-read-main-dll --field-trial-handle=11684,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=9868 /prefetch:1
  2⤵
  PID:6852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --always-read-main-dll --field-trial-handle=11088,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11900 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --always-read-main-dll --field-trial-handle=11512,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11904 /prefetch:1
  2⤵
  PID:6868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --always-read-main-dll --field-trial-handle=11764,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11928 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --always-read-main-dll --field-trial-handle=10940,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11916 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --always-read-main-dll --field-trial-handle=11808,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12076 /prefetch:1
  2⤵
  PID:6892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --always-read-main-dll --field-trial-handle=11760,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12196 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --always-read-main-dll --field-trial-handle=11772,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12220 /prefetch:1
  2⤵
  PID:6900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --always-read-main-dll --field-trial-handle=12652,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11520 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --always-read-main-dll --field-trial-handle=11812,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13380 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --always-read-main-dll --field-trial-handle=12648,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13552 /prefetch:1
  2⤵
  PID:6656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --always-read-main-dll --field-trial-handle=13588,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13692 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --always-read-main-dll --field-trial-handle=13856,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13500 /prefetch:1
  2⤵
  PID:6820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --always-read-main-dll --field-trial-handle=14008,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14064 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --always-read-main-dll --field-trial-handle=14068,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14052 /prefetch:1
  2⤵
  PID:7172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --always-read-main-dll --field-trial-handle=14196,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14200 /prefetch:1
  2⤵
  PID:7180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --always-read-main-dll --field-trial-handle=14508,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14532 /prefetch:1
  2⤵
  PID:7292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --always-read-main-dll --field-trial-handle=14672,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14652 /prefetch:1
  2⤵
  PID:7308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --always-read-main-dll --field-trial-handle=14316,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14836 /prefetch:1
  2⤵
  PID:7356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --always-read-main-dll --field-trial-handle=14960,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15012 /prefetch:1
  2⤵
  PID:7476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --always-read-main-dll --field-trial-handle=15168,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13968 /prefetch:1
  2⤵
  PID:7900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --always-read-main-dll --field-trial-handle=11332,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12796 /prefetch:1
  2⤵
  PID:7908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --always-read-main-dll --field-trial-handle=10472,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14464 /prefetch:1
  2⤵
  PID:7976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --always-read-main-dll --field-trial-handle=15228,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15224 /prefetch:1
  2⤵
  PID:7672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --always-read-main-dll --field-trial-handle=12840,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13740 /prefetch:1
  2⤵
  PID:7664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --always-read-main-dll --field-trial-handle=13904,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14632 /prefetch:1
  2⤵
  PID:7700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=14964,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13304 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:7688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --always-read-main-dll --field-trial-handle=13300,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13764 /prefetch:1
  2⤵
  PID:7340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --always-read-main-dll --field-trial-handle=13964,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14520 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --always-read-main-dll --field-trial-handle=11596,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11636 /prefetch:1
  2⤵
  PID:6344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --always-read-main-dll --field-trial-handle=14576,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13136 /prefetch:1
  2⤵
  PID:7392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --always-read-main-dll --field-trial-handle=12340,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12724 /prefetch:1
  2⤵
  PID:7388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --always-read-main-dll --field-trial-handle=11736,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12004 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --always-read-main-dll --field-trial-handle=15316,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15324 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --always-read-main-dll --field-trial-handle=15424,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15412 /prefetch:1
  2⤵
  PID:7568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --always-read-main-dll --field-trial-handle=15456,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=12788 /prefetch:1
  2⤵
  PID:7572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --always-read-main-dll --field-trial-handle=15396,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15724 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --always-read-main-dll --field-trial-handle=15868,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15888 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --always-read-main-dll --field-trial-handle=16012,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16072 /prefetch:1
  2⤵
  PID:7600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --always-read-main-dll --field-trial-handle=15716,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16160 /prefetch:1
  2⤵
  PID:8268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --always-read-main-dll --field-trial-handle=16072,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16032 /prefetch:1
  2⤵
  PID:8548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --always-read-main-dll --field-trial-handle=15892,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15988 /prefetch:1
  2⤵
  PID:7728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --always-read-main-dll --field-trial-handle=16108,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16040 /prefetch:1
  2⤵
  PID:8172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --always-read-main-dll --field-trial-handle=15580,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15940 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --always-read-main-dll --field-trial-handle=11468,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14424 /prefetch:1
  2⤵
  PID:8012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --always-read-main-dll --field-trial-handle=15000,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=11556 /prefetch:1
  2⤵
  PID:8468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --always-read-main-dll --field-trial-handle=11608,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14188 /prefetch:1
  2⤵
  PID:8480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --always-read-main-dll --field-trial-handle=15556,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15256 /prefetch:1
  2⤵
  PID:7876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --always-read-main-dll --field-trial-handle=14308,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15292 /prefetch:1
  2⤵
  PID:8200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --always-read-main-dll --field-trial-handle=13256,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15264 /prefetch:1
  2⤵
  PID:8220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --always-read-main-dll --field-trial-handle=14432,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15288 /prefetch:1
  2⤵
  PID:8232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --always-read-main-dll --field-trial-handle=11960,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16360 /prefetch:1
  2⤵
  PID:8528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --always-read-main-dll --field-trial-handle=16392,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16352 /prefetch:1
  2⤵
  PID:8604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --always-read-main-dll --field-trial-handle=15280,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15504 /prefetch:1
  2⤵
  PID:8672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --always-read-main-dll --field-trial-handle=15712,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15828 /prefetch:1
  2⤵
  PID:9104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --always-read-main-dll --field-trial-handle=16372,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16448 /prefetch:1
  2⤵
  PID:9208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --always-read-main-dll --field-trial-handle=16128,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:9036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --always-read-main-dll --field-trial-handle=15268,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:8512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --always-read-main-dll --field-trial-handle=5972,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16252 /prefetch:1
  2⤵
  PID:9192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --always-read-main-dll --field-trial-handle=15576,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16380 /prefetch:1
  2⤵
  PID:8464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=14220,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15288 /prefetch:14
  2⤵
  PID:8444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=174 --always-read-main-dll --field-trial-handle=6868,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16364 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --always-read-main-dll --field-trial-handle=12940,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:8160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --always-read-main-dll --field-trial-handle=15676,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16172 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --always-read-main-dll --field-trial-handle=3320,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15016 /prefetch:1
  2⤵
  PID:7988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16068 /prefetch:14
  2⤵
  - NTFS ADS
  PID:8512
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\playit-windows-x86_64-signed.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  PID:9940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --always-read-main-dll --field-trial-handle=16684,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15008 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=14188,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13316 /prefetch:14
  2⤵
  - NTFS ADS
  PID:9336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --always-read-main-dll --field-trial-handle=16712,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=14204 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --always-read-main-dll --field-trial-handle=10012,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16312 /prefetch:1
  2⤵
  PID:8844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=16504,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16776 /prefetch:14
  2⤵
  - NTFS ADS
  PID:8504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=13148,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16324 /prefetch:14
  2⤵
  - NTFS ADS
  PID:132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --always-read-main-dll --field-trial-handle=15912,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16216 /prefetch:1
  2⤵
  PID:6868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --always-read-main-dll --field-trial-handle=15636,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13932 /prefetch:1
  2⤵
  PID:9636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=16724,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=13264 /prefetch:14
  2⤵
  - NTFS ADS
  PID:10088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=188 --always-read-main-dll --field-trial-handle=16288,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15308 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6604,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:14
  2⤵
  - NTFS ADS
  PID:7876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=16944,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16964 /prefetch:14
  2⤵
  - NTFS ADS
  PID:10060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=15468,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16956 /prefetch:14
  2⤵
  - NTFS ADS
  PID:10040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --always-read-main-dll --field-trial-handle=16884,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16640 /prefetch:1
  2⤵
  PID:9172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=16872,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:14
  2⤵
  - NTFS ADS
  PID:9440
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=16936,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16680 /prefetch:14
  2⤵
  PID:7316
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=16936,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16680 /prefetch:14
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --always-read-main-dll --field-trial-handle=16664,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15584 /prefetch:1
  2⤵
  PID:8488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --always-read-main-dll --field-trial-handle=16984,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=15480 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --always-read-main-dll --field-trial-handle=16908,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=16772 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --always-read-main-dll --field-trial-handle=15916,i,11367816451052841642,10697566416633620558,262144 --variations-seed-version --mojo-platform-channel-handle=17016 /prefetch:1
  2⤵
  PID:9452

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3524

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2452

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4744

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2068

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4960

C:\Users\Admin\Downloads\Umbral.Stealer\Umbral.builder.exe
"C:\Users\Admin\Downloads\Umbral.Stealer\Umbral.builder.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6020

C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe
"C:\Users\Admin\Downloads\XWorm-5.6-main\XWorm-5.6-main\Xworm V5.6.exe"
1⤵
- Enumerates system info in registry
PID:8508

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications
1⤵
PID:2280

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:10004
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:9560

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:10076

C:\Program Files\playit_gg\bin\playit.exe
"C:\Program Files\playit_gg\bin\playit.exe"
1⤵
- Executes dropped EXE
PID:10144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:9920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xd8,0xdc,0x7ffccc77dcf8,0x7ffccc77dd04,0x7ffccc77dd10
  2⤵
  PID:9876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:9064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2032,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2232 /prefetch:11
  2⤵
  PID:9040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2356 /prefetch:13
  2⤵
  PID:8684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:9384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3520,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:9840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4432,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4472 /prefetch:9
  2⤵
  PID:10116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4404,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5288 /prefetch:14
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5324 /prefetch:14
  2⤵
  PID:9804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5280,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5372 /prefetch:14
  2⤵
  PID:9560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4464,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5396 /prefetch:10
  2⤵
  PID:9088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4044,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5276 /prefetch:14
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5464,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5492 /prefetch:14
  2⤵
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5552,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5616 /prefetch:14
  2⤵
  PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5204,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5620 /prefetch:14
  2⤵
  PID:9440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6004,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5172 /prefetch:14
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5360,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4476 /prefetch:14
  2⤵
  PID:10032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5200,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4932 /prefetch:14
  2⤵
  PID:9356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5228,i,13890862495166773166,13812838522223083232,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4652 /prefetch:9
  2⤵
  PID:10188

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:7676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:8828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:9500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e6cc37a.rbs

Filesize
9KB

MD5
d8d314abd1bee0b16dcceeb05a29940b

SHA1
6ae5578634b4bf3c1de79aa6516e129d0f74a18d

SHA256
ec0dd20ac127d874881047997fd09bdea88e5948300307f5de1a1aff120d9a5a

SHA512
60bcdba86af49304f21d5bfec13fe907200fff0ed981df207f79152194a0ac7b43e874cf7413279a8dd5a98dba7efdb46860846c4ed55928217bd993d207f7a6

Download Submit
C:\Program Files\playit_gg\bin\playit.exe

Filesize
4.4MB

MD5
241ccb769e4aeea48edd83ad6f3e7020

SHA1
e97a24adc53493545cdd15f461383e734e531530

SHA256
1c36cc49894b8effb0438a0d810f90b0064178b0d73bf4af7e526273c56dc090

SHA512
e99285da2ef1c431465086860f15fb343e00e978c03b4880aeeed3ef916f19a48c455672cf8fae95c6daed5744c49368101afe307b99c7c3c7464f838a43e03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
378b9280cd704712f2337fb65bfef9ff

SHA1
c5b60e34a5a3810d7570603b96483b8b3153531a

SHA256
ade072ccf597564c11b4a5ceb22c7b3ae9f601b32168e28ec845058eb54dc634

SHA512
4c2d788ca92fd0d00f4b45461f0163d3584d95185c54178fe4b7dbf4fb8495401bad3e3795d0b787e20f37cca239b83c453b0d9053eb66f60bd8ae266bc4298b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5f6a6ae7e6dce5f3d5cf0842169cad02

SHA1
67c7cf93ece613c26a5ddbd2e6cf8864943fd048

SHA256
24fd844631d618b5f7a6652e2a07611eebfd1dba4d4e07bffe4964c4312ee064

SHA512
a78b38272bfc3856bbbf3e9cb0188858298bc1a61d356a765bd3e4d72dc02907af3638c3379bd5e916a30ddee9a53c5678a94e9e04fa036b58ed1248e9381da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
56bd1cf280d8ab13d055e0cbb09b6607

SHA1
6bd2b99974180ea0afd5b3292ae49ce468486561

SHA256
0c5d75d33808c072dd1854c7138032cfdb6197cfc1685897ba30292c9a8adbd4

SHA512
ebf46f4c92211bdecb21eb64abce9b0856038ffc2dd5444ec5a7ebc5fd81a07995428b507fd6798e0fc6aaae8fce9a5419208cb258aaed75437d89ef1af9112a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4f9a7b3eef52dc09f7b2f7eba1132183

SHA1
d74c2062a0c5381c52dcedff47d1e816c34a69c6

SHA256
359f0db5dc633a7b0afd62298860caef1b1bf6deed26eb515dd6276f90334ccf

SHA512
f8ffeaf5c484d9f9fc195ea364cb6f3d664cedc461533b3eb1020d0f36d81b3b3a2d6bcd204919e4bafe1370f8932f62af3352c652ac5b31f28e8f2e62bda4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c298d821f1e6de0a903542a95abb1ab3

SHA1
7b497794ddc31801907ff05d28daf668cc7d9bbf

SHA256
92721c202139d1abac2021cec6fe2e83350374a04d584e8a3c200c6a7ddaef6d

SHA512
2ffa8acf98c452dfda7a3ee96e50352d331ec837180bab2669c65b29f23322b29b69a74735c11b29a1ec9a3a208249c2335cd5c0a4a8457b56e79bd968c0e5b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2e124730b0bd4a670dfbc9398b98adf3

SHA1
dcc9c7b00dc54f722360f36bbf54b9545656b580

SHA256
68ea40b5f221354639b0f05f101948bb2e5ac4fe19635d877d7ff27a53591985

SHA512
e43b390e952a143ee6a475090e67a1e7c6c6d9745888aa4426b549c68085e46ff76d9a0969a2a39f98958b1cd255f341342a9c6e7c63ef289b2cbd75d54bd24b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5cdf4580eb493a2bd68d431b6208dd09

SHA1
09c6d73ce2f095683c8c1326351fb6409153660d

SHA256
ff8620cbe90b7693f017447dff3c028234a32afb933af50ca8aa1eed0f55c9de

SHA512
10034809642c288892fdeded8b74bd97027c64f22b6b3b710bdb6b5691eb6947c409446a3de36b0e8f87e405b483c395f1ecbf602789b29636c4f98ef87b0840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a8e584c4f144245ac6aded9bedb3fbda

SHA1
3a6229614b3a2f9466e4c85d4fabf8cf8843c8a6

SHA256
8528d24cfce05c1c6f8438f798a5f3b5100c057f7a57cc38e40c4192ea914ace

SHA512
a629d2451706bcac34c6e71870330f97e7f7a3be96ea7cff8d99803334c3d78a9e686f33d7179ecfd07a9a2fdcda3bf6bc01df0cab682b9962c348631c5061c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
5a514f06957672a8b0e1fe7eef2ba023

SHA1
d94ac87b70d0f4690163f5ead8729f39857a95d5

SHA256
5ce8032d75186c50c9286b8c1c2fc2f37cbdbaf25320d5755a7278f8350acd24

SHA512
c164a222f2ac5c4e814b1655c6a6daaf3ba150a949970e01b7ed37355046ca367809f4a370b201f298aa9fa4f595090f5a659026b7bec3c3ed4832e4db278885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6d75b2.TMP

Filesize
48B

MD5
749e0ac5534c40c91d70d26a38b4adc1

SHA1
ae054f8b808e60386da21f6b990bfcdb43efc35e

SHA256
b0637aa51150ef8cb504a4870fb0b5331439d05d108539ae910ab3a0d7ab57b5

SHA512
277d0f95b7badcf1738ca5830f9be4d7f6fd4ab5762e8b427aac4cc19206d99b9ca7e9f0908b44bb9274483f5a1408a6e724882ff185595ccba2f19b2907d370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
fe27039011efd46c351b5efd3b3534b2

SHA1
4628b574d87d5e2a1f3cd1a54ee250b644cbf2bc

SHA256
fba0bbf39dd01201282a2b1c94e4269d8ec78409e3060763ca626c4331bf4375

SHA512
ec382645d451624758c69e8847f5634dd9d7a8e0287955791ea2d6275f50c55a05c442d2113bd9499a072ad21e446689430a924946ca6740b669cf8e4c7f66de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
0c925753e7c37d03179c9ec4b5f76b21

SHA1
0d74a2a152c58e2efcb56e589a0706a60bb659d2

SHA256
683bd6171e513c6ca67d00462ae6c191ef402a3ebb037a50a5a9db39706e0db7

SHA512
3320b1c6de8c55b3c93bb9a3da82e6237f3f090daef15df8e94ef721f0b19522cc080175c82574ad8834bab4e453305bf72d30cce2ae75ee830437a4228accdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
021272887b54b65e0b5c60e035e37cdc

SHA1
8ccaf9957e7bd3809e5194e28efd9e5b950af1f1

SHA256
03f98b901c97c950d1b062cb750dc6d430471856d0d86b06b6a5659e71f830a7

SHA512
b9875016d85ec66dcdeaaf3cf60f68a6bcf164c6cf8ef02e17c5611c7de1be1abb4aa4c6f00b7283c67310df76b296429f22e174dd011487f6a53139a331a162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
3b133893131f664cc8e2b2a072302fea

SHA1
4ee2abbbf7c91697abae4ce023bcc1000a82c98e

SHA256
cb5e99b2df51487eb1977529b8a41132b6bb55ae7ae543afc00b5599c5e1a55a

SHA512
7f07225cfe892d0a8e288dfd3c27dea6a0f23f1b77dc9cd6be3780b4174c5e3c83d4bd01a4f7df4c724962fa71d6d65adc5fd7c9eb5f97ae00391e6044154a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
682ff716e69471147f7a0e231efe86ac

SHA1
937de827ecedfb18ed3f399ac647f88f2579c6bb

SHA256
11e566a5d7934e7f13ddb561000aafff386430a3df22a36424f2101e9ba76662

SHA512
4fffcccf9a78aed772e46ff48f817d586934c8d46434535d25b080c4fa264e018e6c2fe389d8d42b1f3b911e402abbf00affd9b890b77ae68d7074a31ee3e93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000007.log

Filesize
21KB

MD5
ed76b8879605f971725ab242b72b6c8e

SHA1
7b76541e01711fd558a721a90e38bad46efef42e

SHA256
7ea1056a658288578914e30d3f3aa9ea10bdec934ea34a4fe7760e80d0a9083f

SHA512
28a515f75ec5eeb20d3108c89a1fa15d9bda1dd1cd9f5c35aa6e89962853e22e9d8c913d3b72c4b0c3753f1715a03fe63650d70dcc76638bdb4545c4c74991b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
bbccd8da28ad4181384fdc5861430c3a

SHA1
cc7dc30f083c7286b9abceeb6a3b20a0ddf0a8d8

SHA256
d09629e432b2dd4aef20a8575419f0e5c83419dc63a2a48f76e12e1fa8d4e6b5

SHA512
17ff4b4c0c01d3f962ad0b726b07b96d094684eac619f1e6a312f5e0df1f3d686cabe403930c368c67750c302689d4380e9e6e009a4d431027a0dc0b0b138324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
1baf0c2bac969401eb86a93deda2c1c2

SHA1
2d4b714606599109f14e5b827bd16b8372163425

SHA256
92c5f324e78a56deadad39488ad6ce60f4446079e3ba18f5aae16f017e861460

SHA512
80f535aa7ababad84f5fbf3033e0cc4fb3c7a5769ca403c74af572f64c22eaf9b49446f77c4aebadf252f931f6c527eb4f1a7624da2af1bbc8cf976d46c0d677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
114KB

MD5
9d62a6ececb49a75fda5fb0b8ca5513d

SHA1
0ace53b45c0bbffeda1d55e70ac2bc3b1de0c361

SHA256
281124e7270fef82ed69586e62e816d589af324f2daad9225fc8446df3b16406

SHA512
1f8c95bc723b3f07b656af605b1d6d1f8641a23a830a228eca8fe5b1dbc6acbe431387555f7811f072772142bf63f125d7e3b88411e73c1b3fc88967f309d9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
390KB

MD5
6b98399e0d53029de99cb1786ecc90c0

SHA1
dc844cb6742995b54df302a13af9e03459e85fc4

SHA256
0760717148b27b581fcac0e013fd64c936d8122b2d9f4b84f0876776790644ee

SHA512
13da48ce242e7076eae4d6af81ad86053afd99ff2c5009e77c76c3201c0a023e3f910fb026c18d413b54834031e911bd07fcdf3939cd016380e92d1e993608df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a7

Filesize
162KB

MD5
219794c79367441826c1766c3d50834f

SHA1
605ab415c64d82684d7b979a91d74b2a9f276554

SHA256
da4bea55d4fcb204123c2f5b667c362c6abb65dfa94eb8d7f323bfd3220bc560

SHA512
dbbe30ecd3d40043a9847a6b070cc5b1f3e548493f9a44d604e87e45529669a45757c440560ccc6e608d25e3f6c24edff26e3e60eb78e7c699061ab17abfca4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a9

Filesize
64KB

MD5
55db53a89098f4b6b215e1cc6e9efc60

SHA1
4a1d73f9c6e11a1597c8e1237e99487aa5bcf05c

SHA256
d2ffa7fdd7892b4822eff4a89232bb1a4a37a52474819e5fa6b2c0b1d32e8e43

SHA512
cade704e8ae437799fd726b92c8ba98020878e7bb2c0d5920986745b11e5542e55170597cc9da5d20dfd525f47c3a1c2c85a1c67e6f281801cc63bc44fa35102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ab

Filesize
128KB

MD5
50490e74744e3484057ac4261edf03a5

SHA1
337c73d6f5bd0929b217d7a9cb1267e8819c7b08

SHA256
89f37126b7f65f86ce2d62dcb0186b7d87f643fbea80e2d96428173f24cb8dc9

SHA512
83b7a2c5b4a38ea1a26d1ae91640e6a0a289550987e6553898c8389e844652db5675a4b971a71c942b83231fd041fd09ea7bc1b7c60722dddb2a0930db72778f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ac

Filesize
128KB

MD5
7125fd7e21bd1771f259ca72f66dfa29

SHA1
3e34c29bbd81612460b92d62912d14f7005ecae6

SHA256
7fb8745e112c30769afb833cb2de8fd8d9e11e31a4e798cc5a46f04966d8790a

SHA512
75f157b8f160279ec2c370229d38e1253d715b14149b99b8b212998cc504fb2d91d77affc4321ba65f2710d90a19dff62530a67db949cbad5fee080079f64e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ad

Filesize
19KB

MD5
030211257ee50355be96f6889cdf001e

SHA1
765f88312857c612b14608260cc4109d4cf120ee

SHA256
036a1a0e8c31de96ee95ff2ee11c776b4ad44f194cb2755fc6f28f98f90be8fa

SHA512
50e53611966824fc2290f9be4d2dcd4ad0728b8416693d121e7b41fb0051740d7cce60e63f22359f03702ab55d1e94ecfc85a7949c3560fe5bbea115ca4c0b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ae

Filesize
56KB

MD5
184352377d3f71de540be4cf19d70358

SHA1
4cac56fc32c8f2531f1e2bdcae58ffb04b60c1c8

SHA256
5cd7d6a17d251f36aaa12dce7b5c4312e9245c1993e3b8aa890e2ddd64d248f6

SHA512
bd97662645e2098419649b71b4484d897608e2780fe8096c14dad4599b3693418a802ba0af9538552f39a2b7d095e60c8bb8f223e145b22018d2220a1514a4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
57KB

MD5
a3d835f2bec12222b6fa6e88d8d233ae

SHA1
ca81c55e531b27ac653616fd70f9b203d34a5506

SHA256
b5e8bdcb9de75e9bf9ab392d20b76b3aab5fcc674bccd11ecb16f2edee505153

SHA512
b03425ac552ed7d9f81b56d9f7a9a1429d8f2e93c94deb6f8e5a29a6a9d0619aa41483fd0edb57dc6d1f461c5c4dcfa6c94b98c99033491f22dcd7940ffd9531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b3

Filesize
16KB

MD5
eac44f5a1eb95737b7f66eb1172eb3e3

SHA1
8f0f17d7deaf6ca0b52f2fd4caac828d04dae49f

SHA256
c7f25f19c1a25ea2818da24a0f0d8fc1604e351c01a278df620ce94e68185fff

SHA512
ca59e0f946c86b4b4bda1e61d64f3bf2a8367080b6c9f55a89fee6c01d8d55b52195a2575081b5112ebe03958792d3f66cae17ecdd9ffb36fd99c33c43ca626a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b5

Filesize
20KB

MD5
126603dc5cf7f2aaa4f014c6f1b3f22f

SHA1
2dbda64230fc6652c905fd12fc704631a874d8c7

SHA256
e446c1c9ffef5f742051d48ecef519177992c7d77eb14ef781b4076fa1c7dd22

SHA512
d6b8e193b55440fb18bd637b0d40f8cf3a9f0bd61ec4bbec5d8a4bffbba301e283fe8b39c2a34ced9ceef34ead7f8b45c35e4de6494b335ad5c4c358cba521b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b7

Filesize
29KB

MD5
15b3a642fc3bf6a2b9bec7ebbe4fefc0

SHA1
8189bb302278bf2ed896a4c06c1787fb230a6357

SHA256
4c36eb1e30b68ecde785492271779e30b8aa0cc180227e85779997aa9f5bee71

SHA512
a245a65e5f0c11ef68f1f9ab373702326f9b12b8334cd8180487930c079ed7e38ba94fd8fa42c32b451c0b1e55ca481253ffc65e280d8bd08f98179023dd1726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bb

Filesize
24KB

MD5
dd858427b1b30cb68e6b12742e9d3880

SHA1
56a6fbd9deef7ab384817894d56b76cec18a862c

SHA256
efa61c87da584b1f9bb78bf41a7564e0ca9ca9683b802736e2082f48c9d00ff7

SHA512
d87c2fb9175aebc6d8ef960069bff66fbfc994934f85d36d247d1fe2a264db1229fbf0a5280ec62c61ee8fc06af1f37b0de92b51539cbac2d291e4ab3b2ab908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000c4

Filesize
38KB

MD5
4ae63e9a72f934f52baeb89db1ca78a5

SHA1
e1af838382e764e210291a40e521019c7ccb8323

SHA256
37250f151e2c1cb8f9631bf1bb87b9cec98aa7b11bedabbdab45b3392bbec24b

SHA512
8e1b32ba08f8250f8ed27b8e28117a5244b7cbf2ca10c06062f6d3e16a72284ec88fbd25761cbb7baddb6d8482d4bc020f1459a4ab8408b5ba470f364e392095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d7

Filesize
17KB

MD5
edff2a505ddbcf57d72bcd16ed0d84b4

SHA1
edaa2dde0ada20c983a3df59f15b8653e1c3c3bf

SHA256
230249c55b3085bde5eab2fadddcd9a77e7995fcec2ef059e5e9dc2c99e1e61f

SHA512
17cb71705f68767728ce7f9faec1c88872886f73c5f9a936da5bf1dc4614c03675d64913029da1c4b4d3129c1a099cea015273a397f83127cee1fccc0e782c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000de

Filesize
16KB

MD5
02c4be88a32f3d27a09b0ab8f2969435

SHA1
70cf3e16445f95682e6c5e4e8718dfa0251fe423

SHA256
3b6b96b31e05ae17e3f47e8dc81e80ff58a49f87d939205ef3ff81bea4e70bdf

SHA512
b06d573b4423c53e98fc0fdacc6525ab33c1c9cb845dc9174b528e07d94f1b4a51fdf6aa22711c3cdc1aaf399686f4c4234302867cb19cae1b5956eaf745bc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000df

Filesize
36KB

MD5
4eba8b7a83900589e5b6db5d7c4f0cb1

SHA1
c7a9bfa9ae61dd8b031e00f69b2d847f894be936

SHA256
7395d03c3eb61260741a66b9f685798425a27599f4dc9b351cc23bc1fb2c37d7

SHA512
bbdf026fe6a50ac1f0013501245c7b2501a96e23653ee470a0555934ba68645c78b8e8a217d87f99a1a45a4e540ad9f45e24cb557ad6c40923e2a8ad9a790363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f0

Filesize
48KB

MD5
e6bdbbafd0db1e54b799923805de6865

SHA1
0259693673f1bf6df5b4d22cbdc5f3766b49fadb

SHA256
24333b9966c121cc45c599066ac4ef5956d97ee7f42c6b36df0eda88a66312f2

SHA512
05f3944d17757a7b41c8e66d750074f92828e29a0ccf13c91d9a3678c6156f0cb7753a2837352a69ba9508768eac6d4e18c8b91df3aa863aa049b43fe102a949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f1

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f2

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f3

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f4

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000f5

Filesize
26KB

MD5
8442882c5c6b40b915a32c05bd434b8a

SHA1
9ef5251978df9d0f73d071fc8b44f4ba3fdf8d79

SHA256
d7ffd0e3677568efb56e5e392bc6ca6ec906f4cb8fbeee59725e2feec3a44f3a

SHA512
254dcec9b09a4cfbca0607c8aee436e246cbfcd0bc0a011891d48ecec254e09fe314d06b1103b0d25bcc9dfaa92ce2809f2110942ed114a5acf95d07318f4750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00015d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000164

Filesize
68KB

MD5
177ea35948720261ee5d0390624ab7a1

SHA1
a85740cea88fdb8349318dcf1eeeb313caf712fc

SHA256
df982f84dec6e6207dcd867bab5048367718f7420773af62bcb93bab31bb10cd

SHA512
b77b4aa0f5c7ddb7d2b0e1e0bffdefe4b6561e80e4fd10aadc6983bab66dfae2f201003f01f862b82e16b298bedffe175aedfedc34d601940d9d6034c4915d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000169

Filesize
20KB

MD5
f69cefb34e81abe998b7b4c0cc0cdbf0

SHA1
b4d4d39233a096793eddabac7b913373160ea7a1

SHA256
a8787de8a8d93bb7a6d9aa55572db8d806693978d0365240507ba62905657174

SHA512
6c8ceebb276bfe4ab080eb03bc8f497c72b7ce7fdd70d3d1689c60eb3dc091ff4af97fb21ae4dc9b6589c21638ef27c7194ee52780da6690c04baaa4c12fc4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000171

Filesize
118KB

MD5
54d37be9147490f3a49a6f691265306f

SHA1
710e72426e4ec00f2e6e7aaed828bb295a05c426

SHA256
2d83e894035645ff198ca1a314d763a91aa8e119167e046849b114668e6501ce

SHA512
0ce776563ca3aa4e5a33a8f80038ace5085a1785345d00da860d9821d30114b9c05367715c6b3b04b3cb6dd227eb0ee8cc6f081dd6dc82611f883935b3bd715a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000173

Filesize
48KB

MD5
72e8c4babf53a81580fccd727989f725

SHA1
1d32c1e9d8931dc3c6f2fc4710e4ceb9191357ca

SHA256
df6fe451fbcc85f9258a4399253ee4f9a86e070008c913629f3f76a11fe2d816

SHA512
3bf4e135da49f19e50251320db72514b0d37cd495a2825355e45a314bdc184532ecf0d59bba7bbd10ebf5a773f14e04e30301eeefaa63953001c84d11dd74c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000174

Filesize
27KB

MD5
57a3566e40bf2c3929966768089e34ca

SHA1
ba57e913fae3142fe2312641052f93c151c6c0d8

SHA256
e865c7413dd4e584413390541b0c469088628f150d0ba4934ea4263001b4cc12

SHA512
d987509264ace0aafac665439af86443b0af30d2bc0f020b477298702c8c61c0485cd2142a4e10a039d720220f68a11c1edb8987821e30c2bac5ebde9192f4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000175

Filesize
34KB

MD5
cd28431242d66b4fc00615b887ac5805

SHA1
4c03d0ce1ddbd9e7e43be1a56149d0dbd0437ffc

SHA256
8eefb6c2900b6184c43c6844c1abcb416131953406d7e3077676b7c8a86009d6

SHA512
f59f4771144e39902a5af5aaad84865e2c946d1fe7d617190775ef136e8b9045ea1bc8754c78597e1809b75f74b6e7dd0f886299825aa80644bc6b7c7ffa3e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00018a

Filesize
215KB

MD5
e8518e1e0da2abd8a5d7f28760858c87

SHA1
d29d89b8a11ed64e67cbf726e2207f58bc87eead

SHA256
8b2c561b597399246b97f4f8d602f0354a979cbe4eea435d9dc65539f49cea64

SHA512
1c15b65bd6b998254cc6f3cbef179c266663f7b1c842229f79ff31ba30043837c398d85296fb20d3a576d9331fee9483ca0cbd06270da2d6db009bc454aee0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001bc

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001c6

Filesize
84KB

MD5
cb0ea0c2672d51feb19dc04f37481dfc

SHA1
ec20161223dd0005010215d6fd082399d165fbe7

SHA256
3075f93645becf845699a6ab1fde460b5d4ab273a54b7e0f8b77fb5be5dc06de

SHA512
ab828e0d9551a29251a621cd587ff8960e6038a527159748878e4c3ba04f621c954e9344d342da973e094eb25ccf51c976b2b2a0603c4ad952637c4efc408ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0001c7

Filesize
117KB

MD5
bba6009859b43642afce740bc2696d4b

SHA1
d4c08f697a174f114ff909b336d09a626aefab32

SHA256
cb245295e06e9ec3f39b21af8bece082b1353bff6fca7a045cf39705b9aff3cb

SHA512
a29d4881d4794d89550ec2574d4304f1212016c9091cc8cd2ba985df08c45d831e6d97bea9ac907d31e38a396880d1321d42bfc301d48e0ba6791e3c1b404cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
15KB

MD5
411243b8807a9fb59bd92e5595e54bef

SHA1
399972cdf76bdf4d3cd2412d9ad3c7bf6f862f5b

SHA256
d1a5d88f35c85c3909dc7137f12c04591b886f7147aedaa35c3c80cb3beb8dfe

SHA512
086ec96a2515ea2ada9240e0b7f02eea4779eb0d28d05e161a984bd0543bb9070c9b0d7cfe55c7170ad9a26286dce68893801a2276760ca52004f9a504a384d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
11KB

MD5
9c1ca60e0e41994e4fd5400d2b2e0031

SHA1
852a7d4c36dba8edf4d2904246ae6baa6ce9b995

SHA256
0a3cee768290bc9475267c90681aa26b2dbbdef0fd220384097297c20f17dcc9

SHA512
130fb647a66db6fdef5f685319a1e3b394ba7aa5cd073e00642eca05359ecf04462817e26d5c3fb15729f57b8d714bd97654e7c11f75cf8b4a9b907b13804da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
38ac9fcaadfb91a8f5bbf9b3d6eb3d69

SHA1
a3d2c2fed76637f55a81ebf950a84054ddd72d84

SHA256
3ef8322ca5015e030d53e55a9ca86b30f79db7e246e925571ffcd3f7a0d5f033

SHA512
15bbdc6e184d2b680a032967ab6bd706fbdb3d773a8021207cdcbfa9795bd53cafbc0420bfce23e7b6285eceb3000b3be2df9afbbf93f7a03f6c347af0235e4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
2bda264b31ab0df693b03ff5da4dc93b

SHA1
2a2cb5e1a2ce503b06c33ae732a17be624f07feb

SHA256
406dc1c73e8442c0663426d5663f0ca5d1fcace5c3e12d06da37cbd88fea901f

SHA512
3bb25dbb2761c42fe50fe99b6268b349965a807113b010aa65e192758aacf8eff56f813c9702d3b51e75b6a570901d164747ba7528b0e02edc0c41757f2c0536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
fca8e770cb9e54595b24612e5ca89637

SHA1
be0a4676f1a0d9fdfcd38d46b672d9029f55bf34

SHA256
2bbe37db0dafc33d6cd2d971e9e03874cba92f9cebcb82ed838cccaff2e357a4

SHA512
c11c8fdfa7e1131f44f96e6c5bb09be09fadc9678885fba8a8e7555beebc07c3ca437c4c3e5bbc4b4d8f2ba89d3d49d5a8ab8f9487994f0390da7150489695db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
4f5f3cdf8196c2d9d1b003a65ea80da3

SHA1
e7d800ae2c5b3313d9b298c2eb8068db918f0d35

SHA256
dcfc26f289362b33c0fa9f93356bdbb869a903c54246b8a67a3e792cd5adc02f

SHA512
a46f95129b4e5e40e5f392693a69c8828a404f74a5edbe990ced94eaec1bf362fd45cff4b94128db1a5ee81d36c0c0be31cc9ba56725a7ec3b14e92633efbea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
2c03004b692b70a35e859d7a29d3465f

SHA1
a2ba3d8b4c95d45fffce1d1ce9aba9c064a72150

SHA256
060d777c97493a9bf5aef0f44fe160f52971fef04baf229e7d7ed4c4b5eade10

SHA512
5aadf4ce3a0941c959766c76c7e4b7bc9bd8c8c775fde8222999706058ba3f64bb05335ca341759578d4a669e6b9c4d5881a0987f8c14e624f0e1ef808bb2b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
2bdae1ffc25252be93fc261b0d65462d

SHA1
a45a678e7aa0a2910b7efe43b2112553bae5f500

SHA256
3f8626c2be34941c1fe4e6fddfc4ac47a282a8a79bc3ad342f49eeaa0280cd36

SHA512
8dc18579a5879631c67c02c1a680231d27f8523feaa54a33db5ba749001bae690a76bcdb9a9aa8ba4a1d8f34242e28b33dd3a48867284169426cfcf84da0044a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
af2574807b79e6855cfd9ad4552bd87e

SHA1
8ca3db8c0b4a2fd85c4df368cb5ad5d42f9c50ad

SHA256
143e10441bc55f7fb2e319ba57be6b7bdeaece71098dddad41ed2dbc5c5bf295

SHA512
9a72ceb087e4e9579e622e0eb5ad892b869a7420121bfcf896755def657c52cc0b19673daea5f096630677a300f18875cd0d14df2223bf3b2b2a5faba891bd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
edcc512fbd86e37215135a089277afef

SHA1
2bbf155cbef5e5c0ac4aea626b0ccf13bc91e54e

SHA256
c866c5027e031dce738c6d788f7f07c4c0e8c6f205e9a1b28dcedd2917440474

SHA512
78b07203da420885ab74e19bd74d39543557b1ec8683f4146318c1e43700cfd6129a8bdef0f4e2751a5702ee554ae602442b7364bf2a2bac4670dfa7433b0493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
5b5fd573c274ec37a0f9bcc6614c78eb

SHA1
daadade3726872069a4dd4cad161cb2dd1ef990e

SHA256
fc11c3bbf00bd50f9756b9eee0d9718197e6ea56801e02b85d690395c9d82db4

SHA512
4ec42a72c8800991a0cbb48d778c42b82f800f71babd9c2daa43a18188d43e9c0000bb6333077105e62316366e3c78e82913310aafd842d91138af539d4994d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
435abf27efb2258573f049af72b35787

SHA1
235667ec553305a4f85979612a90948eecab158c

SHA256
b6035754d9c60be07262b03e74523d7a82d888b4305d75b5fb8d359f269f77d1

SHA512
ff37bbb0a930362e1fed8bbbaad23ee6aaf677f39d1eb742729701189e751b7dfb35f73a3156b56f498df717aff55b35c97dfda49bf958f1d94b69ddb2de54dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
278b426c506702f82b8b4b3938ed4f61

SHA1
e60518a0c2113656e00fec5853c11a43606c4b5e

SHA256
344ed794ced265de7fbecf6feaa383f9de5a7b0595a7c5f7992fab9d54272a1c

SHA512
284d88c12fc7f6bf575acc233e9f09a10f23708f61406bca3899108b9e51aad4f40dc62df349d4b04a2735dd1c4f10235ef96605c421c520c62a75c8782babae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
06120d132bc0c9faabf122acde7ae7dd

SHA1
2e300403237e6fda8d614975f75f97b16a3e85e0

SHA256
205fe73a76f45115223bb7eb97fca5aa919797d57420c1601f59679ee4ed4018

SHA512
a46e54c7b959e7609ac4a4d943c2cd3eefd522b4a0ddda02e8f2bce96cffd53cdbd01b10c7c4361c57710ad7e874dc3c93ba6de4340604fc48829b218c9048fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
328f44836678d09b10e92ceeab10e050

SHA1
aeedc815b45fd81a93f82f74414faacdcdd18da6

SHA256
7b48e5633c7faa65d8e738d20a1965d9006a0e36f7fe0f253056dbc34ec62990

SHA512
4cd86a80c7d99a46be5739a233e780d58b28d41a038f5754054606c282040bb663b1649c84cef5e58de9739e120b6abb42b927afc87bb58b72391c62626a31f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1bddffa9b3fb126961cd38078873651d

SHA1
99cca80ff4d3f27dc310bbdaf302bca338c87e95

SHA256
7ec205e6e508ce339874a7b254293e884874aee369f5b8a3977291ca0fdd8299

SHA512
e00018c0d6ac297a9bbd3bfb8c1b03aa41c503e9dff2ee0fbed6ff6e80d6d82cc6be7f8d28a7be73224c169f607caba62f3ded6e344d1a5f23f56b42c01adc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5822d5.TMP

Filesize
3KB

MD5
cf67647d22cdcbeed8a1386933ddab16

SHA1
d98f26d78393084b4b551ff43558c7791f7961b6

SHA256
5b127a60865c5a0273b348b6ffd51e6c93a72b2904ee03b0608f680b7311a297

SHA512
95bd92aad50e931c0197ca6c807c4a79238ae5ae861d7621ac236c3f295f64858bfb97a490fbeff3d1ce43e185e67ebf3b4f3b215add9175302da29ccab15f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\000003.log

Filesize
22KB

MD5
54246d097eb7a9346f7d47b9ec2201c3

SHA1
a939d47761c32c5978256492665faf4056758406

SHA256
67b68672669d325e0c655fa2289faed8968c9a444b0e2f7541982d73ba52319b

SHA512
9016e5992650edf44ed803d0848990d1cdf6043b30ab709aabdfcc6f7a0e271f2d4995f9062fcdff5ec6ef0c0919f602bd448e06f824e81d0ea4f0cba2545a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\LOG.old

Filesize
343B

MD5
c1b548822639d3fec221d2be2c4d5bcb

SHA1
2d34b97f7aeb3c0894b580fb85f0a70e67f5d493

SHA256
1030edacf72e091869dbc37ed31ff4490c092d4fe560dfb825c3870253cec465

SHA512
aee3e0aa072094c96a02f3ed9329aedb3964b9b9c9ef4daa18694d419f84d87476cf7d7fe7feb1f2de6a174e5305a8168bedc29d604343b745eae7fdca7b522c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
348cc04aba7eecdcb00798d28ec0fb48

SHA1
be7a399e30cb83a06d1207ee919d88f80fb20b23

SHA256
abd9c67e4d3d4b128d3b3964f3582845fa4f47cda2f7089bbab3996073fb70fd

SHA512
bf35438845938d1e10449ea686e9f7dfcc1dc6f5e9c88500c06c9894c839c1a9a533694639d4b5902a351cc2ab75ec394f3b81df73cc1705f7b8144c5114f926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
48KB

MD5
0809ad7a03d15929ab7435a44f1eeff0

SHA1
b96da5c911614baf5e76b54a9480cf33778f2f7b

SHA256
d2f10c7d0e5262b480830b31622ed69e217b15f8a71fc8b65ef3b8c101546ecb

SHA512
fc5cb8c894f6cdd67c790f0dbc361ef2af38ad6b252a45ff3182ff5e708942a20b62d51698740d014b658dd7f9c35cb48bcf76443f476b25ce84203546bfd7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
43KB

MD5
2dea0ecca914cd75072f90cc9153ed70

SHA1
8bf46143ee10f5c6c32e71e665ca4bcc5bb30b00

SHA256
ae3f3f0fce3e02bf2f53b1144fabdebcc3c61726f29c631a7a539e2ced6d558e

SHA512
6568b8d35f04ba59882003d7378d92f5a84ddbeed62c30b4ec8a3fdafe5b9ccadc5b5ad68f8239c5b77f8110996d52615d2b933215138440b7f64b975364b767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
ace0e102f00d8e7ae025e214e38478f6

SHA1
31247bc8c1413ccaed18b9af67d5a206fd9f9fbe

SHA256
5a491093c99a29d2b982b458a151620188149da3ef6bc91894bdbd0940e5e677

SHA512
a96e81e2141808d2efbd1237e43e0ba0b6a8fc2ff6dbe0f1dcfceeaf1bab2fa00ebcb4be34966657104804279843f314688af3dc28d699e79c3bb210dc81674e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dfde6eeafa3bac8564e156897348e24e

SHA1
7d1d3a4e2e4d5793f79426dc8683fabe60401d14

SHA256
43e47bcb5e72d2020731a959e77411f78ef74f6c4fc1fed1f820fa29341a4caa

SHA512
4dc66a511866e357b29206e887d901383d94843adde608b87b27a0df264f2995a85ec1bddff1e60a150e25b3c6965e067bbd62821261c8307507d6b42ab01662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
48KB

MD5
07bdee7d662c202cdd19b74f9b73903e

SHA1
3ac4bcfababd3cc729ab53b104199ee7bca5baf1

SHA256
c8b545c454a7acf7fb7a6adc3a33124464cec2ff91108f6c53838d4ac29ba05d

SHA512
f6dbba1a22288510d2d9994591d9f82c372cf6c8bc41aa905268cb6781c7abd1e8d513ae40cbd6b3b782d0cfa83d4b050e1fdd1a56543a4c73eb9028daa0d307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b6e1e9b512952fe737bb2b2042a79a68

SHA1
07aff706f980bce9142ae3c3fecae89a12aa6d90

SHA256
28aaf4b5281681ae56b0f332f9d8eed3c54b874e41d2ed63570a2ca5dea60a49

SHA512
323e3003efa0e84da35e2bad922200c2cab1126b72c2492c45cc080e75995ca655d25ebc4edc17946acccff907afd5ebf3c5af5c4b734c249f85e192d740e09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
05f95c1e9e77e76f2331145be52e4b33

SHA1
683df68103740ed676942f48480733c7eaa3623a

SHA256
b17ee532d44d83a18c9c04216bf2b9f19ab567fdbc45dec41b5346e55ff948bf

SHA512
d6be16901ccd6ec29f7e1ddffa653e39179c62371e53ee2f679ec1e9874eddccbdef44848abb11a693848c5c51be63b42e481f6b63562a4ba37a1657f6e5dcb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1830148b41982216c9584601be64b73e

SHA1
0fccc839e57a7e815342239105b7974d3b329f9c

SHA256
b2d35c219e27f4a5f3934cee9b6d2e6515849d509ab0433ebaf99038e4b0735c

SHA512
b1ab826ab6ddb909ab55ee472d7772d58f7c6ca7b6ecf697285a6c0839a9d6ff60f30e6268aeabf95eb4357d2ec7d169f0131e8c164ba8bc0f962be77b3f5dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
950f32a9329a648db0b79f996892b259

SHA1
2e6bbae497a043e34b9e5123e960e63e5827494c

SHA256
d04887b5c56919141e37e5dad2f230e5496a7d3d32a27f2369764a7a22a8fd01

SHA512
4886c01e9097daa4461d547db7cd187ebcec9390c72f3f534c618e03036b03f3904e3f7af7deb9b929e4b178ba5d87893a20b3fe385fa1cb81ad66d6f8d548a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6e1f003091ab87d0542d39a71d6d9ae1

SHA1
6652dd5f599839d2249664a27dc6a7beed780688

SHA256
eaf555a373dfc32b1d2177270cc916cdf0eaa1fe930323d3c3352b09ba63fa38

SHA512
828e7e4a13afaa9667afbfb01da48fde493f3653e1fa7d2e4ade45449111fc6c7ec3a4bf2de49b2079fb1bee2fecc5a4e98836b37bd4e5521ec069266058fab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
892b530d47ea43ec7d8614a19b4fdefe

SHA1
81f22f590e2e8e64a013e51273cea98ed511ad19

SHA256
b76e4303bed940b8467f4d39550536a701f44c7cad896cb23ff78e0bfcc87697

SHA512
584e726109d0d6931ecb032347256335a9d2b2ef753c99fed6da1eb8197093c9b773bc5d276fc223131cf0b09eada16caefb8ebe73400f0a6f1a7b9e8a51ea92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
5829d7cd061aaefdfb6804f931bbb2b1

SHA1
b13e92e32f05d32f285fe8b58a8eb9d362a595b2

SHA256
df9c21479bb19b2abb1b4c1edac7936d5ba85736eeaa29e5a6aa075c3ee463db

SHA512
6eace666b4e8c544f16e193f709b0c4a8586b3944f18422360e780e74b4d19e2596407a6e78abbaeaeecbd403a3c6db8e5acc65e3d0d0bcb3b49b433fc447c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
927b8a3636d650ac2e7b0832b3fa5b56

SHA1
50235586fd01fa72e32f88ff08441ae225746adb

SHA256
e36e3e00b589e40a855b3725d21d7eeba1f8a43a204aaaae61b335f6f4061a9c

SHA512
d1f19d41da969bc8389d04c8dc6ff5ed717b8ed48df297ff28fd94a1af6611ec87cb67bedc52fd1253cc43bbe2e74f889dd506a7a4a476d3e7f42ac710ebc77c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
802b3df40baf7ca0630a0a3ef6e58ee8

SHA1
683432da89de994e73d4aec7cac7d917e6e29286

SHA256
ab2b7275527569d94708d6e1353b033a9a9024e41089a5c823f80f2b186a9935

SHA512
839ff0d19698d73927c85b26d5f5aba4101ca297c6ebe0f46ac5a33d21098eedf69e1cc7aa87c632613eb4bdfaa412b868e7407404a4f1542f850cd332711670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1bb5c6bcf8bdf26472014fa822b44497

SHA1
dbc15d3706927c307fa1581f570199bab06f73a5

SHA256
5797f38e82078912562fe8c86f12e0c40346e9f7fd3cc3f800fcd20d5be329f8

SHA512
995803d0794d609b466af3c7d3e7e3fb25f6d0a81cc7aeac58a2be44e1e1e8528c793c548d9760e952dc4b46e0708e05883384f2f1f944e982dd6ba1cd1c582b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RFe6a040b.TMP

Filesize
1023B

MD5
05b81ce470d3ed9da8497d6f36e3ae08

SHA1
58a75a2f5d86fcbbfdbb73e9e12bcea5c702bf9b

SHA256
8d2b602e52b022c6804d88233b3e1bb9e069d7dbf199bc04cdbb5e4eef19fd5f

SHA512
ebc1507bb0d6ef04823ed988f5c38aac5c22ea2b327051de4bed58123b6b29fdf5a4d02d8c4bda17b30b328d0deff72da04e82ca99cd37dd464989a9e4302816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
414KB

MD5
c91a46723596f614b0554844764f2f8a

SHA1
ce0d9b1d00baa8be1a3e5ddb13b4f628280ae7f5

SHA256
14e7f65f5204716819bd66a4bf45764fd125d98f01ec3e147067f15925e0e3f4

SHA512
0e7b84dff00965217d64441f7d5a7b7c7180401c47d9ff47203fd01a312846445ba303debda754f3f564beaa0c29f60cfbc39b1ac0b24403eee8a7c9492d841f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
429KB

MD5
db7d9c1c832272003486d6b773276fc1

SHA1
79cf2cc6ef9d99c0138b5273cde12cf34f0f3539

SHA256
dfab47ced200697c02360321da9fd6d55678811f9eb1faa7deb6a06893e519e8

SHA512
93722d783d65749ee9532c8b0fa24612fdea5e46abd9ad429595c5043eb1e43e49580217ad95a2b04569da7254dcd2e4f9423d395a7bbe167756f6745f487e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
429KB

MD5
c3e3a3b7d8d2a4c1a885f7717150a312

SHA1
0529c01357c50c060072d8cbb27fcc6ae915535c

SHA256
b83829d2a049e6524c30adeaffa5036809f2307b582feabfdb9eccecbea0c545

SHA512
262d2e5b62bd862e85277bef2f6b414e94a4cf4d05183236291d2833e902b835f45d6066161f10b4330615902a6801448c328cf23ec0fae4972afc464bd0614e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
415KB

MD5
12b9d08d2814a9ad715f35c6fd6d57a4

SHA1
255f0bc5734edd4e78489f2c4879c669f5aad9f0

SHA256
4f723245bff34fbcc91912548e6b3db5843f7bebef7b47e95c61f51cc7cf1437

SHA512
f17edbf1648cdeb001c7e229a4d1d52c15fa54abf242dcff0d7e652be875a451febb5849e3290ac70faab1eb1cdc2938143cf40fcb6016c577834e47761fdc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
415KB

MD5
e05d9a9aa36ff1ea241bcf52c83b952c

SHA1
c6b7210ae001dff60e2ae88550676932997b7cf5

SHA256
f0961722409f3b755be47db8f4ba6e55702a9a0fb587f7ceff659a2997401b2a

SHA512
07303949ae92dee058776370ee5b32fff30e7810b250e61a211b7b98c482052248171b327a18349a60cdf6101b317e43446c4b3c95f6331c3ec9919c5185ddc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
416KB

MD5
00694c5ea0f4e1c951f05b900316e62b

SHA1
06c4878709d4a436c6be82ad53960c4e347fe967

SHA256
6f8e79bfb1854768aa80486554cfd55326a82a1edd5e46064f54681c5933743c

SHA512
09fab11da69dee2a129b6dc56401f9689f7758911c8ba1451bec990b34f356653be881bb467de72d06c2c5ce71efc52d1ea1dcb6ffa90efca72e057da43cb4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
429KB

MD5
231eb60637c3a513bdce660d08e7fc43

SHA1
58ca96866de90a6c0dc118b70eafdc47fafa187b

SHA256
211397eb94989af060ba90e4b4c45ad1fd8fec497d38f6cccf22827b5f88f1ec

SHA512
0bd1d690e3a1697d218cdc0f06ef4a8d03d6e610c41d53619eacc77926662782113ebf612eb78d572ef451fef64f6d8afbe0a7342e1f6ec199396a9cab995d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
417KB

MD5
5144ac1b2015fa0130ce37197a612514

SHA1
4f09c14c07cb873dce03578290d4fa1ff195803c

SHA256
f7d73b19d1d340ab585cbd6b1a662e368c7a3b98b595ddec9dbbbeee6478266d

SHA512
5309706570dc0f30bb59f072fd9f0f8e4b1d4b9c8ac56b4174935c34345bb79bfc2e41d32e57ef647a2e1b8058c833d974fc91c2f3c1f997ee001600b3f90a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
429KB

MD5
15f871a4e4762865f796dc0982f9a8c1

SHA1
89f70238b46ff4dc06a82a6fcaf9e6f074ee2fa4

SHA256
3bf48595b0f23cf965331bd31319e1f079bda0a088a7ae7463651af355e69e75

SHA512
a4d9159ee4643aa0e5d2ec7b6ee931f3b66a8e6e6eeac4bbd99cad2dea9cc08902c3558d08a1a7e856f2be0c3970a078af837b90b2ab251e4099265d1c969485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
3ecfcca8fb99016a4a5d74476a5585d8

SHA1
2365c3c80c25d06225c8c628f3bd80d0d98e62e3

SHA256
9715d2793bfc639b23750c8dce45457535f27c578c4b47716bb7fb7d4d3043b7

SHA512
2c936791ed4943d817ee63e168c41698786f0550546184aa0b8e34e0ba127310b817637a5ca48241ae657593611632cfb9ad8705851d2e5e762ebdbb50bb4268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
415KB

MD5
f6a1dc5fff8a6e5a75b9f2abab50a9f4

SHA1
bca385bd8b5d3d387c70100c68b45e84660d9958

SHA256
9375ddad2430d616012e0c6643e5340be7f821800b9d6afa7fb37d35c2ca4a60

SHA512
2c9ec0bfb26478ff25903d685e32b265d3de0013c824c8ad9d70f267f94f972ba30f620142a30cc3cf61aef490e696591ea697b5024b1dd43b6b5b4d5ef6ed54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
642afab6a369b71d66d4c9f88373f9ca

SHA1
a3cab4a95f2f029bc22ffea90cf0824cf89adbb1

SHA256
4487b5442bef55843d409999c016aeb379298e331b486283190fe190dd6566c1

SHA512
fff23dd055e98b748074a0de70639a0c88e067fb0aaac2e60184488c1aac73373b5461a3de51314d3ea59fcdd8e493a23e1b29cdf597fbce8cde38d7e1b7c9b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4eb24012-7c02-4206-b22d-1e934e72ef30\170ce29fd1bcbf73_0

Filesize
57KB

MD5
70a04f526dca8b0bf23aa7dc8b5cebe3

SHA1
05660fb619ca45d16f23e0878e45506ed44b97c8

SHA256
79e912730bd3814ea6a73bc41330b42df8a9751f1ac6a2274a648cc7114700b6

SHA512
41a50617bc3f9f9f09236dc661630475f5de5cdb0858d91ca24ab1999a1361e7bf6803b79f167245a69c45933df3f3d489e95e770d7237504964683d7e6252a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4eb24012-7c02-4206-b22d-1e934e72ef30\index-dir\the-real-index

Filesize
72B

MD5
58695af4d8b009f8402591bbe5f82032

SHA1
b230a37ec463a14d23cc8b617530e6a7cc1e5f00

SHA256
ada5272e24d1cc42ec3a41ea1800a5347e8454bf1883904ae83fec6d6a97d052

SHA512
5e3a3516927f71f0f30dd9923351f62c3bbdf456c9a62c496304deb793908a6574ab20b7b56f3fcf92c7ddc67175047420ca1b5702f5f295ff6e213038105b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\4eb24012-7c02-4206-b22d-1e934e72ef30\index-dir\the-real-index

Filesize
72B

MD5
c07f841f4a57955e8d089b815fb77f5b

SHA1
f0e6f8868af68ab2b84c4a1e718b69dde01d4235

SHA256
9c878429a952dfef0f91e57e3adf215b321c158d2e1f5b791f3c36fca4c56db3

SHA512
c1b55c26221dad4928548ad52dc7c4aeb851b539846dd90f38eba52189e63a78b8e374dadbc41c25395ff169d37c7eb66161e6ddb8f7cc48e2324b6a763b6406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f443aa7-7e74-4dea-bd9c-a46f8d5abd1a\ee91b116cc2005be_0

Filesize
56KB

MD5
47899ad89999cb958b4ef66e1dd45ca3

SHA1
45d050d9ff95e54904fbcba0ec520f038c7066ce

SHA256
854f2725eaa276f4e90d21acf1a22187dda21ac226ed7600239e14fdbf20f86d

SHA512
6b2597da4a8ebbb1f51761ccaf2c40e5ba04c53c2ad1e7b6fc3022abfe09658b1721f72b9900ad93f47e3171c1cc95606dd460f08fb345d4a843135fe0faf44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f443aa7-7e74-4dea-bd9c-a46f8d5abd1a\index-dir\the-real-index

Filesize
72B

MD5
3d0498140c5ef7b7def61b1a0833f937

SHA1
87b22ef5c759f75e9c3dbb80e16f6cea13913e1d

SHA256
7a490678287fe61fcf53af0a84fb1faabe2acda84a427b23cc351ec9e1a94252

SHA512
ca943f9d6df237774992a85f172d76726ab79ca0d3967e2b68656255e111a8f2c121f15e23fe986d6cb54504ea3252c2f397c35213cf628d270677610858ecd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f443aa7-7e74-4dea-bd9c-a46f8d5abd1a\index-dir\the-real-index

Filesize
72B

MD5
061f01b2493c38e770add987f87d8f6c

SHA1
49866e095ccf9e53449e170eea8c8b4668c6b510

SHA256
f26e5f6e7684d67ea56c471ef022dac9d0f8c1fa93b4934513e58ba22f279154

SHA512
946b06f8a745fca6a9272c2a584d3205bf5358db25b8d40b84625bad4428e52180f8e2f3e904b736128f3813aae70e7ed0665010a3a5b8f9a610f245ee972f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f443aa7-7e74-4dea-bd9c-a46f8d5abd1a\index-dir\the-real-index

Filesize
72B

MD5
7fc7a1bdf2d5ce4f7f08228942ac25f5

SHA1
dc9f9a3ecbca417d602174e90d18cd7fe46f15a9

SHA256
0cce3f3fcdc0ac2fdc19bb55e8d4bc0f0aba7429eda03e2bb0fb5ce307d0f26b

SHA512
f32c1c4a47908026ecd2d88ae67e89b0b07b9d64c4257d20674819ae2e8289ccd85cb2717163fa756231487e6b968b3c25f777782cfe3dff3f9e57a31cf56089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\5f443aa7-7e74-4dea-bd9c-a46f8d5abd1a\index-dir\the-real-index

Filesize
72B

MD5
85fc54a29c072b45ab2d2790d4639d43

SHA1
5f2f902baff21e9089e319fb3acc6b3a94f158f0

SHA256
8848541c3b932c4c0fb13f740890014a88fa6a6fd9082b83c04adaf1fdcd5ddc

SHA512
11882aa271263613ab13cabfecd4d27353ba6833ad37a380769a68e0905e02cb4daa053292cbd87101ebfe3dbbfd0d023dde7d8805e9df4cae7e6c037e7a5a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\82addf26-e437-4cf1-9d29-1a07c62eea57\index-dir\the-real-index

Filesize
2KB

MD5
e61e2d8838f8e7f0a3c476e7956eee30

SHA1
4817e7bdaf84af66851143f69e8ea4785e63682c

SHA256
9b536d2a49500fd295b8dc3ba284fe6186ed2b33838880ff1e0946656c755695

SHA512
033e401c3b053aa96f267d9ee69901cfb2ec70c35a8044cd384630763507209c8a28bf947ccebcb1702f5156ae2e7ed1b16ec0cad44e6534a221351c35ec3d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\82addf26-e437-4cf1-9d29-1a07c62eea57\index-dir\the-real-index

Filesize
2KB

MD5
7dedf8b388abdcf5f3312ddedd6223ae

SHA1
fbd2af23103c97ac9799fb4374816a202cecfdca

SHA256
f13c179e529fdcb48aa09c1d70caebeddd7e9064b851fcf1fb8fb3aa6159f607

SHA512
381adf4f5a52cb7de6ef0f453f7abfc4663bfa518c3e3d69e6c8f1f3ad3d99fa1cfafa526ecf68f2586e9ccd7fffa551c3ec2ae7e9636d02f9e852acbd3e68da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\82addf26-e437-4cf1-9d29-1a07c62eea57\index-dir\the-real-index~RFe5c4c72.TMP

Filesize
2KB

MD5
2dcb51235d6042f4403e97e0d78c3b5c

SHA1
ffa79e0ee92900c0bd71928e1ab7cd4f56e48b44

SHA256
23fc166847692e07952c65dad389f42525750c8c06b25552bc5108c60ec846d5

SHA512
db021de9be3d1c99d34e5d9664f450823e4fb59d10c08cb68ba5c2ed3e19bfe4778a7ad33dfe8b334f438087dd2aa289d8fea48e5180ee3d4806f5e60278a164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c44161c0-0b3f-4480-866c-4479cebc8a01\index-dir\the-real-index

Filesize
72B

MD5
be849f4b387abda070c5fcc853ee7f16

SHA1
e33dd201155ae58dd5e7214c616992e1c718afbc

SHA256
709884c71cd215e046df99f7fb440860ba4741a92417fce544530b231163c9c3

SHA512
fe176cc2f6b3e6649f603ab715e07d7b54f558793b1cefa8fe678810c09c814070ea6ca13e0cdcb08ff35d5e8d386a6fc8baf3cfaa6c3408640bc4440f1626e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c44161c0-0b3f-4480-866c-4479cebc8a01\index-dir\the-real-index

Filesize
72B

MD5
ff4f723d4e177e65ef009144be1d37a0

SHA1
2197abbed0a5c6a512d0fa3e595ac20ff971afb4

SHA256
67eb288c7cc7eca4ae577b0df5aa2b38fcf01740e44361000aac8d48c807ba82

SHA512
56529f6177f989eb290adb9c6559f83faaf5b2692fdb674e3a03dc1703579d4580ce85e4db5e6796be8a5a56eb4c71126e54e5fc828b706684877cd9cebd9038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\c44161c0-0b3f-4480-866c-4479cebc8a01\index-dir\the-real-index~RFe6c5e08.TMP

Filesize
48B

MD5
2a69dc894875159a915d8f80d5dcc299

SHA1
d00a90b95b2f45c8e217c5c8607dbf71d4b511fa

SHA256
7d1e34dc143bb7776c64bfc60ae4f8e8ddbe012a72bf15d5ce4da942c68d89e1

SHA512
c3701dbd4e76c9dffc33399d2b85d4e5262f5281af11c8f316253f24a8f6b60f22941407aaaccd06d098b11a097c75bc804000074c2d9c6c101e47e2fbe71d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
5325661b3388cf330b465687aedc130f

SHA1
2950b08a74e43c6c5a7e849c433ad6e13e6f8a82

SHA256
3502a7f4d5ea1ad15936d5522f460c654bbf1ac91f5085a87652c95971434f19

SHA512
e1866099911be6ab7174cdf82f8223c1f9a1d3bea1d714df27d9db5b41d512bdcbfda1dc549b302f4c3331b6c75ace00d4ac3e6f367503e6eb0fed6127dfbcb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
327B

MD5
a8c1e4a60ace1093b0671b91c0695f04

SHA1
cc27aee12aeb4ab6e4ab3fbc69fe47a3006655ca

SHA256
1365f0405763057b32ff04cb787729d467fb7ab03d10efbcc37953095318ed05

SHA512
d0c695fd8cb9f5d6e66068614fc07359b9cdc7724808f0ffb56e704e72f1c816e5a4a8f58e7e214d5c134f4a54ba27e1eadb463ddbe786c1a0e191a0a47487cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
e085ad25cbeed6b955ac788e03b22117

SHA1
7bc5ac48abb958eb2a908eb93977a43878bc1e71

SHA256
bc5dd90f7c305966ef2705d5f487d844e75d143025787b3d56be4709f731e50d

SHA512
7d09de8e59cbfa40facbf521b38f77448ea078235e71be67532f384a6cbf14a3a56efeb6b5b2565d8ae9646b973bbfc292983143ab268c71c93fed1d7d565e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
322B

MD5
27b7e2248c35c3b008015bdcd01d9a43

SHA1
e6b495b4dfb28ecc80a750b8e8c7ea4e89530809

SHA256
3e4dbf0ca7fb40cdb8bb795b74eb9502e9f73b9e78df6bd38e7c80c9dcd69db1

SHA512
e31b77789f47bf4f5ca598938254f432873c543cf4dd57098758e5f28aacf42ea2995e4c265098fab49130fb62a68d8a7c0591781d558650e9d23350f93e9cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
c827dda5f13432d70703b8001607aabb

SHA1
5af7077a60689a520d3a1827e908e575ce925699

SHA256
cf479675a09b0affc2107c36255ca0ecd87b4bc7bcfa24cb34360d423ea629d5

SHA512
0f9474685e0dda679af84df8f56fffac6b52cd1126fbd442ffbc2dd1a726e399d1663ace3df176c58c849195d46b42711894c2b3365143ef457059ca82061972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
115KB

MD5
ca0ce24437ac9a0fe71e334f46e96477

SHA1
0af9ae46a32abbb75941e5fa25aafde03db1001a

SHA256
71e648f543215246b4cf40b52d03621a4f5fe646fcbb3ca3168b99f8951ee349

SHA512
c6f1742decb0a0d33a1cbf9a87b21ddeee9697153f790a09b2e0544680c2aa3d9df1498a139a773d20c563aea4611d7efdfc0919536e1297e68971d531043f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
203KB

MD5
ffca520e5aa9fa05f3cc1219a308e3be

SHA1
03b9619bb2c52bda9fdb7d50f395763cffda635b

SHA256
6df3a97a5bfe0199c1f51f7ea8a1e669a8c592107f1eab4cfee84ae008b9c068

SHA512
713de0f8612b69b90070e5b0ced861e21fa6e415cacfe67dfeca09a74228d446a63fd738a5e35b37fef3c47bc0904d0c11143a00412c9975841411011f115dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b1257d473eeee0b6dbf28a663d4d87ee

SHA1
bd65551b9454f1fca7bcd8511ba54c1a117d0f33

SHA256
c6e2f355fd91275175fe64a3e671556eb45a1ebec45724934149db1b3fc070b1

SHA512
f8da221cd2395c690e02717eca95755f4f6670047148dd70d5f8ad9ed6574207844f2b312c0d70085df416e2cf8b118cb3a73b687f3c21edadd7be0ba45d389f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
256e73f8307293964c02887b9964542f

SHA1
6f3f156324ee9a599075f852af71cbc6d9e3de66

SHA256
f5d03da74fe8d6e8f330916a6ad7becbdcbf09a6391c387246b7c83ccdf4b498

SHA512
cc0dd8afe5f903dad3e0e952bf366fc220d50d49f6cee731bb80b78da2b8748e94e6d21be5587eb3186cb7913159c9f209c7c414bdb252a4e4216ce8dc20943e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe623f65.TMP

Filesize
48B

MD5
857c3cd2ef4d977de4bfbe2ac2d2aa83

SHA1
c73a2c7a86a58222cde43cc9b94dba569a497641

SHA256
11a3c1cb8293f36ccc1e5dae1d36045d4c76909be5ad28b8f8944a736c713611

SHA512
db866eb8c22a146d919e801334d5c9911e3f89c18995ca0dd0a4e362bbe47229432d3a672239d1553b4898ae74b8467343ea2da32dcb002f7102cae4986cfe31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
41f0f2764b53fe71b59a92d7d1fb679a

SHA1
b911c68dd84e1f1a9bc705c82067187ffef03918

SHA256
f1653834011304dfb5df4e838e465a334d82762c7020f226a92754e9543e5ef2

SHA512
c8da0d8351fcf8b950fcee7d7a451cd080691b0c49752f3b483daad378547316cb4dc095dae44e0a00a61aec33006d7c582a611c964ddec2dcdc99762b128901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6dd6c3e-2e5b-4bd3-9902-3ba1c5a2b891.tmp

Filesize
16KB

MD5
f81c751dba45435ebf9e90036bf0f314

SHA1
d58ef461cb02c8ee63cf3cb3e0710fe0e4240084

SHA256
5c632265c6b8efbea02538a2a186940d2cae4f8339ee4afd8567cd161d35bc1a

SHA512
bccfa060c4eff71ad589399f34579ae94916b451826b84c15c53da42ef3191b86f1c903ca3935cf470242c046b2ebae90c70c186cc2b0e0a68f67dca602b139f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0c8442d-9f07-4e2c-93d2-a6d4c9503add.tmp

Filesize
16KB

MD5
21c8bfc0c6cd39887fe2187dbb8d529b

SHA1
eb252c84d1acac8d7ae4242b90c3cd1ecb6b2576

SHA256
ff477c40fb8bd4d530328644b75d1c9e344ca983617c40484469158b3a0eb951

SHA512
3ebe7d5da183c986a9111d8ea672257bd48b0b546cf8bb92ec6b7f5cd58e79be9a980d3cb9b89430ebf4c62e84651f1a29c713485400ba426d47efd68238e60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
282251e0964cf908e836e99ce0d70013

SHA1
22473cee97c90b1286661ca32bf2e8939ce05d23

SHA256
7215722ed7c28665bf3b7537b0ca1b33a823f9188b2e4cffce5061b8af36aaa6

SHA512
d2bf507311016e0fb2d9980237092ef3f77f8611947bb1792c58fbaf52647c8d5c3d67b138033392726be468f1a3833fcff0d381c8af149c690a2a6737729868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
a369c8ea497df6ce9d35a304ae6fafd3

SHA1
93322560e57693419eef8319df932858a94edd83

SHA256
816d13b8abb70cd1129634da10bca9bea3129efc4fd5a7eeebd4e90fc0eec2a7

SHA512
ff6a01115b21c19c2ae045eea9fbf7f3633748c63847615b9896de7041b06d358e964a08cfb66e8fc46f37458500bf19885b31e7eb3800eb085f4dec1298adae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
75fe89f743bfd1e9995d670917782ab8

SHA1
d980ed19315d005ef994c6015014a2306c4630ef

SHA256
566bca204ed77deef5cbb9497885a718565332e777297af79ee13457f19a7dad

SHA512
e6347833d4fa73e95efe26444fee957a699fa6ea43715ce64d3897c25e10b82a46e3a18b0138e70332550c3a4ca355519a5f53038558302d5dd374896bdabac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\buynow_driver.js

Filesize
2KB

MD5
412352a121a62092628029e9b30158d8

SHA1
0021445df04bcd60cd83b670ce1863c42f1f4c11

SHA256
87339a1e25ccbbf120f294fd60333e292e1d631e785a9b205ed5beb0128c214f

SHA512
ffd266f1161ab996f38a6d0723e2cf96840b500cf2aa360f48b7953d448a5cd3a2fffa666d9be9c89dc4495497d5016f1199e6419a82bdf18fc99b8a8a4eb596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18345.18340.4\wallet_donation_driver.js

Filesize
1KB

MD5
03abcce3f9828372d9876aa2e6fcdbb0

SHA1
cf5834e1af5f7143e62a29ae0f7ede79178b3574

SHA256
39a63d56be4f1ca950310f385e8a42f7bc2dcc0e49fefff306176182bfa4f0e5

SHA512
ef9b7decb4cfee3961006ea5c77299a48fe6a667475772f2a78e93bd4f691dc4700f8008138c574898fdcd8d717d84b8b201527ddb5a61346e05d362aeb15701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_00004a

Filesize
21KB

MD5
1cc099d4eea59aa637f8eb9f8cfc5791

SHA1
78e2169abd8d5810f0800589e9d156dcb5c7f0ee

SHA256
e40492bf8c68a60ac3c8b6f6abfd94c1b97234ab204cc4451a363c5e099dac28

SHA512
4fdd02684b042ebc45afbbd047cb8ef07f13cae3b7a15356fa288fd96bb6dd2c8607cdf97a88d7ad0495d97990d00dad32d785de6cc70f10e46b24bd5cc6e67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\f_00004b

Filesize
22KB

MD5
b614101d0558eaf813f82c10d5721a4e

SHA1
6d45e894d05afe3a7f3fb5a22547faf826ee7b17

SHA256
d69225943c6343c50625a4a4445064cf18f2b8686ce046dc2eaa0ede057bb56f

SHA512
f1c3a1026e2a9a9b08bc941ba9c0b2568eee898bc24d0ff8a03f74ff36ef5375a0e8019ec6853ed5e7aa64a3ff44aa3f4fda02a0639348e91a1e769c1b463132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
e11eafb59607fec04db36ff0764e6579

SHA1
445da88928f867b32141581b8db806f695055140

SHA256
bf04026ca5bd3561891afc00c48d0c1d630ddb565c0e414daa91f1b1ef93c5e6

SHA512
7bb62e48dab3e4c03f8beddd13daf4e20ac5429fe88ac7095e4bbc9d63adb3e1a5bfc3eb634393818733f33299f31e8d8d456fabb956f12791ca47a22eefe27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
9c6c9b29d9629e5e5785a26098aa7c31

SHA1
d4f8227a0c47e1de7f89736305dc206265604c15

SHA256
0db0732df06d81cd1268cb639f7ca8db8487f29a7d79c64bdfc4ca0310b9f827

SHA512
6053d64a8bf80293b7860c3c29106434ff8812933e7731fcd5acf410d9f0e05a554cdcf5d7226663e772fbc503c56fe56f77bff1c6c6084af35e7f0f089b1e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
33242f04ba11d1c5c355002c6150a71f

SHA1
fbaf1fa00197a464494f29b2361eef6b07b31f6d

SHA256
544ce44033e67dd8a409adb465e6a5bdaf38f7f250f578b48b348f4be040cd40

SHA512
e454213b81744fc075be4f7a13af47a8a95a14488ed13833d2489f16ee0f9c5dd16872dd3c7af05f9285152f165e6c712d15ffaeb783f2357dbf203db9b0c1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
fcab676c11d76c716d1aa7bb6a68e145

SHA1
f01a2d6b319a957f497c96762670bb0be579a6c6

SHA256
e2203e6f8eac7fbea92ae926948f81d17b98304f9abbf88357061c05c7d583f5

SHA512
46a395f7e6d3da867a75693ce155b46f1aba1e32600f5ff464da0974d2e2adbf5e3bb14a6315ca2a7ba02bc48926a29ade5f664702d7262edd4a574b32704746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
19292b19c71951b42027587d5630f0a5

SHA1
f9a3ee81a8c87df71e238cf10199b567ece7b582

SHA256
52cb17500a7494897cdba44be4308fc12b11c7344ff56cbb3c2903f3ff0b9a0b

SHA512
bad9dd33167bf2a1aae134d033fdaf6f8eba7263be58c3cfd78cf1b39bd268525d0b9af3849f0adad5e4563260810db95a27756d919c283655239122271b22a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
450403693231deae374c8c4edf9e86a9

SHA1
7a19ea76b73c6e74f594e9542280674c9ab8b86b

SHA256
2f9c5a7c2cb1cb211b1bf7946eb205c3910af6e09039e71209c548acefc119b4

SHA512
509a302b9bf292a2d621cb16af80347f99f00a9ae09261628bf5930abd5cf8af1f7b5e5a7daf429dc537176877bca429c2b8a05ac981283d859b4e2b0f96fdfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
56KB

MD5
2a15a1e36c7a7090b600f994c0deebb0

SHA1
b570bdf51de3e16d5751767bd0bc04c4a7e6c252

SHA256
b2546e39c049bc3b5da536e00d4a58b05fa7124fe15197a83ae5021a4471e195

SHA512
5b2feef2dd23f7a5ad008413af9e0e7e5d86a01907fea62f665dc2f5f3da3f478d8f8a2a7bc812e3d80201305ae03d8946ad1c53845d8680d8a8fef7b003b87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
0b7cca44efcdaab9d4261f5597e79b61

SHA1
4cbe34d57d32bb2c60859d55894659419f16b33e

SHA256
32359965cb3edd2b61599acd90a6382475e9067cd3f1af42650d0c1d4e39f560

SHA512
f2d51bb07d181065afbcab1dad619bf07751776cd7dc42f377e3539a6c699bb26b9929c65b2a670b0fa1745d2efe2ac3202d23c2bf36c323d9d9631fe4702a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
033d902336d26fbbbb7767b14f50e87e

SHA1
ff4791eb567ece8e621d0aabcfc5b055aef6bbb1

SHA256
48b444a32c247cd72405221eb6d48228c4a094ebba8216e7a36da1433ad4b8e6

SHA512
87cd73531bd63f4e1d88f858fc115ca46bd96388e112495c64dc22f141215d9e78af03447a3926e0390a7af4cb166ca63f7482d15ef9c0ca3e13483f6b4fef0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
6e95e48f112fe4270089cacdd422cde4

SHA1
f11d4e51521f7882092fe11b86f2bb029deaef7b

SHA256
f62a86aaef5fc8cf5ed97672463468f8ebed8f316beffa27ce3553c71df7f1fa

SHA512
1c61e628ee06f02f45222c15f9d5ef43c7a2462d14f44609e11a3394bb12c7ada8e17ab1ff608ea7e41e88ccc92256d4229298de93e97f6fbeafc6cf01cd7c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
6371d1c613e8875a1bfc095daf6aff85

SHA1
72203f1aa982d155998700972fe0cfb188af7c56

SHA256
efa3fdf3a232c9894fc9affd91aacd1e106b3cbcacdf8340566baeaba8feac31

SHA512
9ff1b4005af23ef899805c3d7bab896933c97876510e9be6be9ffd47b08047bf691e5d1b6a5021187b2f97aeda91eec5eb3d147d40a7a9eb26cc1c643bbe378e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f5d3237ba1b9ac8560747f8076b7463a

SHA1
a2f619c446c52c85d82e9432bae9b7667db156e7

SHA256
ccc3a4807d52ae7b3df76f7b6ae639cafb90b6d6dec852fc8f50825d1e1b7023

SHA512
939d7bd7a70b8d3a8f8df65fddd6169703066839589eb913052e3058adb4921284b613ced54f58514c544402cd57749bdc113d0bbd5b6251d6acc38f2e2fb71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e0d17abe330a97de51c02601af094dff

SHA1
e23223186df0cdab31f2a311669e14d99b785ac8

SHA256
ee863b4d467a02a2dd8757af6fa1860778f60a0317e6cb893f44e95b45820c29

SHA512
e22b46c49faf6c1609c3570896b347af482151fa4f7ff08bb3821bb7ade3d05abf5f98c3a4f0d539713fa17002d82cbeef7f28a9bef5fb5e32a6ce3c8697546b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
e6fd7f9fd56f7cfb4ef86753264dfc59

SHA1
f123756482ba0dec282ff0fe4d8bfabf933cd335

SHA256
7002bc51c33338a1787e5bb2554487fe3e1a1d7308fb6191e6af54de2f4cc8d7

SHA512
6275c4c97c974f6ad9e8ef285724d0718f3fa0d209f8739f58e4f67e15a0542bdaadc5fd4a8e20b022f3d97c4373ca9584d0f600efed0ae6f963000424f7e442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8ec0068317721c8f5656b125a252f384

SHA1
841e8ccebfe5be7cc87d928eb2753befbb9f627f

SHA256
5fb0d92b4784108b3b9a5a5d852a8d8b10cad367592004605aff7e51a3a73e4d

SHA512
d920af09123aea3316bd5c380c36976e7c0f1f963e0491f15a6d47e11314d44d8c9fb5106bed9642b76d0743c3c26d7a3905169241bc4af5f6aac28cf1699d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
11fce8cfc782488b8005192b969adea0

SHA1
87400f6debf7359532fd7358d4d4aac67359cd34

SHA256
26b00d0b2eff3198379095c89d1d62e0bed43ad5d9d0deb57ddd594998c1d323

SHA512
5310398500558cb585caba988ec5d8a5347181d52ab07210e06ce4df17fe0e125aea30629f725eca3c5175fd41dd11ed9ffbd7f664a57d1f310dc03aa6ad2461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
13fd60b5bdca7696bb61997674a88466

SHA1
99bf06a29407fefa80213c8cfc083552dbde33e6

SHA256
5d1809f020b17277ecbb2403558977a61c19d034f928fdba63a116a7225157cc

SHA512
7f0ffbc8572406d42a38b6f7023bf4aa579d0194de2753297637201d8dc645b2e3a684b8def851dbc8060fd5c15ded9ed76dba43f165a74e69cf506c009e3b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
cc6873e9f776e3e6898dde5f6eb4a005

SHA1
9b304dcbb8e820fccc81e61b813d66631bc1ca05

SHA256
242a0054fcef1aac84cab314e0be30e6554d4c6aba6212bb942bd00a423fdfc3

SHA512
10eb2ad11046fa4f05c5f87f5d7470f3ab8fb2b511cb9e4fe78ffe380195ae69e903b3cf4623c173f6beb7b760b6c0b86755420b5c7eb395d23d15eb681f2239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
240fe1bdf4c91fc46a74cdeb1d4778ae

SHA1
16ecef2a18af523a887aec99a4f091fa0d99b27c

SHA256
e3c9be05b2a3f90166a4754d33b0118d42d56470bae7d00343a37e563c88d9c2

SHA512
9fed2d31dfd28cdeab457d5f2c96903a4b673e04d1701ccd6bb97d739fbbc8fdb79d62ec8b73047111c65aa9c4b5e2e0687b2a42534b215a16522d97f135d9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c1182bac29177509548e7e94f00503e4

SHA1
eb42c8e73271b69a39419435a0bf8131936ca0d0

SHA256
633fbced75ab97979829106be5a96ceb5f650f8dc4872ebaa4ef3a7a18614918

SHA512
90fc2c75e414d9f9424414f28c9f6b0be2f80e5a7f366a4f4f14a2ee49a0a32bc4ab8132dad077b88406d386b59822297e1bc8d06bb04c53ee16254f9c13df4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
620985dfe65d5c594a6ee28ae653b898

SHA1
ac566f01178d88cec586d6b75faf7c7abc351847

SHA256
58b4dfa599980aba15a370b92019f63a4b21d841401d276c5266e1fc005bf7c6

SHA512
11a4c3b06ba85f2ccfde86d9c877df7da432c9287140e1e2d98787867b2369167d3ed5c845c6ffca8f2cc52c7af7ce971ba2a0bbeb824bd95069dff87ba5a7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c37a85a505f91a5c5bf363fec7fa2803

SHA1
18f221529923d8bdcf824f7c47a3c577a32b6e33

SHA256
10c7066f6cae08d53f6024da045120eef6cb48aa84498ad0e712444bff5a6a70

SHA512
1e99607904a375ab1775f69d22f5731682bc5e4f632ffa4cc69c5e65190f0b0c0f6495a60f5f889109c7fb2086f62929b548ff583970ac366c822e5230331857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
53e16464516e56f4411d3f21f3255760

SHA1
8c0954e665a425873a3e3e50d88b3ab6046a9449

SHA256
6766efd6175bc09135eb6009e2f3f53e790998d48bf585c543e383fa5d35b808

SHA512
f3a6ead1a3327d9af3beb1a5810ce6e8bfe789da6ea4d62a1b1bcca6e30b0f513a57812a8038ab213cf55dc8fad0a65879f19a75d3dfebb28417966a8ed9a655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
40dae6aaaff96a5c51fff89cd48e4a96

SHA1
0c884449b4728b9e04bfa67e4e479cefd95b7cc6

SHA256
c5ec6e492723bc13df0708434f2d65d2eb4b0504cc29a6f2c71e2c7e2566cbd0

SHA512
a4b71877b510735bdbd710ea1f468cc99acd9710034027960a9f73c2b3d092e13ddb0cb26808241a22d3b3d121ef25111637e1d098ea36835e069f123f056e65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3af4709f78518766438071fe1baac1c9

SHA1
a802975c59a801400b58da95581aaab2dc2f311a

SHA256
ae6d259717bcc4bf7682d3d585c6e54c77870f6ccaeaa222c0d7becd7e9ed007

SHA512
48633a715e1aebd67b2694d67e012852abd889380478980b00db7cdeb656330354a56ead420ca47e93491e4bb6056cd7d5911bf959c8266f4c93661cddf0ca15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
7408176d2627f08f9e7cf74c44333169

SHA1
52d090755bf3e80b7a5d8ebdfb03cbb463d47c1f

SHA256
cc85246ecd4ccab5493cd2275605668f05541b61189895e24160d4e0dd942cb1

SHA512
09d800555c38fe508287e1ca0b190d96a21b27075b5cff32fe49c86d1e272a8760a7c7589f034b507b216e96c5792ed627554a5e73e620b27e38f201ce9cce67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
2c4ba422528c4d906c156da63b9ce896

SHA1
e953a6b71e8b4f3f811f911569281d625e28a87d

SHA256
d0ea6200a29aa4290f909a2ed077be3a119d1d2c94e9ca20ba575a7d3c54b138

SHA512
5a90afd87f1fa1637e5ac5a01ec4ba5e8fbf3e72d927a70fb3c5dcc975e0867bf1e07fb29a0f3b4ab9915746194578896517cf91398b028295540d39b55c1db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
d9383f3d78e0ccdb3de3f78601cd71f5

SHA1
8b68d72ba3b53e37f1b91fec92eb2b19cb1a1e36

SHA256
ca202dda9b052671d0c9ae50fbf5f5aa276a839ffc2cbd9da20b3e6ad15d8be7

SHA512
e018c394227979a046dc5df16b35511b530344809db5b6eee0edfab77fa1a4d4b9c7b5468ce605acee49f479535807982b811a209b577ac7beabf1d821060adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a529f92e9c4da6eb38d26e3c1f0917c7

SHA1
19e4449b347e4b74115c051365eb5c27d3bc0238

SHA256
1b6e94871462e546c533b926aaaa9d1e7f733501af58169be642f3ba96a11ee7

SHA512
5b35ae3dfccde73ab25775daa4154707df5013b3e84b1957c5a90dbe955ca3792cc832e8e9b7bb7623e760f9ecacf752638f8dccde1d4eb4a7bd5783fd279035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
a55333ad9e694d811cfa109f29091781

SHA1
c69ed1a161771d76f2ee5119e64d8864e8d00e83

SHA256
a110b106bceb56a131c4368125f5f04423f7a1608e004e5fb672ed6f8f2d4601

SHA512
ffc8f0baf63507de0a8c84e7edb2b44854c5ed6ce36025eca19dca171fe7254af3c1e3892c0ee7e87a9a167e62f06f51bdefced98eb90448824a747c56e691e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
df11d9e6fca918834d07cd412cab6f11

SHA1
3a39d461e78409720f06ee1161742295df6e281a

SHA256
62bdc19bb452dcc2b0b2e9d3f06f4e99008fc357c712bca5f645332f6fe233b8

SHA512
0f973e9b27fa9794a9160e5b85263ffe7c9821eff303a19d8b623102016f7fed0ddcad819c3e09c947847caf0267b6a60f25bea6a83e8fcdf74bbfca2c6a8a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
307a3d55a1423ad5dd93253398518c6d

SHA1
587e60c4225d0161b1c5cbd74768c217e75ca850

SHA256
7a597adc0f04efa231ddaa6dbcb3d9ef38c8b55ceed8312774a25596ab4c8373

SHA512
f0205e779b6ffbb6455dae527ec5b426213aacf3cbb4468395c2260777a16e8d4dce25753142bf7791a00ae00b0753ed8adc4e88d26da1f30aeb24dbaafa5dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
cfecb590c43e68d07e28f34cd19861d8

SHA1
721a832a57e655aacce18e98003f13f54020c8da

SHA256
cc30e4962a9413fca42071439cc7b9ed998366df05becf06f82e1a5abddc4141

SHA512
131a6614a87f028d81b691f290c1c626409e1a9466f02c646f7b027dffd219f026a982098d8a5c5c79acbe05e11fe9637932aeec05ecf9fafe31600221b1e458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0825bbe63692d5a768fa47b911622a05

SHA1
1883d9740f286bbdca03dc45ecf8df1fb01ccee6

SHA256
b7f1b8234a3fa2aca737bfe139c87e7c57098224aa3254ea0da81ada74393aa7

SHA512
e5ef88ae68e35182c2c3c77ef76caf1cdb0fefa080a73478d7f096e676717be94281bdd73a5c75559780d6fd5f8d5c27909978bdb1550ade5785a8654e8a1c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
765538856b9b29cab71d6a247ffcf9b6

SHA1
78f56ff3043260abf1aed2133b46533dd5132139

SHA256
64e1a2487a8ddd0b56c5744d8eaf28d4745d2f7ac4b1546453588a9c255ea968

SHA512
8bdcc9bfe509fb3db0e2b919e7c9c36278ffb21cd8cf8977382980b3f35642f31c71602c94f371ce21dadf2ea8ed1dbc3c97effc7ce26cc5f40f02c66ee26b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
84dcbaeb3720ca0ecb1204335f204850

SHA1
c0241db3e61ee864ad83edb96d8ae34005a46862

SHA256
794951b309f4da4c152c546c34bb38dc034aabac2b94e48b1757beaf8e69b1bd

SHA512
c0ccac8e0783c8822a090876b74c17c09b59c6f75a822db6ce621e3adccaea4652fb940d3c433d771083bbb89de90ff8c24a3f7f3d684e903f9855fea296d13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f13fc0d25e06cdea1adab7e53a6e15d4

SHA1
e62ca8c9a9b229a3769fb1af6b93bf9bc4e63486

SHA256
4a02574d26cdb59d8033eeb2bdb8b16f6626d2473422c7044520ac416b44394e

SHA512
03b1746f43fc35b1622c9d8afe641d7c8063cb25533cdd671ba51bcbfeb803ae96c2e2885ce88c068a4b1cab2f4fda6b60086f7fd57b8b1c724e3b76eff2a142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
467ba81fc883bef632c4312ad6ebe177

SHA1
d9597ffba14eb3ae0d9e15a1ad5027b4f7ff6042

SHA256
88a97d1c5ac5114c804f25f6563ef9ae784b41d576fc71b50f96458e905181ae

SHA512
036c97a2ab83117bb12793fbc778c0f33c295d37de135aaeb2db2ac75c9698ad61f4c736d6d43c36f5c9397e50bd04594dae02fc32af2847b39d6b60502bed1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
775c1a6efea07e667d9b46ba7dd8a5c3

SHA1
b75deb2005f6bab977ccfedec7eae7e78e17beb2

SHA256
d724c05ce06dbc8d800eaff12b08f63449f9672d7fc1721e7ca1af0048b232b3

SHA512
9dd92092656f6f63031ca7a536f7c3b4f3ec6b587804f5f56ef2f01d257f0ca182d3a1c955ae83d3aa43026c4c9466fc170fd481e5db00b310c9693f66a829fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
27ab9f561627b5e0bca6a091f632b8ff

SHA1
94a785ca19f580f1ea08c423d1ad1026e6f0f8ee

SHA256
e027390bc6ac8c10d9b31cbffac9f2da51af42c9e2a9dcf787b3aa50ad82e745

SHA512
6bc3d1faf305dbb9c4b2d0c043bee3563783b35fc23a98f168ece8e0c160ff80873561c82d3072fcc005819fc81b1ef5fcc9ec0214b8b6f14d6bcbbfcdcf752e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
891463fb07058801223ab9a26cc19cab

SHA1
5f8e4c7c3907f138bf31b37f25baa342a092b0c6

SHA256
672cca6d352e3f560702bd8b558d402c786561d95acf8e77983979752a747d68

SHA512
8c20b77416a9dc40392238d432fcc4f9aa54f270bf01a2cdc9a7b1244b885f338b84b006b7ee433cca5599e0c52f75e10b030ab6f439a2b522b7a6ac2c0bbcf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe62176a.TMP

Filesize
392B

MD5
1561ae9f148326241c6dc48bef3d1300

SHA1
b7c99bd3a3c33171c632a2422bc28d826bf39df2

SHA256
574fa4732f9806668eb37cf006b1b132a061870102008c68c8926b6ec8e73a0a

SHA512
ddd7177f9468ef40adb29fc6191fdfd05a1008dbe823e45e2bd0f15b0f6013f2721c6f03e0cec19012208902281b0d1ae87fa26191e0a81998e4688315c76862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.57\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.25.1\typosquatting_list.pb

Filesize
628KB

MD5
c26015b2460d1acf6859aad730dc8f4a

SHA1
9c772753b62eaf995e39ea5ce1ef86454b58f169

SHA256
5d816db5713aa5d2fa0c1de5461729250439d7609d95bd65623c0ea62da192c7

SHA512
ef72f6e7a4ac1eab4c59ef0d90f884e29880a305ca262869b87a90462897d182a45b38fb074d704205a422cb886214c05aea6d0701715917b3092cb15559a6d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\27a8ca1b-da03-40f6-89f7-f9c1c6535b26.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
f89a0dd4ee4929eb62b12c3abed24775

SHA1
1eea9d8c1aa2d753ba7fd3fdbf06cd2df3e69ae6

SHA256
3163a399cd9c4930c1440dd87c314a2644c10b772a0172035c61da7570337f67

SHA512
2f130544997993d5269246a5f443649aaebc0ecdf727e469a394255858b265bcec6368caeed64f3b1355046f3e1fa996013c558c4c2f732d953317604ead7fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a9ef4ae-a183-45de-a844-19317f06cea8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir9920_1151896102\bc96c180-6aab-464e-95d0-1e126e8b25a3.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\EzExtractSetup (3).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\EzExtractSetup (4).exe:Zone.Identifier

Filesize
69B

MD5
07f75bc4ff67dbe45be965ef0669a745

SHA1
4f65240aff3692596b00a7db5b49214f23c44557

SHA256
2f62771ab82a305110db808fb1ba7db1fb07d5c765fb0dcf0f3e0b579a1c061e

SHA512
a6e0e40144b2bc47b02a1c3741f74cf19a77275502cb08dfcf2dee85dbc940dee563566e590d1145ac6f7d3dc26f915288ce298c98e1cc37a9d1d5138da334b7

Download Submit
C:\Users\Admin\Downloads\EzExtractSetup (4).exe:Zone.Identifier

Filesize
135B

MD5
a1709c108aec9408bd7a77a979c9ba30

SHA1
00082b9c6995508c5f153d725bf047295212b766

SHA256
c7d4668adce7a672962715eb0f4d72da4f4e6e655287c951192f4b6e1062e5a1

SHA512
ac93bbdb3f8e7e727046b24a576d6858919c4c54722461c32255f81070d0256776e2ae56ad732263a72eaa27a23e6b044cfd0130b19636b4c69884b4e04cab93

Download Submit
C:\Users\Admin\Downloads\EzExtractSetup.exe.crdownload

Filesize
4.4MB

MD5
7399ebe1e1b9c99f3cb4a2521d424384

SHA1
7a560782421feb72b1e84f162cf0abd0809fda28

SHA256
4704846c5605552a2573aeb62f176630fd2ba5498457420c3fb36a27cae6800f

SHA512
80b6b5b2a93656211073560e3eb93063edec44d54a4346b64cab5898162936d3109e7d213d73a93e50ce3a20d163ce6f8eb27e3f31e72bae6c684e528413981d

Download Submit
C:\Users\Admin\Downloads\Umbral.Stealer.zip.crdownload

Filesize
3.3MB

MD5
f355889db3ff6bae624f80f41a52e619

SHA1
47f7916272a81d313e70808270c3c351207b890f

SHA256
8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

SHA512
bff7636f6cc0fadfd6f027e2ebda9e80fd5c64d551b2c666929b2d990509af73b082d739f14bb1497be292eafe703ebd5d7188493e2cc34b73d249fe901820eb

Download Submit
C:\Users\Admin\Downloads\add (1).htm

Filesize
12KB

MD5
80e0148431f2aa659e94f6c7e303f6d2

SHA1
854ab5c4ff929a5c881aee688363cbb99575410d

SHA256
d2848a17d0c68f1a4d7033ab13735f71d3167589d6c0d0299a77563d927cca9c

SHA512
28c30781441d05779f4c177fe7d6ec87e64cb7f1570c27741525c8f37080a9e055a5c3a0dcb0cdb9b3355f1a672c73c697396e604f9ad607cd42503cd1ccf6a7

Download Submit
C:\Users\Admin\Downloads\add (1).htm:Zone.Identifier

Filesize
316B

MD5
d4cfaf4a22a8d6fbb91f09961d532d8b

SHA1
3a3e3e92cda9198c9e27004a922f8e41b8d961c0

SHA256
3b7e30d38c4b15dd1cf9864ae133b39c742451d98db50ba3526b274e533de020

SHA512
8877398919fd8eb78f6f7976a759eaf64f8cf9e269c3a75c000338302e79accae6a17d0e3e8cc660396d7bec342a16ac2a3051f8560b877e1b5fc0a8ed033619

Download Submit
C:\Users\Admin\Downloads\playit-windows-x86_64-signed.msi.crdownload

Filesize
2.4MB

MD5
9dc4f1f432d21a1b16b1ea956e976c49

SHA1
8dd8f2e19741ad3387110875969f89e8fdd7236c

SHA256
a69bc1b3ee708440bc5022a053b93f3622d22a677a472465d41b6240e5bccea3

SHA512
834808d6ef53dfd2f5c479abffb9fe3cdb6ec1bf8972bbd4bc855c6e097ba31955d6d9b38c71208d24b65ee1f73ce2a1a48246de3391c643d6987d9e75762b12

Download Submit
C:\Users\Admin\Downloads\tunnels (1).htm:Zone.Identifier

Filesize
298B

MD5
af91e234e18b807af77d48f63aa7d0aa

SHA1
b6c96951090f8e8e50abadddb339633c6b0d505f

SHA256
771d0fbfbef9fed01695a176e8adf7ee1f3b74e76f293c210faea3d994f7dbe1

SHA512
72fb982d8a676487c019f4bf3ce2536a8b1e16e5c972a4192dd3f62e8620c8a0d22137c017505b71d68591e113ed423439d6938c73bf8eb499b4029be9d74a72

Download Submit
C:\Users\Admin\Downloads\tunnels (2).htm.crdownload

Filesize
9KB

MD5
7dd97b0348888a00ec992a479c462842

SHA1
12ec644a2a23d71d387dd3f3b4b0ddc3d7fd7fd7

SHA256
f147a733439266ca123625ee9a542f8d6f367cb33b950faa9ee3cb4140b129cd

SHA512
8dd916515e5a05a9782c527b418969bfb482a8162d17d8ce09357946172888aeadee2e86e7d426ece6ef262cbbc4905842165c0472498e7fffda1f104994e8a6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1336908946\manifest.json

Filesize
145B

MD5
ba1024f290acf020c4a6130c00ed59e0

SHA1
01274f0befca8b6f4b5af1decc4ade0204761986

SHA256
551b8c76c19c654049d2d8043a79b8edb3c03e1b695cabf76b4076ed4921ae28

SHA512
e55b871dd3500f30d639089cc42a4edc3bd4d26d2c4fd151322a363fd8edec82d5345751953f9b581e40f22b6a8976faa0ea7ec9fd286f73f747120c87ea7157

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1431030728\manifest.json

Filesize
118B

MD5
3004ab7c9e3747e5109246e7f6b3859b

SHA1
ac4c574c03611b8bc675e878a1be8124bc32fb48

SHA256
1cb88f273e7906a853670161b6c75fabdd67f67c91b96a78171e2877b88eee96

SHA512
f81e8de5d3010bce31b311de7545353b72a9befd01249cca99e870f141090ba66913991c458f4b5cdfb80902fd116fecd54981cc0a0f4049102247c273f905e0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1748284533\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_1817331321\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_2090076470\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_621202130\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_770227093\manifest.json

Filesize
121B

MD5
7122b7d5c202d095d0f4b235e8a73ca5

SHA1
0cca47528a8b4fb3e3d9511d42f06dc8443317c2

SHA256
93b603f06d510b23b95b3cacd08c3f74c19dc1f36cd3848b56943f069c65e975

SHA512
ad6fba6e0710cc26149dcf7f63143891aad4ebba0cc45670d8885fade19dc1a50b542a15b10a7604b6b1be4b8e50fcd5514f40c59b83cc68bd10a15ab2a93c1a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_936571695\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2216_936571695\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
memory/2280-5807-0x000002786CD70000-0x000002786CD78000-memory.dmp

Filesize
32KB

Download
memory/2280-5809-0x000002786E4A0000-0x000002786E548000-memory.dmp

Filesize
672KB

Download
memory/2280-5810-0x000002786E340000-0x000002786E362000-memory.dmp

Filesize
136KB

Download
memory/2280-5811-0x000002786CDD0000-0x000002786CDE4000-memory.dmp

Filesize
80KB

Download
memory/2280-5806-0x000002786CD40000-0x000002786CD4A000-memory.dmp

Filesize
40KB

Download
memory/2280-5805-0x000002786AAD0000-0x000002786AAFC000-memory.dmp

Filesize
176KB

Download
memory/6020-4142-0x00000246F58D0000-0x00000246F58EA000-memory.dmp

Filesize
104KB

Download
memory/6020-4005-0x00000246EBD20000-0x00000246EBD42000-memory.dmp

Filesize
136KB

Download
memory/6020-4006-0x00000246EDC00000-0x00000246EDC20000-memory.dmp

Filesize
128KB

Download
memory/6020-4007-0x00000246EDC20000-0x00000246EDC40000-memory.dmp

Filesize
128KB

Download
memory/6020-4008-0x00000246EE480000-0x00000246EE4EE000-memory.dmp

Filesize
440KB

Download
memory/6020-4010-0x00000246EE4F0000-0x00000246EE54A000-memory.dmp

Filesize
360KB

Download
memory/6020-4009-0x00000246EC1C0000-0x00000246EC1CE000-memory.dmp

Filesize
56KB

Download
memory/6020-4011-0x00000246EC1E0000-0x00000246EC1F0000-memory.dmp

Filesize
64KB

Download
memory/6020-4012-0x00000246EDC60000-0x00000246EDC7E000-memory.dmp

Filesize
120KB

Download
memory/6020-4013-0x00000246EE6D0000-0x00000246EE81A000-memory.dmp

Filesize
1.3MB

Download
memory/6020-4014-0x00000246EE820000-0x00000246EE936000-memory.dmp

Filesize
1.1MB

Download
memory/6020-4015-0x00000246EDC80000-0x00000246EDCB0000-memory.dmp

Filesize
192KB

Download
memory/6020-4139-0x00000246F5800000-0x00000246F585E000-memory.dmp

Filesize
376KB

Download
memory/6020-4141-0x00000246F57D0000-0x00000246F57EA000-memory.dmp

Filesize
104KB

Download
memory/6020-4140-0x00000246F36B0000-0x00000246F36BE000-memory.dmp

Filesize
56KB

Download
memory/8508-5795-0x00000160EF5B0000-0x00000160F0498000-memory.dmp

Filesize
14.9MB

Download
memory/8508-5813-0x00000160F3E60000-0x00000160F4054000-memory.dmp

Filesize
2.0MB

Download