hxxp://time[.]is

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://time.is

Score

6^/10

discovery motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
758	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	5844	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_661404288\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1260899067\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1593856349\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1593856349\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1260899067\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_661404288\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1260899067\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1273725969\_locales\ru\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875206789436565"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{B566AF9F-9E46-4036-9730-556EFBFDEF4D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3356	msedge.exe
3356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe
5308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5308 wrote to memory of 5452	5308	msedge.exe	86
PID 5308 wrote to memory of 5452	5308	msedge.exe	86
PID 5308 wrote to memory of 5844	5308	msedge.exe	87
PID 5308 wrote to memory of 5844	5308	msedge.exe	87
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 4980	5308	msedge.exe	88
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89
PID 5308 wrote to memory of 3064	5308	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://time.is
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x290,0x7ff9e18bf208,0x7ff9e18bf214,0x7ff9e18bf220
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1768,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1388,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4988,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4460,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3584,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4928,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6252,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=6116,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6392,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6532,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6760,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6932,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=7108,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7256,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7408,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7436,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7720,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7856,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=7864 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7996,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8004 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=8204,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7264,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8528 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8644,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=8816,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8824 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=9000,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8976 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=9140,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=9256,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=9212 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=9372,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=9388 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=9588,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=9260 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=9640,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:6364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=9404,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=9896 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=10044,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10020 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=10180,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10176 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=10380,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10348 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=10232,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10532 /prefetch:1
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=10652,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10628 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10772,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10540 /prefetch:8
  2⤵
  PID:7012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=10776,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10392 /prefetch:1
  2⤵
  PID:7164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=11124,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=11252 /prefetch:1
  2⤵
  PID:6788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=11080,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=11388 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=11028 /prefetch:8
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10580,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:6676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10608 /prefetch:8
  2⤵
  PID:6696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=5296,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=5344,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=10364,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=10368 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=11084,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=11352 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5284,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=776 /prefetch:8
  2⤵
  PID:7008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --always-read-main-dll --field-trial-handle=11380,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=11416 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5636,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=8180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5228,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --always-read-main-dll --field-trial-handle=10576,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --always-read-main-dll --field-trial-handle=10208,i,1633108234352633914,5347790922360164071,262144 --variations-seed-version --mojo-platform-channel-handle=11120 /prefetch:1
  2⤵
  PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc 0x4fc
1⤵
PID:7092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1260899067\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1593856349\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5308_1593856349\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5308_661404288\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b0

Filesize
20KB

MD5
f69cefb34e81abe998b7b4c0cc0cdbf0

SHA1
b4d4d39233a096793eddabac7b913373160ea7a1

SHA256
a8787de8a8d93bb7a6d9aa55572db8d806693978d0365240507ba62905657174

SHA512
6c8ceebb276bfe4ab080eb03bc8f497c72b7ce7fdd70d3d1689c60eb3dc091ff4af97fb21ae4dc9b6589c21638ef27c7194ee52780da6690c04baaa4c12fc4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000bc

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ce

Filesize
36KB

MD5
34db3aa27a7ebc99500c3dad294e0367

SHA1
1deedf85cd58d1cbc83ba6dd985c764169ad3d02

SHA256
c5f1654c076c6c3142872cf17ca98a2e99acbe74f1a96b4722da3190c3e27b7b

SHA512
c7bb3bf68c7105f9ae956fc307f18e391dd683cb9a1798b246990b93046bf3bf40b1e62120fea1ae20fab583acaad5fee9d15d25cfc08ebc122a2cb5f631dd3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
5735313eebbec34e2a6bedee41ce1891

SHA1
0dcfd6cb40443e92129472f7c3998b9a5a5a0cd5

SHA256
b29c1cf82d43fe2f06b6f964ae3a445bf38e949d3356d8bc3b3c2d54b8e0564c

SHA512
fc52bf57bb7bdf96168ab02cdabf96aae3ff6aa96fa42ed1791876a0f8c3bd5297c1a444f8414052556b2618e0ee6844fe6f10734783e5bd527dfbd6e7a9b71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
260b9d63e7ab7ceb21a3b7c9bff336cf

SHA1
1adfe6985d7eb779534458f077c894a132f308cc

SHA256
556689a395e07462f2282701f6cfd780cae9915f43805df5d12970ad0f1cee33

SHA512
31055ffaf6b8be6acebba8371cf5a6d84d435f766ee3ac8ff88c632236da77affdddcb181ef6523b55b92dd5dbbf8d9b89807be8880756135273f6fe57ab3966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
e172ec13847210ee9adc66b7cb7d4b46

SHA1
454c91beee09583b27329a9abdb645033fa53b01

SHA256
fdb3ab2614406e8aeaf4411aff98b3505fc28e7ede22a810c00254b1c750bee8

SHA512
ab42ca5901acb6675976c0f5a4ea416b73134586404c304885cd50bd36ffe31bea3b1f571e08d585fc35db527d1292ebe9b45be850d1fcc3261b3c936fae0778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
23baccf1bbc4fc308e3781ad9bcfff07

SHA1
524890af9842d9f1b694181cfbf9ada2d4aaaf43

SHA256
b8144b064262c920356b88c42e54f56cdb1af080d24bcda05466793ac9d1ac26

SHA512
5097adf6a211431a912b41527e32448feb38b68a00d331733b8cae146b1b894f68debe1a0c5c4e9daf3bdd421d664db7886cad72d413ebaa195f30e1c84039fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe585a60.TMP

Filesize
3KB

MD5
ff41c591f3c8b8cb029da8b634f3d25f

SHA1
136f61772635b31bf451ffdc2f63b095cb67704d

SHA256
7294ec0be468d60e276f810910be677af35e33140879613d203983b51ff3aa4e

SHA512
3c1f43463b281c25edfe98437a17edd6de7720aca3021f57e6dbe852cffec0d05b840b74600a2c96c4c8893e59b7f6b85e0d13e0aaff87e4f425a6e61a872212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_time.is_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\3bf94913-1d8a-4b70-a89f-ebcd5967a4c4.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
34KB

MD5
30620718dd60d313c6c7cec9a523b112

SHA1
911225041fd69f43d2084d04a53a9b51d464ff68

SHA256
bd8f3ce06287666e748d2ed6c8335eecf7799386007ca076fce258489b5a3325

SHA512
1a29f29d7b118cb203878db83449e3907b5668c998f68a21bc3bdc825ef9a956f487779fd1db0332b435e1acccbeb6fa948c298b6f67d0ca5d05d29b4496032f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\f9a353d9-17c0-42f5-984e-d6662123d5d6.tmp

Filesize
37KB

MD5
5a0d48c122d71470450a93560e974d9d

SHA1
66d8ebcbb8e9c82e6802994ae72ceff4e22eab74

SHA256
dcc99f65ad538a72c7dbb599dccc6c1b775cf90cd663e47d0cfbc590848ef883

SHA512
e61fe9e69fdd03e8ed3acf30e415d1f884fb6cb8034d5eb2bd9926061dc397a199e8374a20d74e1c2c4da00325a498f15ef5cf491dda33a58dd584912a5be7f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
de768afb21cf328253468863926652f2

SHA1
5ce340f897b3cf321acb5f5b4d4464c529310862

SHA256
119b60f37b868969240b856869986eefe7d37bde6969baf6c5f6b262a02a775f

SHA512
1b0b5740dd23007ffb3e17ce0685e68084c9d4a225c547b9e3e3b0e5fbcb71922a3eb65e4ac20a624bd97c528e9e6fb70c2e8cbe8a0b93cdde174eb19908b012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
68d3c4281c2de8f3018e31a08bf051ac

SHA1
d6bf9920ea2458762eaf341b8d8d7835a2966b80

SHA256
2ab8c6384a7c71f63adf697dc185f1cc0abaa4f2adb2d6d07d332c7f416050e5

SHA512
5062f4c8d70966355b93e3629294fc3e0833d2f87544ab539ae7ccaaeb9843f1c99e62fce6fb97aa1bf99e6e151fdd1a3056474a5527e2f0f070eb08582c0374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
459fd226c3343f5bdc6cc7e6a31965e0

SHA1
1f1ed6525b2487d34168d1f14979af2bcdd0bd18

SHA256
901c2612f1b3f1af5b7e4572c12632d9cb60c3a66c740ff229030896ffa7e4df

SHA512
3359c8b74802aaff399a069a52a601605caacc483e5d97110f9fec60e2f253d93190f0eb48000c1ebc122142a71b5b82d2b463857799fc7da57d170b3be059cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9843067252b85b078c634dfeddae518b

SHA1
52ba46981d37349bef99a7bfb0fe184f535fcd5d

SHA256
cec35336599afbb4268cb6c3fe088a72793da04675d3a5348c0b2bfcf2bca7c5

SHA512
6bd4879952d0d786e723574ca07d9959f2c4571afc467d58c46df189ec7510abeaf13040dadd0cf166421998bc69f796bd37b28be38e961bd26c84b8fbb79daa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
8d5bab288a413ac7ad85018f4fc7fd16

SHA1
f423d6455198c68a758cbd11b4d4b855d82a8e33

SHA256
b8d860dfb572789d1ba00aa03c70334ccbc9a52377aeb499db167eddee41540a

SHA512
68c4ff2eeccfe714c8eb7965421d4755eba3ff2e935f152f203e72511c28042b29b800597427a4d04b1554762d7f9036354692423d4efd0f5ebd48ed541ff405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
407ddda8343be293dd695f789b8dfe61

SHA1
b6525137959666de19a5fbf1f73758a71e40e767

SHA256
29573d176ff65f5fd3913c1eb947cd5da7779f1b6616fa4a0cebc2db471a4bf1

SHA512
3cbb2d45ca069ae49a09e1d3d1dc8b137bbacaf180401529e68fd9923e5d8d718d9a44c2f0f5f551b15893aa9b941e486702b38b46e7c5cd614c9ef246542bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
b5c4c1e0c98dfffc5226387db2764796

SHA1
989c833d74f7e294d948135ca2de096eb7e817fb

SHA256
0c28227845b7f123dbb9e3641296710fd7f7ed23b3d83c9f163fbd34bce793c5

SHA512
44cc74c74f3e23ff4df5a2bce5af294dc9355efccae446d853f60a90282caed7260329cd9e343d5501dc2a6ff5cae3c4d1cbcc0b13eea62f65917e9fb9a60b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
ec408445c4cb0ac77d7b05ace99fc3a6

SHA1
326a6b64cc6592aaec3d909fd36618eb345c1bb5

SHA256
6ad56810a7c2568c6367b08538d82ff55467882a0ab0d889be7f29420538cda3

SHA512
6653e4519a2290252c2f755286687e4ed5b3c70d95fd983e4c6d358800f7e222a8c5f69539a683e14249e9ddf3188778adb895987fbbf2453f743b8d53631568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
da480fcd90655c4ffd7b4fac5d122514

SHA1
94d8d90a7d055ff9b7aebed970aa64e3a83bc1e2

SHA256
5b461316ec661a336e06bb240c2af93bf7e66bb95a6b2185ae08a1eb2f6c39a5

SHA512
7bff7e8742dcd3481da5d92a26457c0f97ac48bc2699925c01b7434441fd8a5a231b76c2e0b30bbfdf4d4265fa52cf75cd7cfea9b3625fde91a552bdd09f3374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
4ec30d8a00fc201d8b08d58793ae95d0

SHA1
c91c9304c7c5b361086480ca99491a288086afa4

SHA256
30ace40b96c04d52c2c894d5cae040a25de0db1fd39e09b8b22131466395e54d

SHA512
bc721c890d185a4baad2f7c01541f4d46ed690500f34f49970f19f3fa3ee015ce62c5fcf52d9778adb190536bbae151402ea73de7d1c265e5425dce7099b5bdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
c272fea9cee9348db035e7e3c6737781

SHA1
8986907f75758becb5d93a303359e0aaaae1974a

SHA256
636bbca55c58dd8dc3f506b0c3f0381b080f32958ee9b098804c6fe4d8b5e896

SHA512
a5b23d11fa119abc195a7c31674a9309bdca23685353ac347f77a443d7fa66bdb81f0f551b134c33962e9d2573bb6a1550b1487c4a2746ceb39d86e349f26a95

Download Submit