hxxps://learn[.]microsoft[.]com/en-us/windows/win32/inputdev/virtual-key-codes

max time kernel
140s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2025, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://learn.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes

Score

8^/10

discovery motw phishing

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
260	2188	chrome.exe

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
497	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	2188	chrome.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875577092329078"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{1FC090D0-6CF2-4297-AEBB-AD85151119FB}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{D1631AFE-0713-425E-A258-68709A5267B9}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{77B76517-87CE-4B2A-BEBB-2AF93F73DB21}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1984	chrome.exe
1984	chrome.exe
3984	msedge.exe
3984	msedge.exe
1984	chrome.exe
1984	chrome.exe
7096	msedge.exe
7096	msedge.exe
5064	chrome.exe
5064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe
Token: SeShutdownPrivilege	1984	chrome.exe
Token: SeCreatePagefilePrivilege	1984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
3844	msedge.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe
1984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3844 wrote to memory of 2084	3844	msedge.exe	79
PID 3844 wrote to memory of 2084	3844	msedge.exe	79
PID 3844 wrote to memory of 5772	3844	msedge.exe	80
PID 3844 wrote to memory of 5772	3844	msedge.exe	80
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 2508	3844	msedge.exe	81
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82
PID 3844 wrote to memory of 5272	3844	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://learn.microsoft.com/en-us/windows/win32/inputdev/virtual-key-codes
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b0,0x7fff0814f208,0x7fff0814f214,0x7fff0814f220
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1412,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=2064 /prefetch:11
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2032,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2456,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=2464 /prefetch:13
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4672,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:14
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4656,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:14
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:14
  2⤵
  PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
    cookie_exporter.exe --cookie-json=1128
    3⤵
    PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:14
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5712,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:14
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5932,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=4660,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6220,i,15717249795308788358,7257853733158511334,262144 --variations-seed-version --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x264,0x7fff0814f208,0x7fff0814f214,0x7fff0814f220
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:11
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3548,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:2
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2152,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:13
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4492,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:14
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4492,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=4516 /prefetch:14
    3⤵
    PID:992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:14
    3⤵
    PID:4176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4552,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=4672 /prefetch:14
    3⤵
    PID:5272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4652,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:14
    3⤵
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4932,i,8878699753559082013,4786881008984013121,262144 --variations-seed-version --mojo-platform-channel-handle=2860 /prefetch:10
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7096

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:564

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffee4a8dcf8,0x7ffee4a8dd04,0x7ffee4a8dd10
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1976,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2228,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2236 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2340 /prefetch:13
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4172,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3712 /prefetch:9
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4644,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4900,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5452 /prefetch:14
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5496,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3376,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4468,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3360,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4784,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4672,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4852,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4796,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3412,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5788,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5960 /prefetch:14
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5832,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3304 /prefetch:14
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5636,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3796 /prefetch:14
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5392,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=4316,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4228,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5760 /prefetch:12
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5756,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3588,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5928,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5988,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5520,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=5816,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4764,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3628 /prefetch:14
  2⤵
  - Modifies registry class
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5864,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4668 /prefetch:14
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5964,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5880,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5876,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=4980,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=5984,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=4700,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=4956,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4968,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5860 /prefetch:14
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4740,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6208 /prefetch:14
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3584,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4660 /prefetch:14
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3440,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5448 /prefetch:14
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3564,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6232 /prefetch:14
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=5944,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6184 /prefetch:9
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6112,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6084,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6616,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6744,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=6780,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=7056,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7232,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7400,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=7616,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=7724,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7876,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=8012,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8152,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=8332,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8384 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8532,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=8688,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8372 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=8356,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8824 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8992,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=9144,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9276,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9304 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=9428,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9452 /prefetch:1
  2⤵
  PID:6180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=9416,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9604 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=9740,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9772 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=7600,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=7708,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=8976,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --field-trial-handle=8928,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9112 /prefetch:1
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=8888,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=9996 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=8936,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=10160 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=10532,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:6632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=7664,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=10412 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=7692,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:6480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5996,i,12924647939782258268,386703053569264211,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4704 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5832

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D4
1⤵
PID:1856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2bab9d44-f0b1-41ba-b233-3c318a706993.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
53b863cbd5cfa73053580773a4839fd7

SHA1
fbee70ace5b2de2b23854f6ecc20382083585d9e

SHA256
85591cab8ddcb3739046ddae30a6c31f27f525fe91c47e259ef1a80832135b93

SHA512
a1590c71bdff11d7543180742a957aed8796184f1e37ac2e5290d37b244490610bc57de025f0d6814d7f676e8e18936bbfc18a3cea472219beae85d05140eaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
32KB

MD5
b582b2eca79a750948dbb3777aeaaadb

SHA1
bf0ea1c8a7b4a55779cbb3df1f1d75cc19910e9f

SHA256
04c7f19e1ae294cc641f6c497653b5c13c41b258559f5f05b790032ccca16c82

SHA512
35cfd88afe4e4e8091d3a5c53f0f3e2dcd92aa58b7544b94d4d9d7cdf508d429c5292aa97b813c9c8ad18e4d121d4e6595c49f5ddafbeab7b39f3a7c9d0b58dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
66KB

MD5
33411bb179575dfc40cc62c61899664f

SHA1
d03c06d5893d632e1a7f826a6ffd9768ba885e11

SHA256
274befc7b39609fed270e69335bc92b3d8251545594636eb408d5d93e0ae1a4f

SHA512
dc830766c928ac84df16d094fc92586b9c2c25f819123dc9b5ec259220b4b1c45e2af28c89a710f047c00c9dcf7df8dd859a9a7a2d2228703f616df13caef2c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000049

Filesize
70KB

MD5
72555c2adfd253c473b83dd42144c98e

SHA1
a33a792b9b56a2bdafb333683d5ec2b8ee7a6b8b

SHA256
816531ff8bfbcb60e7547e84869db6a128948f7f072befde4b9a2c13b23324c9

SHA512
09ea73cfd0006e47de7e242ab3eb24d80d4a8c87c2c7f732ca8a846d38fe8610a9fa27f2c36b3419c8d4912a738eb03722fac457fb6f60decfb6eb3e113b2fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
88KB

MD5
6d578e9a9a00ccd5f5d7bc56f6348831

SHA1
e436a132934840fc66675f12ae9a2d3f1e8da275

SHA256
109ede08c0b1ec14b741b21dd682cee18965d2acec83b5edc6f1abf70a42f4ae

SHA512
d1c05e40914451db144892070465fca2c4513789efe836c214d8bfc4fbbc2dcd092e3a75855d553c953db3945caf41f3d77cc0a8bf200a6e9800b47e38866045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG

Filesize
351B

MD5
479baf2a3dd0ad1b14480ad23b4e1242

SHA1
474c3360367268aed083e53b3b7912303f61cd57

SHA256
af2b14fece5b058df56fad4868f11591488139b4f277bdc3e787114504862ded

SHA512
2b1828475e3a24b57e66536fb99ed6591aee53f6c25abd63a67c54465727c0bbbce7ff75e034bd057ca05f490f5f629da535a9a0b3a0b7464e453b6e525cd51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
83f515f45fb434c4a018dbbf2b368698

SHA1
3e53ba868da39f2b6c4ae94ea80b32216eedc8fb

SHA256
93345b3e3c0b6040c2402c6e0b84e9562bcd7b83fffa69cfc8039c6c82fb24e2

SHA512
e353f1290bf067ec3e00302b2c31923390df92226b8db01b76dd984efd9fce942f8cec76bbc7c7dfe4d1ea60adb24b7390f5ef779c84b0110e71e77774b75a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
9463dd84c8a2b6373d0a143df4301991

SHA1
6e4634ded4b9e986995f53bf69070bd73ca2737a

SHA256
b752ec46c8d66f24039ab0327efe8a3c828a0468c17076fcf60b4bb48a7b8f66

SHA512
6fd64f8f1fd5961fb3b90f4ace24960fe4b0a594da8ad516dd43da0c9443ad098d833b91583e16010ee86b53859c09d1f1f237d185edb81cff59a0cc72b825cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7da952db65e03c83e402d3e312b106ad

SHA1
f3b989d73d7037edf1bfa23d8a8a882522fca88a

SHA256
5910ff012e7440fbe8e164b032556f2bf288e647c5857ec3a1dbbd4f4bc6afdd

SHA512
4c2c7d16551044cfb138ce0080e0ee78d1a22c2735dce02198c2498476e0553fea0549e9672316e917eb298c5fb27f8ae3adfc14f274b8ebeb538993ea022ce8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
566a4dc793ba6b50ebc7dd23d326efff

SHA1
97ae42b20a69c41d10318c7730e712a86477615f

SHA256
a030e41f497e9f47f26eca4299abd07fa1ee735bffa9e93d40c13bc8dd7b4496

SHA512
2f4f0b7e80c2917615803b44b8ac06b08092801f2b1ea22ef4cf239309c6b496958468efe087482c02a637895e368b7343818e507dba6826f4bb3e53a0a1d58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
26ec01faf4c3cb7781769d6882ccf898

SHA1
e41b232440c66f80a6e974f735f8ad834c58f132

SHA256
b963e24aa7ab97d51d8d98af7c842979a8340b077d242dd460c32e75bbbb53e9

SHA512
371b43e77ae4a169a0723bdec02d999861b25755d6e0a600a3b73288441f4d07b6e855856d2716f406e935689d356d5d0305b11c2c4509dd7f6713eeb218d486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
aa6cb1b43b83a191975fbf17945d0545

SHA1
3ac4c9b4818c0af6d06656340aac7e372bab8351

SHA256
9f5452aeceffd6253d16418df0b650d27f36bbb0f457889ac4da7aaed94eed07

SHA512
ad016cc987094dfa4a328fc592034d83fbf577f144afd67359b37c148d7bc9f1fdbd5cf61d93ad2b432907508c66e708d91333a6d6d594087bfbbec80cccc140

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
385266aab08c3fe291be8664618a1459

SHA1
ed48fa0bc4a479265999c9a0944fcda57fe65660

SHA256
958973c31de0957a96ed8f087fd59c46f898183205379875c0e34b549354dedd

SHA512
d5f6449704cad9d2b9a7a57bfa56c8960fe0ddadffd594dd665ab3b19d7e43e7f89acca9990440e07f258b0fbc38bc6fe88c9e4b8c21db46a849bc5011b56d70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
26fb85d734012be8eab585e686b565d9

SHA1
b0ff8e52aec171df5d17faff5e8a5c4358c371bf

SHA256
e4e7a51bbe1645a91d6cada47f6d9f474ed43258387a2e62e4b24be6602777e9

SHA512
d1b17ebd6a98d1303723f1613ec2fb60c76fdd992290f370f8a7bcaf23f555e548d2e1a0b44a153ee50b29c4f442dd99b687163d9acbd120ff156e704040ed8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06a59b8327733259461d5b3cadd9d1b5

SHA1
b1ec6e94a4dc46f0414d209d96f9ff7744587cf9

SHA256
445e312a0b73e73ea557ae38751fe55af4518cfd05b6e8365732716c7635d138

SHA512
9f4f6ed61e618dadd80212c1454b323853acc615eb4b934dbfbadb6be7ab1f772df202958fcb5ad6f908072400b8979dcc8c468e4003b14a02e78da7e214ee69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
52830be0673225b811ea31b7aa1c7672

SHA1
bb0cce843815ab1c39e4b01dc1e7431bbf3312c5

SHA256
26ffdd5df54b3d7b05065a8dc0a52f057dfc49c2e16824dd18b35138515c488c

SHA512
0e480ab145da6024a6b713e232bdbfd607382c8d1eaefa3c01f1687a749d52d8007eda162ee1f0e81796a58ff9bde403dea313730883e43f95dfdb3dfdd80cb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a32276fe23a4f8f08984e368a153c91a

SHA1
89944d5e7bc0317dff5e04af601faf6b14d1e18f

SHA256
35c0c96131bb216952e96aa7d33b25a7bbed36a6deba2a9202a511ac6f857057

SHA512
6b07f05ae46583dccb78b62de64abead30a7e457e5886a8d2c0b783b810a319658c5ae051eb48b15ac3a6cf98395ce9ee18a5828fa3469e43d8e74fd26d72e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b58b1ef9194348365214b511dac7594c

SHA1
82ca6c32408c1706ceb733695dae1550376781cd

SHA256
6956b01b5c6863a116badc25840440a6d4a762961c8e77bb7339f06340ddf4fc

SHA512
ecf3cab4e3bb07cb5c16071a938aa1cc19af9997212518a10864bd4d883ed2a40562def389bfbe76166fc8d7014553538c81e12750cd6fbfdaf3af25bca12831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f6d6117c0cd1b06e657b85b39df90186

SHA1
21e53010aab16a3dc633cbd3da481c87d834e0c3

SHA256
f31cb6d11c5a7019324137b96d1f84ded5bcb498cc9dd1f28191b05f42fcc3a4

SHA512
ec0d63f42b7903ca410c20a801ed79158048999fe5fb5bef615a04a22274e4648c7ee4d43b6c976edbba13176b84b09aee258a196ba8b30fe82a91607878618f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a7192b3a-26d4-46eb-a470-8b468e74c630\index-dir\the-real-index

Filesize
2KB

MD5
3d39b3893117e98f3cd32176ba49e2ab

SHA1
f1faa290dcd7a01f9982ef51ea233d228f084ea7

SHA256
0b7c9cfa89547c3eeeac080ca075ce4da45048b69524be0a9561259dc52bff8d

SHA512
c31a59bd9b833fa84845775467df8d94abea817f07de87d6a8c6bcb4d409d91e889e77760919e647458b2b6ffd7734f47a0dd4f812993c8fa1c5b76456ff1ca0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a7192b3a-26d4-46eb-a470-8b468e74c630\index-dir\the-real-index~RFe59095d.TMP

Filesize
48B

MD5
ec9e71cc0ae573ffd590c996ad90511e

SHA1
a64d52ddf0b29580e74249e923cd233821db70cd

SHA256
7ccef0e2662b57e561c43c752deccf20b5ac7fb074d6c097abc1f2fc560d5962

SHA512
f2b2f3a6699bb2930489b791a616d77bce8fdb2620f6edb81d5ad845e66c0f7136bc1eab3cf705a3446f55a690443282caf9d590198d8fc29dfd5f270c4266ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
7dfa02fdb1670983f15356202d3a8d55

SHA1
0d6a4f7910c0c28b755056ec31912a031fe403d0

SHA256
34736c733275b0e0e5d0c34fbab51fa00a541bb711b30a6ff99016c08f9e1b12

SHA512
e80c330da60a6969e7761a9414c64746a503c44bfe7f48ba72b0ff61d7d78bba1cc4a66c1fc633a03e5a773c692e95aa111b7c8cf06353aab51e2656674152bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
cb84ae785660089545ef2c3dc32c4890

SHA1
ce15f88503ee2571f13d9ff98568e9a3f94e9d2a

SHA256
f42839c039d1d6a71045ec278d17afd16761523fbefdc15b38d6990a5c04e5cc

SHA512
e669091479bd388771922256e4475d1022f8e83106c91d5f4fb4904f76c3dc1f09e1cd1d209ffd02de504492d4874d0a886034bf31f8d8c69b02f0d58a00a845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
8837d890eda1361f0e0181509613127d

SHA1
f87011aade0bd5523e29695015ea67d09560ad10

SHA256
8d138147112e7765668888aafb2956d1dc7dc4d86f856cdf668db1d3d05f2d78

SHA512
fe6a502552b672118d47ac727f54f7340cdc61954ec9b68a59128d6c9e3fbc0d8ea67923d07d7917e1913d8f2b4fc2d9d7701b5d2449a5d8557ea7266acefb3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58fce9.TMP

Filesize
119B

MD5
bfe236c256f0b858b286353075179da9

SHA1
90c1a5a6837d738d075108debc5c0a011f401b05

SHA256
3b2aff6852c749e839dab2d25e8bfa33b60a05329f442bf32ab729f0f0a7d207

SHA512
c174f37cb583117681a45139de115c86f2ebf4c6131a709347fc41605e1ee92d7c81ac4e12107e31f34d01c6fb9887c43efca0d7d3c3d26162dd8f4feeba431e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
337237e96a080225543d0775108e4353

SHA1
6618cf5b9f8f94086bc8563bc956447279fb215e

SHA256
75d97c1f4e47e566ea0f7cb4612e5f5fee295ae4dda344aa00f4eb1bf19bc595

SHA512
5d324e4592f5761a9704d773e856de98615101444ef41ad07fa27a54ae6507a22ed404d44d313cad8bec4a876f09b514826abfbdbad273d4b15c52f78ecb3ce0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
88b573d68b6e881e2025cc0e01a01656

SHA1
6188700dd4210e84086ada9ee79bc68b153c72c1

SHA256
17e00f4ef134a7a34a67cb9f1374c8c496d0d9b25d6f179ea770785201e4bd18

SHA512
e528bfe8e7140c1cb7e3cd737f3e18cdc6c1d0d036d4b057a629bacbec91c80ad3d70f8ed60e2c8d0709cd5a734e23ebd5f88da4a98979bda839ac726ad9bff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3fdca2fa451466fec57159212ad3794b

SHA1
d572bc366f16d0e2d24178d980e505b12bf5e88f

SHA256
2d2a8e31f7d7369ab3e952f91f02aff91feb2111b138c4a51c3bd8b57e371ed2

SHA512
d4ef8309fccd3219c1fccfd5cfc96335437c8fc6ddfdaa39343da6c2af496ee6b422b24a143e8fe3dbf5c8c1eb5be20d6b2395f982ed5fbd6dd6b849c42b1e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587c11.TMP

Filesize
48B

MD5
ed01c9cf0645d455f7a4d60db2f5c388

SHA1
7634014c60cfe6a0c138bd58c34b3965bd35d081

SHA256
41482aedb1021f0d5271f6cfc03fc59130386011d70b5a2e395f86e11942c0ab

SHA512
e075b80bd551122575aa3762653a38f7ce062127b1ad65b9d28f1515278d11a998fd054fa75798961a04829348f44d2ea183fd74475fa464b55fa2ea142a0964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
392a5796ff99b9ad52cde1e8e823724f

SHA1
510dc4b3d8279a8d3b6f02b391a68545081fe832

SHA256
b13b1173893bef99b127c3ca0f21b64f9aa62279a7514ddb51dbf4dca5892fcd

SHA512
49df20c4f253c2898bb4dec8cb057d9b97ac35981f865b7486d3d1baf4aeb6bd35800dfd44ed59959d2b8f658ce004f47c5e0ac3b49e71e93b8622b2992b929b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
191KB

MD5
f3c4396c80378250c8a1a96caf4755ec

SHA1
3a4cce357219f191b90c5da4fa37127d901d56ad

SHA256
ab7a1dc2b8d8ab474ccc82c22607a4d88cd0e5e0d8aa4ddf10a01de1e0f991e8

SHA512
d8f10e8bbfdb4fc491b270a0d203169a1c7b585474b0eaa91d96cd37e345b89626789375b1d3bfd9eab7f8a32a058c89007ed5622e9e01780e3006ce389107da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c98c1ecbd0091ae484be064de7181c0c

SHA1
b3c2a643bc230ac102f8e808720ef676dfb36595

SHA256
17b936a6d74f8b55163d59ddc71d006e089292384157beef6635855743298d55

SHA512
625d08f57d4d436837425575e1ac5d2bc2e5612700ffa8aaffe925dd062b685a6683304581bb288fa1dcfed4d3788f7add1ae72793c888b00faeeaca2272d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
18df6400dac30f2c5b0184fc72de45e2

SHA1
3d097aebfa9a97be849e0b7e5b1f66adefd086d2

SHA256
9fe0413be6b5f3802b131f76f32875046560fbddc05118bfcf69845ddc3551a4

SHA512
ad69664d05194d7c7c478a487a8a5d386b24c25dc50c45a81e1cfafd0341b9532ebb2d5b2014b6a4c5502a8013f6c4b81c9fe8a9d4a80e7f52875f6cb1d2934a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
cb600adc06672eb71f0e518f543e3920

SHA1
98f0b357a524d1a47aa74e29563ebb5501ad6249

SHA256
7f84d398caf73906d0460a1f8e61771372de48aa2ed5282d2a6419c6d5663d57

SHA512
c4e803b87d8b2e9a2e0da1af9d0b8d27eacfcfff1f7a68372c52ca104b1b949d7ba585338087d922dcb4d4dac0f23258dbfe86e0b80eb54dad7351b06a9eda82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
308f1bf7dc2e94a1c744828a79cc15ec

SHA1
422e1d96e44ab0eef6ec2dcf4cd714e6ae6d8e07

SHA256
817ecba01353e8b28f41e5099c24eb21015586c91c3450bc18468be9f69f7373

SHA512
1f93f7bc8707edb9c5a9ca78a9cba92570d7b9ce27ce066cca705833b3f50070eea0fd1f412250911274298ea9aebd379fb1bf03322d0b07b2a97937e6f25c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
191KB

MD5
d2a9131bb979ed8b8f482d1a2385cb85

SHA1
c6c8e7fa5679ca9670854707607ecad32838880a

SHA256
083f60e702733de04b3960eb3295abb81e51fd18cc01dcd17d4d28dc7d5774aa

SHA512
a3222c1c3f7c4546c98fa8a5259cfb9d10e9ab11a96521ee7f54769e0cb7fdcdb3358720fd65df6703314196096d0300c5b4de5f5dfa6eb497a04da9a2cd4725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
38623c06e100113cf825efa6a44b2386

SHA1
479d8e0c6d7d10c05203a37707a6249d2537a9ed

SHA256
624eaf606d0845d9ef3f81652f29a5b8489b6543deb1e4fd4903c415238ee9d9

SHA512
452d7012b949688cabc6afbf4badfe9d02c090f30c06557f7f87b606cd716cda97771136964935eaa4d1668303889011f75ff599a79a6837c285ef84ebc2c8e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8272581d8cb38484cc8cb6afbdd0d37e

SHA1
2baa96a0439003aabaad1ce5619ea0a581cf261a

SHA256
025356bf819ea8a5da44ac2c4510bc380a9448247a30665577430ca7a44ca297

SHA512
60574186c595b0018d9223afd38e59378b1b00ef4f39be17ef2d7613cdac5b8f9e6dc3f2efefd559a0e4e8d64884d6ea155e874df13f170bb6dfbb41a0104959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
2122d829ad758ee688accf86df83b3ba

SHA1
01b7820b236f919018ec37a7bfd870801b420961

SHA256
46d5978050fd5386bf14c26ec249ae261f87aeb50fb577ae3f45481df42f6561

SHA512
491384836a07ddf75e96b80cbd41bf9acdd60c97792b361391d113234854c0fec269ad380c5dbacb2fdc7b539395409dc2ad1742f8d8dc953f70b3305d375f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
df02e952a8b4895e4bf87eef0abff772

SHA1
6e20e9f496694bc2c15592e86e11c3607641e5d4

SHA256
2444fd77b229707f34eb1a8ef39e39db7620be6b257b8d7d324eb62317c121d4

SHA512
5047b6caa579a4a4bb88adfea28953b64cefadbcb1e618c921f5ad8fef976efd5e5e47a32521f191ed4a879734720ac927887077f0fb4499836efa34844571ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
cad44893b725da64be8642e4b4d801c8

SHA1
a2db1ffb371544d499ffee0d37a185d13333905b

SHA256
ced514b8faee601fbc8a03e38a94a79857ffe369a0f610cf0410fb84206c7e96

SHA512
793a34928d825d57eafe4853c60a60c6766c4d081ee091b69e2f5acf93f8167065d186a8b4c2dad5a5374a06c6ab46f38c687a71d86ce1acb1bebdbc173ac88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
9a375399b7a95d2053dfdd20b08049ef

SHA1
a097bf348164da204c35e9648a99ea6e4310d585

SHA256
a799b1836745304091ae3010eb77dda0c9c1c58a242f73692b4db596bf46ffe6

SHA512
c373cfbbf9503411cf54ad361a9c25bfb07d0a314c7264a55d2f467f59302293832643b84651880c7c97beee6489f59ef566abc78f78b40c7baa09ca3af244af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e721b4fcbff624e57ebee7bad846bd45

SHA1
b9fd0676aa86a6196af25e9faadebcc7629b2bcf

SHA256
09d34fafef9d267dd3c7ad1e320c68380e9d6e5d271b759bde53ab09adc1f664

SHA512
1eb29e5d43b6f4b263c2c673c5f1049ed4b210073fea64f43694e90d47657b77b5c5cae41bd92453676d63b4ef101746c7d03a1f4ffcf8d83f979bf6cdbd4f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
346B

MD5
15d00dfe9ee1b26d556e08e667b4dafc

SHA1
e10d3f365ca866c6f67a236060961bacaec1be5e

SHA256
9717c1c85e37647910a862e65ab48ea4ca95be22872a7728e16cfe1740e6a30a

SHA512
551b244fd5f363a16388266a224be22f387581f6950bfb10032180f032087dc3bf57f582144d6239f7eaf10ba32fb270531918826afd3ad6ff9db639b7bff099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
c52238d665e7dd8567acc1b7a7b89b06

SHA1
19eb8d33865ba56393af5a4b143e41c8a86f92db

SHA256
7c58c07b93bafd63cc37a4f37b4225b007657140cdd629f88a7b52b356955242

SHA512
fdbff86473bbe1d2510192271ea205f95faa6719223b69cac2e1b134bd41d813e9d3f65880a29201f4820f6299d09ecf8f9817d58287b5f4fce8b08446df4f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
48a9ae8e65deb4f986f992d9f154e2ee

SHA1
ea08d537db9f6401caa150e9785b44f32c61e45f

SHA256
f4b31f98cdac3528412808faa87b7308c06b4a2052cb0412810c25cb4fd7289b

SHA512
10eeeb89fcb453f8582c88502d7fcfbe80336587ef5aee614f31c7b6d328f39f976d690ca7ca4a091c53c57107a7be6224dc96eecf24d09236b85ef01768a19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
f9732759b91045b721aad41f27b4b673

SHA1
1629024a67f4006c3370674ec74b7fb7ed8cdc00

SHA256
58a93fa7170849b031a179da2af6fb73a6735446a7892e0d931d1855d8903132

SHA512
e6fa95a931698e9fc1f190dd7e381b1450379eb4f9bb279bf47cd8d32edcf6553c5a4c453d4679074f3834a977f158834a5f98bd40b56ba903442fd7e8362659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
6fa4f43b11c99faa2c1457085f6ed8b3

SHA1
2a0cdd4c08c1347841057315a783947b4f6ea2b8

SHA256
bf023ef2609221da9e85fc3808fd066a0efbf505ec11946b0b86618ac2b1e6a2

SHA512
57bbb67d912fe405d3d756397870abf66b3295558bded16f5e7a0b40186fec489e4cf4045b0edcf78437b7bc0c77e6e1709b0a6a3432a48509c0275db0e2fb38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
660b3cb763971003681971918542d2c0

SHA1
9dc34e9dd52c0b83e47a59d3d94a0ff38ca62ba9

SHA256
4e0267f0efe9a513bc21b00bf072e5b6418b2807c9d6f2156903299f90771637

SHA512
4d3d0e02dcf1fff1712ca4a1c2258273b8bc3d40fa8da70830907f2095dbf5921c2e9917a548671a83b462e540b137dad88f5caa02878045745bd5ba0cf62b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
fe11ad906b39fbb59d77e375a28944ae

SHA1
eee8cb80c4f2592f7176f8b964a10f6509f66b77

SHA256
b48726f7cf9bacca3609319e5d791ba4a826e2ad699bdff2199726e2a2f7ab2d

SHA512
a0782a76d413fe292fedb3c47d7989c6596ac0d3c21a74b2eb42030078642443e0838227d64e897a123efa4613072c0049fe4c53258ab87d8e5c9a3b304a0945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e6513f7e1d847586446685e6962549e7

SHA1
d25e7269e5f52803f20f95db381d3827ee9bacff

SHA256
8a80f07984ba7ef246f81fe76c722b11aad3e74d6b419ab597eeba1169b41619

SHA512
bea9fd221a11c5188a45fda28955c88cef69d92d33cb9f8b829f503a16eece132ba670c7c3dd6f105e8f9bc4193a1e8f6e57933f090957fc2064fe8935058023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
69d72b11936419a8bddeaa3ba9bac5b4

SHA1
bb0e691cf04a376f11ea30d2f666c9f9850c0f9b

SHA256
2849d9f541628547ca26e6bd58b857237cb2fb4179c60b7ed9a903da0eb57221

SHA512
b8bdb817afba410593ddb50dee4f3a9427a4922bc24832dba8f3a06f167eb8b439843f7865e58881472799dce5d78794899dd24d461c764727246559cf2d892b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
2a3a3397f8cc0000a8648d127cd1e397

SHA1
6aded3d8db6b470cb5b7438ea3449cdebf3fdbd7

SHA256
ae71924e29a8d15510778c5bf1eca7dd0e4a190e72f5ebfa1c7a4fbbbe2fc55f

SHA512
5a02b328348e0363beda306b2c1fab36914c475d165a66c411f077810424f5ab75dbf6d1d838d48483f6179659aa67f85fd48fa75d95448e6c3c03cbc95079cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
c7f32b6c17f1f8c4afbb2ee8a2d53ed4

SHA1
41df1061f633476e8d1608a9eaa0624dccd0768b

SHA256
1e35097746d68c6335e7c18958e7b611810db03d3c53e849d66735463ec4e465

SHA512
5a2731f69833659682e6cdd25f1cfe29befe9df666fb3bfb1a8cde3de29612b017ecf27bd29eb6fb9f51ca0e74fb2f2971f2187d71f0bb0f66fffb789b076ea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
a9fa2103e9a1a13bc1521b3bffb2abfd

SHA1
13fdc7da417afb4d88103968cf3068840b0cd53e

SHA256
daf0d0d84a6b375fb9b84e3dd73dd9b346d9f9253378c16e3cbff5a53b70b9d7

SHA512
2a7b69e7efe011cb381f131a64b29e5dad5a144d33df1e68fc3c0404a8bb6a9aabe64dcd01ed25ca9fce68194375fe75fed420160798b40768cd87239776b126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
374158adc4fb8e37083333263b17902f

SHA1
c51cb1fb3c964277caffe341fa8b32844a139dbf

SHA256
ffe76b589969944d618dad35cc738399b194176c85bd0037b927b789a536e9d7

SHA512
fe8a94887ec760239cfe332ae32eb13f15b108ff6f66ed96e62792d3d5f8c4095a2aaa203717f5154dc1add0f5156ece26c52e9fd1557bbd62c7c42271e2b5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
f1ed6c77e3e5c3737273123f2857363b

SHA1
4de7d7e4f55d6991b0faa2d561c27da594451bc3

SHA256
4f8964dc3ae9e90a28142bceaeef66993124dd3a4e7b7d17dd18d6dd574f62de

SHA512
82e1acbee04ad839d7e6775ee29ed21eaca48de27b09992f8ee743ab997b37c6d5d6928f1e396c68100e246a7900fe14180241afae90b51d63e3858ebcf7d52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
deea7c8d3a82788f55f1a66c60bb5af9

SHA1
5f3dd10d8901c94c869308c38a1c08389f78f048

SHA256
68d25b2a4091c2bc4c6777f5025e42e46efbebbf3889c7e344f25d57c3e06c6b

SHA512
1689f32567ec5c944626301abecc1d5826b1d0ba149527468461e3040da3e650147d232b3c933d6ac1a49d9c1e16b690049f401c29236ebbbb3a595b6a1e8161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
2KB

MD5
2b70c8c652c52a844202f7c3d42fa7b2

SHA1
5b15b29644860b69d0f873208e70bd2e5dd3f5af

SHA256
ca86c966d29b0f33fd64d468f7d4894ac06b57e8f24314aab8434a7f08a37ead

SHA512
ad706bfa1fae04c0a2b8c07ae0e445834664429cb4c35121adbbbd6697c40269d86a77242a2c32a5adb7a1f1e0c0de2eca23ef27584a8bb9ee8276b40b0988fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
9ad720dbde47279791e9eb24f3bae589

SHA1
1cabbcff86b50eb02df144002b72aaca42ab3160

SHA256
0b3f009ad3844fdd93fc7bed7f20353d12bbd64b66fc72e8b5a7c9679e55891e

SHA512
11242b166c1251a8df11b0fdde6bfca48ce41d7809fbf6362152c6c299eb619a6932102cd8fb2e9c68123cdcbd2ab2d2925e5fc01e3cd0f727c81259518813e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
c52e9d27a858b70c67a2be98a3d255ee

SHA1
4bb23822a34a756d6d306d8c88bf1eacaaca6fe1

SHA256
a852cf7abf6b1db162d26c91be69706d433a874130136268eb093232aa3f247f

SHA512
22966726ef2b4dde445526e0481288492bf4885fba74aa3c57ce9d049d7c263e76da20282443d31be689249ce3e382356b12ec26df7398c4343c9fc9f06b19ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
e65a855733bb0a762f97a6c33337c04c

SHA1
b129044be82adebe4a5483fbfe46ed06dcb98fd3

SHA256
bff8b29b6628f3d9b87e68c62cd6f4e5fec469c68ba6415e17b31b7934826315

SHA512
d84290d753afb245928c5ffd9a893633582b90d1e0519ff070d3d5e6b91ce350ac88bab2a5e512c370a95891d63f5e6ab3cb90c8aabf49ac354c6c80128702f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
cb20539a7fb718dcca1949ec2f6ee81b

SHA1
e9f1bfeda2cded167afdb363ac7fe86a8d24faaa

SHA256
5c38b2bc5d459adc93e906133b5c7bbf00a71c6096e9f09f1e1203c3c947549f

SHA512
2380c0d81bc906399ceecfe058c45e96d8ab63508b288ee202d694d97fb632960b188aeda17944fbe9478ae36011a360fc2117d7d0f09bda3919b14faa87ccca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
433B

MD5
4f209f9250ab5ef3035eb8ddaa6bd66c

SHA1
f585c3d917c59497e7259d07f3cf574375a28596

SHA256
64d47b73ed78735914f7d53cba81a2776d0c1e431ca6aa5ffd15f7c28d502797

SHA512
e478fde08919c4662d2f2cf7d44e339a9f551295712abc78d0f135c2df90f77d11da0252196ea5ac4cc81b870464c722a909d50c124dcfc3d7408d1df81f01a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
2898879acd4ba293f5cecea20ff40a55

SHA1
258255e78184c649912d4800f7dbaea62d97791e

SHA256
c7df8c81abfc7bda8011e217eaf9ec6f5a93075f6b5c128f562d0919530b2300

SHA512
7853c21afcc5b34ab6dc1d52a24eeff2e7051ee2226eeec2689cdbdb1bc82d232777fbf7787555951dc9a0240fe52d7d7fb47388055f7e04cc58985a3828bcfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
e6289789edfec8658ac0c6e184ff7bf5

SHA1
b4c8507e8f789fa36d9b21395602ab355a360bb4

SHA256
80eee95d383d4eb7f158f7cf67052c52ad8fe1529df0530597a2221b65a67f50

SHA512
102ecf0f1b1686fee2ed09298401762c8a4b2064592b2bcfa76171b7a5303e94376a08ce30dc0319c78c7f34a5565f8be228504cd91fb240edf441795dce96dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
21ee9e1a4ed0470d6ecb8d0a0c3db292

SHA1
0eef6fbf3322315d12699cf7af4004c5db09ab66

SHA256
8e54315cf8dabe7ab534e238174a57ed765ef114571b3b3009742697914d3a7a

SHA512
8766b8e88770bfb470d183b08ab7ef095dfdf0efaf9c331101f0e7ab9b14a843a5db6bba417b58a733c9545aee5176abe9804974e73f79b965f39e41aa842208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
8000f34a4109c8002e37d34054e2040b

SHA1
8d519a90f77f0aeaa80ea4bf538c3ec5488a608f

SHA256
6c085b7a7f776c053afbf502e8ea74e71e43c58cee0a8a51871b4b72d99abf4c

SHA512
9a9052d4336cb316f7447ef1d1ca29446f6c35e6cffbf52a64983efd81f7b5ca7726c2774953de2f81c3c092d4e421d83f135292a327d418f354357a178ac135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
129f112e532ae4755c82c7eb46e34fce

SHA1
c78b3c1ff01cc19ddc1330b94fe6d68b83167d34

SHA256
7a413a189dc16a915379a5d8c5201083379b93d3b51f2556ca9c824f8b2a620d

SHA512
976b19e02c95e61394a3440d38b12c568931fa6ac27a3443eefe0ca12005f48b7b46e954e69cbc271fb94b31de1f3745b50497414149d8db0f1667159c57b3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
d8f26f2ade2d541e711a09b6495f125f

SHA1
8a15d456588a9aa63a2fd25904ffdb4ec2e94185

SHA256
340d4d22025ac9644e3bd13a3b2a43412b84bcc66b63872d5acf490cc136498a

SHA512
8bdc4c8ef73cc0cb2144b33930b81e2a7350e1fe044904172402c30fe8b7c9e30de67f7c61d0f98f52f81427387fc89a88bb6f26d3b788223013c044c4c55fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
c65221f0f58e2f8943bcec91f35f6e17

SHA1
d69c004d03e15f1d078bf51ccec7169fb7b35c51

SHA256
8e2cfbc8f85d354ebdb9606309815fc06b5faa0c846390fdeab6b0f7c4e35cee

SHA512
7139490153d04821fb2032dbfc3b9c474784291d8fb1930d8fb2607654b3e6d7949fa73310eebb2f8405da7f61fb7af517ffab401591649058d78f0b4bc6d0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
87d1a6b2880657c77c11c381b1fe0776

SHA1
486b5ba14c65973ba7324eec240948d72356b9b9

SHA256
ae7cd041172e2187a8662f6b3254fa8f52ff70ca9b5241a77f78dd52c00f4846

SHA512
6eb2f48895c2ebe29d956b1c50811fa5e9e255e8907773344d37d8358f6858237452b926706aeb7066bade2b4817cfe0975b14610f8390a79768f71172f6d18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
d72a25accf9696dffa60e4b759ff7228

SHA1
0e5198a2a4256f78340bab734e2f3fc72485a1a4

SHA256
340ed2dfbf940676fb62d4be2bba85ddbc58dfee508e7ceb8b5cff92bafda8c0

SHA512
1a52e0916bcc79264b174a448e13a521de8c9273f8d7f771c62f68d73ae1df701df5e94806b1177be493153ae7710a73be3c971a76a4c960ce4d4f8e5641da38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b7606e6bb210d086af5fc458e7a8b8f1

SHA1
1484718b3c36c1ac4be2df7bfd8b06b4a27f64e7

SHA256
058edf7d44dbd6c74d853732a11139ae568681d1bf964c48b43f83df58e17bf0

SHA512
c89083bc77b3eae9c10d954705c2ab2db1c677b2b6be43be372700430723f6cfd7ba3335aa2fcf6dde6b669e6fe08022d391ed91700ce424aca51eade590a8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db

Filesize
68KB

MD5
c485b2f56d3cd9104905a14de0e6f3ed

SHA1
011c8a86414ef18a36d5501534fd2cad5ae63011

SHA256
7f456393457a1aa02eddc37069d74a0a9e19062086a66333763c8127177c5c9c

SHA512
7347e4ccf623cc2f3bc05cfe15906e212bd2a1631dbef1cad20dcd8179b7d0184b1f6332116ee9b42f75ebfcdc36aa2dcfcb210c1a31bbcd5bd50a2c1db55498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db-journal

Filesize
512B

MD5
214d915ecee1a0e3b1b1cd5336f606c2

SHA1
12665a809438c580e572a20b1600377697dee796

SHA256
5a33a09fceb7b49c93fff3b764c15d8d5b54f8762619d0ac99e2ff3d9122c2db

SHA512
b42c6d546210dd2cf3d6423e21cc40a7c548aef6c496498f95af1b3a639c36d3101ec322da4a9c33093f5ae2f5f883213ae04d2ec01e72537736f90d533442d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
6d20d3dc82d117af357cbd684807a1d9

SHA1
6e9b0c4fead428413768fb77f898769265bce595

SHA256
efd0fd5066aff7e65cc9a4cc08da452d3d5ca0b627deb58ca523a752f3a063ea

SHA512
76385929d2da55986d82fccf64a9f54a0255d8253b8a318a6477d17a355e0ab5f458801079519a0a88f95d153339a92cde0524dac8966e9a23757e38e3a1b65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1984_316349415\417678a4-5e24-4c10-81a3-f8f250d35f18.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
f244a256c35879a0d2883b6fb87c627a

SHA1
e4d8a6fc2f5faadd78db93c97c2728405f5e7547

SHA256
78346dc4c651f0f7ee8a25950f8b83a916454500521932865f0809c211c34eff

SHA512
f67e0574bd2d205da14e946ee60f1cf9b8667c510432a681f48c7533832828009d410c488ac6f07318f463647096968d30f791b14b0bf0143abff56a18ef3a98

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
a92184e8cbc18c5868a172a26ac5bf61

SHA1
a25660e20f77f4eb21462b0a657422b7a6d73793

SHA256
faf1b33e64ad45700a8456d6e207b633734c9440cef2d69b8ad6b604eb6999b5

SHA512
db6645412008e78f8a4c4f2a8bbdc6d2039ba638ed1c75713dbb8c049860f9b75528d71f03f04cd183d0360d87c1d6eb6c45e4d2807680de3273560b0bc10e40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
0d9c872875e9b8e9dfc20d8c25600397

SHA1
71ebc756d6d6fc0250997033a8fd11e4308d260a

SHA256
e1bd669af06e2f0ec95cb42141c69ba50c59f7cc35d7bf04e1e678824f67fd64

SHA512
aee135c4e2e1a62dd5973e9fef6fad0ee17af2d05ff09a1a94c34159793b5c0dab1377350e94901dd75f0201d1dad3632e98dc3f2b2e1c3e9b6817868b5bd7c2

Download Submit