3b38d73c2ce641b343e5059647909602bfaa9ecacb2e686e6ce652a56e44eb32

Analysis

max time kernel
149s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

REPO-AnkerGames/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
122	discord.com
71	discord.com
72	discord.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_509087230\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_509087230\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_45699838\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_513471907\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_45699838\manifest.fingerprint	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_2220_1632965229\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_509087230\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_45699838\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1669030791\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_513471907\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1513728671\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1669030791\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_513471907\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1513728671\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_509087230\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2220_510496066\_locales\am\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	msedge.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133886696633423003"	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{CDBAB119-D5D4-46A9-A5C2-F176AB8506CB}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{09102E17-57A2-4E38-B783-2D5A0D7384C8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4156	msedge.exe
4156	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4772	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 2908	4964	rundll32.exe	90
PID 4964 wrote to memory of 2908	4964	rundll32.exe	90
PID 2908 wrote to memory of 2220	2908	msedge.exe	92
PID 2908 wrote to memory of 2220	2908	msedge.exe	92
PID 2220 wrote to memory of 3480	2220	msedge.exe	93
PID 2220 wrote to memory of 3480	2220	msedge.exe	93
PID 2220 wrote to memory of 752	2220	msedge.exe	94
PID 2220 wrote to memory of 752	2220	msedge.exe	94
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 5028	2220	msedge.exe	95
PID 2220 wrote to memory of 2336	2220	msedge.exe	96
PID 2220 wrote to memory of 2336	2220	msedge.exe	96
PID 2220 wrote to memory of 2336	2220	msedge.exe	96
PID 2220 wrote to memory of 2336	2220	msedge.exe	96
PID 2220 wrote to memory of 2336	2220	msedge.exe	96

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\REPO-AnkerGames\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/
    3⤵
    - Drops file in Program Files directory
    - Checks SCSI registry key(s)
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x2a0,0x7ffc73a4f208,0x7ffc73a4f214,0x7ffc73a4f220
      4⤵
      PID:3480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=2068 /prefetch:3
      4⤵
      PID:752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2032,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:2
      4⤵
      PID:5028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3508,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
      4⤵
      PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3512,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
      4⤵
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4972,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:4024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5456,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:1
      4⤵
      PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5716,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1
      4⤵
      PID:3660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4864,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:1
      4⤵
      PID:4936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5040,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:8
      4⤵
      PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4920,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
      4⤵
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5288,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:8
      4⤵
      PID:3988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=560,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6336 /prefetch:8
      4⤵
      PID:5592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6324,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8
      4⤵
      PID:4340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6316,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:8
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2164,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:8
      4⤵
      PID:5728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1752,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:8
      4⤵
      PID:2244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6356,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6452 /prefetch:8
      4⤵
      PID:4792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6896,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6908 /prefetch:8
      4⤵
      PID:5660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7368,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6956 /prefetch:8
      4⤵
      PID:1992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7368,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6956 /prefetch:8
      4⤵
      PID:2268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7620,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:8
      4⤵
      PID:764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7616,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6972 /prefetch:8
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6312,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:1
      4⤵
      PID:3256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=4848,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:1
      4⤵
      PID:5336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
      4⤵
      PID:4632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7728,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=7736 /prefetch:1
      4⤵
      PID:4172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=3824,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:1
      4⤵
      PID:5932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=5904,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=7980 /prefetch:1
      4⤵
      PID:4976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7856,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=7784 /prefetch:1
      4⤵
      PID:4420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7568,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=7948 /prefetch:1
      4⤵
      PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7972,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:1
      4⤵
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=8188,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=8160 /prefetch:1
      4⤵
      PID:3700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=4008,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=8340 /prefetch:1
      4⤵
      PID:5888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6000,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
      4⤵
      PID:660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7564,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=8216 /prefetch:1
      4⤵
      PID:4944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --always-read-main-dll --field-trial-handle=8548,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:1
      4⤵
      PID:4576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=8576,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:1
      4⤵
      PID:5832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=8620,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=5976 /prefetch:1
      4⤵
      PID:4516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8288,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=7052 /prefetch:8
      4⤵
      PID:5848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6888,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=6576,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:1
      4⤵
      PID:2348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8920,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=8924 /prefetch:8
      4⤵
      PID:1776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=8228,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:1
      4⤵
      PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=8264,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1
      4⤵
      PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=9076,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9104 /prefetch:1
      4⤵
      PID:4264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --always-read-main-dll --field-trial-handle=8292,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9380 /prefetch:1
      4⤵
      PID:4668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9416,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9424 /prefetch:8
      4⤵
      Modifies registry class
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7088,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=8744 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --always-read-main-dll --field-trial-handle=9236,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9388 /prefetch:1
      4⤵
      PID:3832
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --always-read-main-dll --field-trial-handle=9612,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9608 /prefetch:1
      4⤵
      PID:4252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=9748,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9768 /prefetch:8
      4⤵
      PID:624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --always-read-main-dll --field-trial-handle=5396,i,14446027821128981311,13142496600501455294,262144 --variations-seed-version --mojo-platform-channel-handle=9756 /prefetch:1
      4⤵
      PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x3cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4772

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2840

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1513728671\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_1669030791\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_45699838\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_509087230\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_513471907\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2220_513471907\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000105

Filesize
259KB

MD5
50ec8044c3a213003ff1d54ed02990f9

SHA1
0798a64cf68df54f9ab077527f2409faa1a92979

SHA256
3b6a95163a340c265efe0db8809faa3d18e8a2c5934c5df92b9e8a28d417444f

SHA512
2d305ae910e4e722c2bc3f1b2d7248809276ca52de8647f5965e051e992fec53c070bcc5c90a8585433031e40688712c92d1cd8af148c9da578f7162302a677a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000168

Filesize
140KB

MD5
ca07710f50248a335e886ad9cbfdf514

SHA1
5d579dbefc7a1e55cf3473a2c3764c15b81611af

SHA256
9134e1af040c89da3dd4af75eb9d4acdc1c14a80efb850b5748d902d3ef53606

SHA512
b60a56b0ab00289e5e4f77a8408f7241257f22922447baf3d46af3ce3b07702079351d0f39ba6dc09469f4c0d5ce70d378555d599e1ceb6e09eb393edd0ae426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000186

Filesize
18KB

MD5
44c847f418701f2e4f9e66af219257d9

SHA1
8dd1f81553a9ae80c4671188ebc3cb6097d4d776

SHA256
130828dc2d3d11c2b4ad0c998dde0b660671963aaf610a2ad366e999ddfd2b5a

SHA512
3228fe63b4f895b80c5cb4f1099a71d2b6beac244ce6ab750b0a889e5983fe26366c3d78e4f3852e072f9c7ff4d2a3201c5490effc86649f2df348b827166944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
11b299d7c3be64bebad032716aec4174

SHA1
b976ee25c8db91cd20161468250f89f70eaf4d02

SHA256
530d128e8c02dc7dd4fdad5d4d8d3cd50282e59770ed8a0b8d32ce8389ec00e6

SHA512
6f542d99f76ca08548852c424e369a9bceb1017489635350c18671ad6149bb2fd9487537cd8e4b5b37526488278dcbce950ec47af3ff7ed528342f493f7aec2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587bd2.TMP

Filesize
3KB

MD5
0eccf826245361c2dc45922e211aaf07

SHA1
e100e559aac1db071c45ad1b6ac3610ee02d9052

SHA256
20c1c1a96d434dca3377928b5593bca3e72ec479220ee0eac81f9633e6ca0357

SHA512
15ff97ba2f6d1666d9ae7ac4a50a36e53753bf9d2567f8a4cc45c88be82c3c6c50cbf33b73bdb86a071a8798a7e537ada3fe6aa83348471f688e12a823646d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
25KB

MD5
c2b2b69bc38bb1e21f14e8867c4061c9

SHA1
0ee34859075bc5617560c0f58ffa4eba0492caf0

SHA256
d715d7547f0d98b0cf94834358cf3e693549456e2feb8c95bcfc3560881ebeaf

SHA512
f4b4c74038fe1f53de304e86e81a7e5cb38030d0aed1a3b6df15d9fe3e30f019b26222a802c09a3142b6e17c1a98098a1699294379a0d125c001df7f3cd8c29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
5a987746d89700788397046fab4edc14

SHA1
fdabdbd4e23e51c4c26584ac6abb3cf991cd852b

SHA256
5a3c60c7e43e4826686bacd5043f190b07f844b13eeb004048201c1d1c15b225

SHA512
9ca174cf1dd35ed82a52dd61651e6a5d7bb276bc6543193a9c86203d424ad6415cac198221895fbeebaa017a63783773f38cccb2bc65781c90ad218f99662c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5e42cfe69417a167f64020977878263f

SHA1
2f47f1534db61617894874d678a00a98a849a463

SHA256
5f007eb1fac567b1263b4607163ab5ca3c6d733a974533cb2b8ab00a813475c3

SHA512
7e0ddad57079cd6c6c32c6f831c2a0036ca381072215e48865bc4f73428eebecef10ee7fc65d817667271812b78392785c6d8ca23ff6672a45d2d8fb11ea16c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
df2939d8259e63141d5c287e101ca7d0

SHA1
ecd32ede1a6fb04d4711a8fb5ce38b0d9cd178bd

SHA256
81124ffd5307adb77f3377d7b9223ca5f1e6f5ff7fdeda3c6d650adf4d7287b8

SHA512
608dc63bb39538282989599c3485b131201b9559054b93a8f6066732f3aad67730b51df163b9df106f7d2950a1ff9295c5a85b7c2a8209f7ee6a0cd19ea656ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
84b22f0617a647eea330be50c64aa558

SHA1
cf35064381b821e9e1e3417e4b3d86c4be47db74

SHA256
b0c5c51fdd112c340d0a5e761604f7cf1eb235ee6eea2b40f25e40d6d3114271

SHA512
2526383d555a0f0eadae768e01e434c4ce3020d7735ff2ee517b94f401b13edd5bf425c8452898c7d9371524eb84baada627f19f7091b3f7ac68ff127fd90474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
79e6f2ccc55e5f72e31ffd88aa944d1f

SHA1
2d892e75bd9adab21d2b48c082ed10cdd8062bdf

SHA256
9d21c72cf83562ba9b702ad87644848e9108e4a4a5981f75b210b3aa213212b9

SHA512
79fc9c5949484b44a5d1c4f18f95fc8817d1339907e9b2c4e8d9d8ed449a2cf643b1210e9bc2c1b61e54c991ba43510d938f631b17c80e3a7e9d08a49a99e953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
7f10fedeb5e44f6c56eae02747acb800

SHA1
35cf5c6e70a355a9d94ac7cce241d566fa5139e8

SHA256
bb35c97bf91ef8378a1df3522e9ebc6d000d3255b8f9c722fd5d108e6d8f67d2

SHA512
bc4f6271d6db9a10fdd711d0c2dbcc6fc5538c83355d77b950c09957531ad4fc1fae5e46264e8546bedc015cfb2f41f10e6449df8444a6886170e04e7665c3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
fbc72c522aa40ba264a24dccf9722718

SHA1
2ec1ab8369d024223fe81c85a151c20d6a8cc94b

SHA256
51477f4536e3882a1e6b0db94bd7bc7c88ad93efbd245b8d5013388b14bfad61

SHA512
f9b7bb77f4692d3c0636c05472c66d0be0b2c491ddae1e66311eb2992cc6335ed3d49890344274aaf778736809bdd801101dff913012a2a925d63a3e9b2d89c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
1eb35b1d9062c38cc5d3d722fbfadcee

SHA1
45a0eff2726696c45691b20a2d0a96a50d054809

SHA256
2f3cd4f856a7dbe690b8c957a006fcb3ad22a914a1b9dc72cb7cfeb0a6bbfc76

SHA512
4c2fca9fbc1d50f9dd48ff593cb68a0bf1ee3cbb355a2787673e822c207e9c0ec6555f7a13ef297f9bd05929e096dae1f9c87fd68fa9a2e06e9c418aba4c01b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\fa813c9ad67834ac_0

Filesize
11KB

MD5
25a68f34af63cda8709cdde586bab373

SHA1
c2b059440770700f5aa50ec6034c956307140bee

SHA256
a0e2c01875c2a963393e00b3f5b5548e7964e2f8bd04ce6a88a181ddc6bae400

SHA512
a43082ace13ea3378f81f2ef9171656dc55991068e960b805098cca618eeacfe90e107ab1e31314620baadb0fafddd75683cce6a4bb7213c50947fe19d186557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
192B

MD5
b5e137fd76500cc8f38b2f1ba33ad821

SHA1
567d528ea0390762708009fc883d46084bb51186

SHA256
0b864c8f7cfb03cb411b020266fbc52f867c9548a810aa794c33445fd4fb58da

SHA512
fb170b7bf03aeaba42f678d329e5b41c50d96374af2af04d157367d72d8065dff7b25e6a5398dba4d3f8772a973203dc60023e9f3eebaa54afe75c0c4ac522c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
4e0ee39c87dcbb26c426bf19d86eac0f

SHA1
f668b09d568f029c68b499dbdde1a7007cc6393c

SHA256
fdd7281a4c810c6b8a02514eb6911076e2487ab57de8a4fe5957fec69308ac8b

SHA512
00bd8f85f7b20eff4cf452bf8c19829fed948cb759ab8bcc4c3c0f748bdd1cbbe2f72168a3d28f0c608635a84f01a53a0b43c8bf8ec96f4f6f62deb1e6cc59d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7ec01df039c4196eaeb937a29061c4bc

SHA1
bde9471b8a0596343a24ad51b3611273ba52ba7a

SHA256
b56c64eb56f52f9c9936f4153a390dc05147f191c124113144ce6f8617c552dd

SHA512
200a13bfa0f47443f37b22124a468c87fab316ea955c82b8c3afc5aba4fe992fbf91aee1230531410787bfa805c0df7d9b3b334acd43ee27a2eda0b383e63ffa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fb62.TMP

Filesize
72B

MD5
ffb0e101b622024453b8c4bc53d27cd0

SHA1
dc1c8bd76b81ab27c09251b1cedca06f3b9fdd90

SHA256
fd02512092f4265d30f0b0f79996d3ace920107a954ef2d18296e242cc18d4a1

SHA512
abe60a7014f2d2719905505443341a3bac732ab2f7517b875ee52caaefc0d151aaab3f46d0804a199208707342c4d0cddcba17d4df0e7ec4e5508647e479e23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
1cd400f674b242a41fa2a9e02295a32d

SHA1
35db18dc903dde8f033c2781b6bc268988cd4c9c

SHA256
e74f1ba3cfa11037afeb6b881458d885045026137717bc272f7a07fb196783ee

SHA512
b48fa20b99a7ef4e98984adfbffa1b5ff707f36e8d0448c723b510f7edeab7b21a5fe54a7bca597801d96d51dfde7390a17fe869b43b754fe6a38e08f4464e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
97B

MD5
2c94230706364190c67d2b9d5bc5a94b

SHA1
41bf2e4ef3c7d491809423c416c7c7306579bafd

SHA256
d424a8512153251659b2a24cdcf60cc669c257a9cb9fa6772d7cb1be679bdfa9

SHA512
becec1eec48d192cd815103e060a64878bc1cdc09a617515d6ce81a67e43e36940e2a4bf680a76485ff8fd0416c969f3a2468205001c6d5f3c7abb9b7ccca3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe58cdda.TMP

Filesize
161B

MD5
ffb84ced868117305ce96cffc7a7020a

SHA1
035808929d6a5519f943c2e7b6901895cd923da1

SHA256
18423a164e1a36633dd03f9c3233dd64833176fb36a1e5fa59f2cd59b1517a0c

SHA512
8a954547959accb3ed5e406bd874aac6d77fe56c418abab5668f68aec8c1daabc857bddc2bc55be0bf911321bf8c05deb85b46e10b03212d429bd2788cefd29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\df50d290-7dde-4df1-bfc1-35241df4edf4.tmp

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
f4109bf82b13c420a41299e7a1798412

SHA1
3657ab767df97c052594c3a4f3b731177de5653b

SHA256
25e627f3366191790a8aa86e20603c2c737ed5630dbabbd85bdbafc7a5a7e9a6

SHA512
7f4caf23ca317a89f82987ff935b1bed044635791017d269bcadd807b7d929e9a3c57f73702445735afe8691973a4be42d185f351de7766429bf8b1d9d42866b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
ad26e119654ed45935846a27f74423d2

SHA1
ac869680a5b579a51ad4bced1df612523bd81edf

SHA256
97e1cd3f05bf08d0c1c6b518932ba0999aede3a6b162a765cd0fea83d30b3ea9

SHA512
11b3db8a7980d95b41a476e10bcf7ccd1754cf225b2ba96673d0218cd8d7fcc15bf3d7440328b6b2590c53a9a638a2d8529be5176de8c4f42c2035452849d6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
1402de52c989c028239357f719ae13e0

SHA1
bbe1416df117042f1ad79c4daddaebb33f834caa

SHA256
5da5cbb901aa4eb32bfa67bd2c699e3dd5181246116b00dfa0dbd8697b0d123d

SHA512
9ba323346588b8109a738598fb398b58004b6711b9627280e3cf8df45edb233083ad6e0247607575c487b14881dd8378affa4892ddfa069a05bc3d4098661045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
19b333d28185b202a1dc903208ee300e

SHA1
f86316482dd4d5aacdc4f1deb8b45a43e4be6b25

SHA256
ed584b6bf4c577444e46b69f2ea5dd57c6e1ffa6ea16ba5a314e87888d517224

SHA512
7440c510fd331bc05a6b8ce6a7b1db564df4790cc5a86451244bf966c5277400f0ea2bc5cb7fa43e4caa4714ca1b501e42f14c5b770d2a7dda49cd4add6fb0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a2a264afb64a2e01ae6bf2e8416e73f0

SHA1
eee8783b59e1c53311ef56190c02d6c064d8a3d6

SHA256
0ae402808be912593c344147c8cc274215b7b72e343c656e08144d13ebda9578

SHA512
132357d4caef732e61fa499e4a0e125dbd0d6c2596b53e11cffa475579a4364e8e35c0a5b849ad338bfa68fce2d7f5fc313c7157c6b2a523bc4e7773fbcf4c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
d6378da06dc4300f84d72af536a9557f

SHA1
a2b5911c94a811477c7cb454cacf0eba705da4f1

SHA256
54b8d2ac8762edbafc2c850cce5ae888e742223bf1e27449e74f332baad93610

SHA512
6156db4cd9fb40d9cd3973d66f6ac9263108d2dfe3e09433b38a7942501f53f2965857d35b7992869ad80caca68aa9b11d1a89c3f9a5767eb99f115b871e6f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
3724dbd8a839fb633ed1081ec2cda281

SHA1
1ca54f80e1cc53df1ee374cee3493ae4615c0fe4

SHA256
ed64b48a783fd2555471eff724ce2d5f93cad8dc5ab56f63699f4a76742a3af8

SHA512
c1bc9c5fc31b12f74d4b4d74ebb0b60a78c4c9ca929f034132d54e4b3c2b1ba8979b541ce6ee61e362ae22292b6e3c8f93a67bd9881f2046381651674fd3e2ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
0be415ad060f08df76e0a82befe5e139

SHA1
0a09584d5168e12bee05c93ea1acb62263b12f79

SHA256
4c1941fada80aed2a98cb4bd67b604b436605f71780873512d1d3e5298ca850c

SHA512
808b0ea7cd0629fc6a5b5847518f6aa15ce04e84c5a5d38214a4d7b172e05222bc6150b98ce226f7b934a3fa988bb5c309d5dc040c4c66d5b41d89a465fcdd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
34a7a95f2af24d6f2863ce73a42a7ed2

SHA1
296c5ab852d4687620ccb88af987800f786e27de

SHA256
e3bd8472e4cf6cf3c67a94a7f4998f9f119fa8d45048233a52e1979b0f40197b

SHA512
1347cd73e9ba4002125ca11a8650d940b51de469b279faa139cbe0625573f1279913f1d0a62821b83ea9c512b4c6c5ef6868d913690194361a02f7f465914f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
4ccacfa1ebc8478d03c1af3af13b6fc7

SHA1
8ac02678dda7974200408602511342145fecab01

SHA256
46eeff3b3cd7cb8601d616c09903c330de8d6c0d220f7d475e9bc79d7585dc35

SHA512
0edcf703f2b2737fd5873788ff03f1e24bb78c5807867459fbb5b326bbf27c76024e196737f7aa54a4cb85e13391860bc6e80db03cd36824ed35c0dfc2e61cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
913bcb6ded644cd161dc5c0e60a7aa0e

SHA1
ee83d000da12b401e037fa38e4251b53cffb9b23

SHA256
1541eda5ff44855b1e786af9d0210ec8fb872a6f8b81f32f309c178481b3ea74

SHA512
c884f3b3c212c5c60b8da77ac81cb445132087a10ad7da0b919883111a87b55a6980f2e557ad45253bbbf82f773784b3093aedb8ecc2fd0e51c5bb18331606b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58cdda.TMP

Filesize
392B

MD5
24c8f32d2a00e9ca22f4e891df341062

SHA1
0b706bf1c44f9d5c3bdea1814e2ccacae58b547f

SHA256
d8dd6275baf1e84a292ce9ce6a3fe56ffa1719035dc5f9660833f54e682ef861

SHA512
8a233c52341bf151875b540f1f4bbbe67ec3e1e8211768642b1ddf821b26ef34e6097d496e712c8de1b79a80579190a5f760262434fd5ab5d290bdef2122977e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.21\deny_etld1_domains.list

Filesize
6KB

MD5
93c7fc76f7223d043593c999de1c0bea

SHA1
dd7c906c629466fe53a29d3945e31801065b5b1a

SHA256
0db8861eb771d2662ecabd8c7125c5453d6f3d976c14401ecb252e1f85b018d6

SHA512
55c752b20ebf883adaf0bf696fbe7c3f94b06d5bff907b39e9f43358ee7a58336024145b77ba315393609853c54a701ec25592ffc32b9ed3e2ce4857a4186c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.21\deny_full_domains.list

Filesize
9KB

MD5
a3b6c4249c181157cf292b749209fb49

SHA1
f3704c2d69b8f1c7738104f2d9fadf5ae644702b

SHA256
2edfd6823e18cb7a1e9e6abf571ef33c5be863cb5ea891ffa3df9a06fd0bfe98

SHA512
113df193b92ac3312b4e983434d0fb61fde5f3675ea00687ab6f9c53f17635bc5dba2970a5af6dc176618d962f982ab514b82d9ffbf894e315a31797887d35f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a49dbc8dc9f1246d3379b84aa92a3cf5

SHA1
2f42218a08b51c4220703f3844fe037f32818309

SHA256
93019a805752e549155650d6686bd76dd668e02a869fb9c16049fcc7e7471e90

SHA512
1825313e20c4aecffa7a1902760535bf42dddd2102f250b893ab2d3692f5b02afc97238526b3ad044151b32c6e5be73118d958e50b80ccecbb3d1f8fca53f7a7

Download Submit